Whenever you build a container image, chances are that you are using public images as a base. But how do you keep your image up-to-date with the latest releases? In this blog I will introduce a utility which will allow you to keep your Dockerfile container image references up-to-date.
In classic IT operations, "patch management" is a thing. On a frequent basis, all the components in the data center are updated to run the latest release of the software. With the Cloud-native principle of immutable infrastructure this no longer applies. There are no machines to log into and any changes you do make will not persist.
For this reason, we created a utility named "fromage" which will allow you to detect out-of-date container images references. It will also allow you to update them automatically.
install the utility
To install the utility, type:
git clone https://github.com/binxio/fromage cd fromage git checkout 0.2.4 go install
You can also use the docker image
list container image references
To list container image references in your git repository, type:
fromage list --branch master --verbose https://github.com/binxio/kritis
It iterates over all dockerfiles in all branches in the repository and print out all container image references and list newer versions if available.
checking out-of-date references
To check whether there are newer references available, type:
./fromage check --branch master --verbose https://github.com/binxio/kritis
It iterates over all dockerfiles in all branches in the repository and print out all container image references which are out-of-date. If found, it exits with code 1.
You can use this in your CI/CD pipeline as a quality control gate.
bring container references up-to-date
To update the container image references to the next available version, type:
$ ./fromage bump --branch master --verbose firstname.lastname@example.org:binxio/kritis.git 2021/01/21 21:05:42 INFO: updating reference golang:1.12 to golang:1.13 in helm-hooks/Dockerfile 2021/01/21 21:05:42 INFO: updating reference golang:1.12 to golang:1.13 in helm-hooks/Dockerfile 2021/01/21 21:05:46 INFO: updating reference golang:1.12 to golang:1.13 in deploy/Dockerfile 2021/01/21 21:05:46 INFO: changes committed with 67847a0 2021/01/21 21:05:46 INFO: pushing changes to email@example.com:binxio/kritis.git
It will update references to the next available version. You can repeat this process until you are at the highest level. Alternatively, you can specify
--latest to bump to the highest level. If you are scared of major version upgrades, add
--pin major. Changes are committed and pushed to the repository.
With this utility you will never have to run with out-of-date base images, ever again. It will allow you to detect the use of out-of-date images and automatically update the image references to trigger a new build of your CI/CD pipline.