[Feature Request] Support watch update of specific docker image tag

bianjp commented 9 months ago

Background

Docker image tag is just an alias of image ID, and can be updated to refer to new image IDs.

Many docker images provide tags named by its major version (or major and minor version), so users can easily get future patch version update without updating their Dockerfile. Say nginx:1.24 for example, whenever a new patch version 1.24.x is released, the tag will be updated.

Tags are also occasionally updated to eliminate vulnerabilities.

Feature

I hope nvchecker can watch for updates of image tags on Docker Hub (like nginx:1.24, oraclelinux:8). Some private base images in our intranet depend on these public images and I want to keep them update-to-date and secure.

Nvchecker's container plugin can only watch for new tags and is not applicable.

Proposal

Add a container_tag plugin.

Available API to check tag update:

Docker Hub API: https://hub.docker.com/v2/repositories/library/nginx/tags
- Easy to use if we only support public images on hub.docker.com
Docker Registry HTTP API: /v2/<name>/manifests/<reference>
- ~~Unfortunately no image ID or update time is returned, so we have to use fsLayers to check whether tag is updated~~
- Update time is returned in history[0].v1Compatibility.created

lilydjwg commented 9 months ago

Maybe we can add this functionality to the existing container source? @yan12125, what do you think?

bianjp commented 9 months ago

Maybe we can add this functionality to the existing container source? @yan12125, what do you think?

@lilydjwg I have tried extending container source and it works. I'll make a pull request later.

lilydjwg / nvchecker