search

hilbert / hilbert-docker-images

Application with a dynamic choice of docker containers to run
Apache License 2.0
22 stars 8 forks source link

Do not use latest tag to reference base images #54

Closed porst17 closed 6 years ago

porst17 commented 6 years ago

The FROM command in a Dockerfile should always reference a version tag and not latest. The meaning of latest changes over time and if you have an old version of an image on your machine that is also tagged with latest, derived images may just not build and run properly because the base layers contain unexpected outdated stuff.

This is also very important if we have to deliver updates and bug fixes in a production environment.

porst17 commented 6 years ago

This is also related to #4.

porst17 commented 6 years ago

The current automatic build on docker hub only builds two version of the images: master and devel. The Dockerfiles do not specify which tag should be used so a build hook is used to work around this.

It is trivial to properly manage dependencies between Dockerfiles by just adding the version tag in FROM. It looks like docker hub can automatically pick up git-tags as well and build and tag the corresponding images (but this has to be tested). In order to continue having separate a image for devel (master is not needed because it should always belong to a tag), the build hook could replace the version tags with a devel tag when the devel branch is build.

malex984 commented 6 years ago

Currently we use /images/*/hooks/build, which should automate building (both locally and on DockerHub).

In particular that script should replace lines like FROM hilbert/baseimagename (in corresponding Dockerfile) into FROM hilbert/baseimagename:SOMETAG, where SOMETAG has to be specified by the build system (i.e. due to target IMAGE_NAME).

It will not happen if one specify FROM image with an explicit tag.

malex984 commented 6 years ago

That means what when DockerHub builds hilbert/gui:SOMETAG it will (using our build hook) base it on top of hilbert/base:SOMETAG (since /gui is based on /base), where SOMETAG may be for example latest or devel or master or any version tag.

porst17 commented 6 years ago

So in theory, it should just work once automatic building for tags is configured on docker hub, right?

malex984 commented 6 years ago

for completeness here is the way to configure DockerHub to deal with git tags: https://stackoverflow.com/a/44796846