coop-cloud/organising
coop-cloud
/
organising
Archived
4
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Activity

Consider digest pinning for more build stability #67

New Issue
Open
opened 2021-06-03 09:15:04 +00:00 by decentral1se · 2 comments
decentral1se commented 2021-06-03 09:15:04 +00:00
Owner
Copy Link

We could be doing something like this in the compose.yml files: node:14.15.1@sha256:d938c1761e3afbae9242848ffbb95b9cc1cb0a24d889f8bd955204d347a7266e where you pin directly to a digest that you expect. This would stop whacky stuff happening later on if upstream decides to cheekily overwrite the tag.

We could be doing something like this in the `compose.yml` files: `node:14.15.1@sha256:d938c1761e3afbae9242848ffbb95b9cc1cb0a24d889f8bd955204d347a7266e` where you pin directly to a digest that you expect. This would stop whacky stuff happening later on if upstream decides to cheekily overwrite the tag.
👀 1
decentral1se added the
enhancement
 label 2021-06-03 09:15:18 +00:00
3wordchant commented 2021-06-13 12:35:57 +00:00
Owner
Copy Link

Down for this.

Do we know what exactly would happen if we did this, in those situations "if upstream decides to cheekily overwrite the tag"?

Would the deploy just fail (and would we want to / be able to show a more helpful error than Docker?), or will it still grab the old tagged image from Docker Hub?

Down for this. Do we know what exactly would happen if we did this, in those situations "if upstream decides to cheekily overwrite the tag"? Would the deploy just fail (and would we want to / be able to show a more helpful error than Docker?), or will it still grab the old tagged image from Docker Hub?
decentral1se commented 2021-06-14 14:56:50 +00:00
Author
Owner
Copy Link

I think it would just error out with "I can't find that tag with that hash" and then yeah, as you say, I think we'd need to provide some explanation after that. We could of coures have a --force logic here to override. This seems a bit tricky to manage to set up, we'd probably have to publish our own test image and then overwrite it? For now, we could just do the pinning and figure out the rest later.

I think it would just error out with "I can't find that tag with that hash" and then yeah, as you say, I think we'd need to provide some explanation after that. We could of coures have a `--force` logic here to override. This seems a bit tricky to manage to set up, we'd probably have to publish our own test image and then overwrite it? For now, we could just do the pinning and figure out the rest later.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels   
automation

Getting the robots into the mix

  
bug

Something is not working

  
community organising

Opening this thing up

  
democracy

Democratic decision making

  
design

Design thinking required

  
documentation

WTFM

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
finance

Money things

  
funding

Anything related to grant funding

  
help wanted

Need some help

  
invalid

Something is wrong

  
publishing

Making this project public

  
question

More information is needed

  
security

Securing our shit

  
wontfix

This won't be fixed

No Label
automation
bug
community organising
democracy
design
documentation
duplicate
enhancement
finance
funding
help wanted
invalid
publishing
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/organising#67
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?