MahdiZerara
commented
7 months ago @nhhagen @arunpoudel should we try to opt for a similar versioning mechanism as in go-services-interfaces? Something like: v1.0.0-${GITHASH}
Open nhhagen opened 1 year ago
MahdiZerara
commented
7 months ago @nhhagen @arunpoudel should we try to opt for a similar versioning mechanism as in go-services-interfaces? Something like: v1.0.0-${GITHASH}
nhhagen
commented
7 months ago For stable versions we should not include the commit hash in the version. If we can use release-drafter to create releases and tag the images correct when we publish a release we should get the track record we need and at the same time be able to release images at a sustainable pace.
Our current tag scheme
gitc-${GITHASH}e.g.gitc-074217add42f811cc10ae667bb98e9dd0a772313is not compatible with Dependabot when used in combination with digests.When a
Dockerfileis defined like bellow Dependabot cannot find any updates for the images even if there are updates available.When updating the
Dockerfileto uselatestas the tag Dependabot is able to update the image.Here is an example of a working update:
Using
latestas the tag and the image digest as the only way of communicating the version of an image is not very human friendly and causes a poor developer experience.Ideally er should have a versioned tag that is both human friendly and allows Dependabot to update the image when using a digest as a part of the image reference.
Working example:
Find solution to generate a human friendly image tag that can be used in combination with an image digest that Dependabot can maintain. As a part of this we need to figure out what the image tag pattern should be, SemVer is an option.
Replaces: