Open lunik1 opened 2 years ago
This could either pin with pullImage
or the docker way with an image digest sha.
The prior could be used as a base image, whereas the latter aligns with
https://github.com/safe-waters/docker-lock, which might be usable for implementing this.
This being a Nix-centric project, I'd give preference to a pullImage
based solution.
This is an awesome idea! I would love to see it implemented
Currently, one advantage of using NixOS containers over DockerHub (or other image repository) is that NixOS containers can be more easily rolled back to a previous state (especially when using flakes). When pulling a from
latest
container tag, it becomes more difficult to trace what versions of images have been used and recreate the previous state of a project. Of course, you can pin to specific image versions, but this is less ergonomic. A solution could be that arion could track the current external image versions used in a lockfile, which could be automatically updated to point to the latest versions of an image tag, and, when managed with version control, allow easy rollbacks to previously used images.