Open rafipiccolo opened 1 year ago
Hi,
Thank you for the feedback 👍 .
i can see why you chose to scan and update containers since many users do that (i may be wrong, but they are mostly beginers i think),
Initially, I created this tool to scan
only.
I added update
capabilities in a second time to meet users expectations but it's not the primary goal of this tool.
In my opinion a better approach is to have a docker compose file per project / server and then you only need to update it and embrace the infra as code / infra as state which has a lot of benefits.
I agree with the target 👍
From my understanding, the main difference I see with your proposal would be to gather services to scan by reading files (e.g. compose files) instead of gathering them with the Docker API?
=> If so, that would be possible by implementing a 2nd watcher
type (in addition to the existing docker
watcher)
Some additional questions:
yes a new watcher makes sens.
yes my dockerfile and compose files update inplaces and i commit them to trigger deploys.
for exemple if i have this at the top of a dockerfile : FROM ubuntu or FROM ubuntu:latest or FROM ubuntu:latest@sha256:xxxxxxxxxxxxxxxxxx
my script rewrites it like this to make it updated and "fixed/immutable" : (tag+sha) FROM ubuntu:latest@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f
the same goes for images specified in compose files
i guess i could use a webhook to trigger the commit after what's up docker would have updated the tags
i created my own tool years ago, and i still use it. it basically scans all my dockerFiles and compose files and update the tag & sha of every found images so a "docker build" or a "docker compose up -d" or "docker stack deploy" effectively updates everything. Since the docker compose and dockerfile exist, i can also take the time to test them on a temporary server before deployment on production.
i can see why you chose to scan and update containers since many users do that (i may be wrong, but they are mostly begginers i think),
In my opinion a better approach is to have a docker compose file per project / server and then you only need to update it and embrace the infra as code / infra as state which has a lot of benefits.
is this something you could be interested in doing / supporting ?