search

ome / omero-web-docker

OMERO.web production docker image
https://hub.docker.com/r/openmicroscopy/omero-web/
BSD 2-Clause "Simplified" License
6 stars 19 forks source link

Bump centos from `dead07b` to `c73f515` #70

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps centos from dead07b to c73f515.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
joshmoore commented 2 years ago

Interestingly, this is the same image:

docker inspect centos:centos7.9.2009@sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407
[
    {
        "Id": "sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9",
        "RepoTags": [],
        "RepoDigests": [
            "centos@sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407",
            "centos@sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-09-15T18:20:23.99863383Z",
manics commented 2 years ago

It looks like a multi-arch manifest (useful if you ever want to also build an arm64 image): docker manifest inspect docker.io/library/centos@sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407

joshmoore commented 2 years ago

Thanks, @manics. But any idea why this bump occurred and not @JulianHn's in https://github.com/JulianHn/omero-server-docker/pull/3#issuecomment-1162180189?

JulianHn commented 2 years ago

Hey @joshmoore, my test image only has the amd64 arch probably, since I pushed from a amd64 machine.

JulianHn commented 2 years ago

I have created a test repository to check the behaviour of dependabot for this multi-architecture manifest setup: https://github.com/JulianHn/multiarch-test

I created a simple multiarchitecture Dockerfile (docker.io/julianhn/multiarch-test) with linux/amd64 and linux/arm64 images and inside my test git repo I created a simple Dockerfile that builds from this manifest.

I tested the following things:

  1. Create the original Dockerfile with a sha256 reference to the amd64 image --> Dependabot will open a PR (https://github.com/JulianHn/multiarch-test/pull/1) to "upgrade" from the sha256 of the single-arch image to the sha256 of the multiarch manifest. When running docker build, it will automatically pull the amd64 image, as I'm testing on an AMD64 machine. ✔️
  2. Push a modified manifest to the same docker.io/julianhn/multiarch-test:1.0 tag --> Dependabot will open a PR (https://github.com/JulianHn/multiarch-test/pull/2) to update the sha256 reference to the new manifest sha256. docker build will now pull the updated image embedded in the new manifest. ✔️
  3. Push a modified manifest to a new versioned tag docker.io/julianhn/multiarch-test:1.1 --> Dependabot will open a PR (https://github.com/JulianHn/multiarch-test/pull/3) to update to the new tag and the respective manifest sha256. docker build will once again pull the new image. ✔️

From these tests, I conclude that dependabot will behave in the way we want it after this inital "upgrade" from single image sha256 reference to manifest sha256 reference. @joshmoore @manics

joshmoore commented 1 year ago

Let's go ahead and get this in with the other recent fix and see how the scheme works for us.