GitHub - schuhumi/cipug: Container Images Pinning and Updating Gadget
github.com
Container Images Pinning and Updating Gadget. Contribute to schuhumi/cipug development by creating an account on GitHub.

Hello,

I moved my home servers to fedora silverblue and docker-compose (ipv6 reasons :/). I stumpled upon the problem that I neither wanted to update image tags manually, nor have no idea what “:latest” deployed on my server in case I need to roll back.

To alleviate that problem, I made a small update-tool. It takes care of writing down the image@sha256… digest every time so that you can roll back. It also automatically snapshots and restarts the services.

It is made in Python but doesn’t need any dependencies, so no catering for a venv either. You only need to have skopeo and snapper in working order. Maybe you’ll find it useful, but please be aware that it is in an early stage. Also I’m not responsible if it nukes your server 😅

  • kolorafa@lemmy.worldEnglish
    0·
    1 year ago

    I like the concept, you could also detect the compose file name automatically.

    Or write down hashes for tag even if compose don’t use your variables so reading from compose, so people would not need to relay on the script but could use it as additional backup

    • skilltheamps@feddit.deOPEnglish
      0·
      1 year ago

      I like your first point and will implement it I think.

      For the second I don’t quite see the point, but it is possible already: Just use the SERVICE_*_IMAGE_TAGGED variable in the compose file instead of the SERVICE_*_IMAGE_HASHED one. The tool has settings to skip snapshot creation and service restart, i.e. it then only rewrites the .env file.