Can you provide a way for users to skip certain FROM lines?

[dougwig]

Is your feature request related to a problem? Please describe.

For some images, we have specific versions of parent images pinned, or use a variable to specify what image to use. Examples:

FROM my-registry.example.com/foo/bar/policy:37 # pinned FROM my-registry.example.com/foo/bar/my-base:$ITEST_IMAGE_TAG # passed in as variable

Describe the solution you'd like

In both of these cases, PRs are constantly generated, but never wanted. Python has a "# noqa" type comment that you can add at the end of a line to disable checks.

Can we add something similar to this, so that image owners can disable when they know the PR will never be useful? Example:

FROM my-registry.example.com/foo/bar/policy:37  # dfiu: no

Describe alternatives you've considered

Lots and lots of manual PR closing.

[afalko]

@dougwig : Thanks for writing this up! I think it is a valid feature. We would want to audit when this is used because images will no longer get security updates pushed to them. With this enabled.

I think this should be a low-hanging fruit to add. The magic that processes the FROM line is contained here: https://github.com/salesforce/dockerfile-image-update/blob/master/dockerfile-image-update/src/main/java/com/salesforce/dockerfileimageupdate/model/FromInstruction.java#L40

It should be a matter of scanning for dfui: no if # is found or something a long those lines. I'd probably pass in a config/flag to enable choosing the disablement string and making it an opt-in vs. default feature.

[rahulsurwade08]

Hey @afalko I would love to contribute to this issue under hacktoberfest. How can get started?

[afalko]

@RahulSurwade08 we actually implemented this already: See PR: https://github.com/salesforce/dockerfile-image-update/pull/332 . I'm going to close this issue because we forgot to do that.