How to keep your Dockerfile container image references up-to-date

Whenever you build a container image, chances are that you are using public images as a base. But how do you keep your image up-to-date with the latest releases? In this blog I will introduce a utility which will allow you to keep your Dockerfile container image references up-to-date. In classic IT operations, "patch management" is a thing. On a frequent basis, all the components in the data center are updated to run the latest release of the software. With the Cloud-native principle of immutable infrastructure this no longer applies. There are no machines to log into and any changes you do make will not persist. For this reason, we created a utility named "fromage" which will allow you to detect out-of-date container images references. It will also allow you to update them automatically.

install the utility

To install the utility, type:

git clone https://github.com/binxio/fromage
cd fromage
git checkout 0.2.4
go install

You can also use the docker image binxio/fromage:0.2.4.

list container image references

To list container image references in your git repository, type:

fromage list --branch master --verbose https://github.com/binxio/kritis

It iterates over all dockerfiles in all branches in the repository and print out all container
image references and list newer versions if available.

checking out-of-date references

To check whether there are newer references available, type:

./fromage check --branch master --verbose https://github.com/binxio/kritis

It iterates over all dockerfiles in all branches in the repository and print out all container
image references which are out-of-date. If found, it exits with code 1.

You can use this in your CI/CD pipeline as a quality control gate.

bring container references up-to-date

To update the container image references to the next available version, type:

$ ./fromage bump --branch master --verbose git@github.com:binxio/kritis.git
2021/01/21 21:05:42 INFO: updating reference golang:1.12 to golang:1.13 in helm-hooks/Dockerfile
2021/01/21 21:05:42 INFO: updating reference golang:1.12 to golang:1.13 in helm-hooks/Dockerfile
2021/01/21 21:05:46 INFO: updating reference golang:1.12 to golang:1.13 in deploy/Dockerfile
2021/01/21 21:05:46 INFO: changes committed with 67847a0
2021/01/21 21:05:46 INFO: pushing changes to git@github.com:binxio/kritis.git

It will update references to the next available version. You can repeat this process until you are at the highest level. Alternatively, you can specify --latest to bump to the highest level. If you are scared of major version upgrades, add --pin major. Changes are committed and pushed to the repository.

Conclusion

With this utility you will never have to run with out-of-date base images, ever again. It will allow you to detect the use of out-of-date images and automatically update the image references to trigger a new build of your CI/CD pipline. Image by PublicDomainPictures from Pixabay