Open sneak opened 4 years ago
Moving this to one-click apps repo as it's perhaps only related to regex validations of the tags which is totally one-click app specific.
I will test today to see if CR allows a definition file to support imagename@ syntax and try to fix it if not.
It does support that. You can try copy-pasting this:
{"schemaVersion":2,"imageName":"nginx@sha256:253ba3484dc13498c0a2ad9e236f144dcc8c74ec08a0bcead9b776fa8a29dffc"}
I'm trying to deploy Gitea. I don't like deploying by image tag because those can be silently updated by developers on Docker Hub, granting them remote execution on my machine under certain circumstances.
When deploying it via one-click apps, I am prompted for the gitea version to deploy. I entered
sha256:223c31793c1b486c3339cffc95e307b2094410f2fc0b0410c9488db828fe6b27
instead oflatest
. This failed during build.When deploying these via the docker CLI, one must do
docker run image@sha256:hash
instead ofdocker run image:tagname
.It seems to me that CapRover should detect when a specified version starts with a hash algorithm identifier (if even only recognizing the static string
sha256
for now, as is displayed on the Docker Hub website) and deploying appropriately based on image hash (cryptographically immutable) instead of tagname (developer mutable).