Locks Docker image references by digest.
Docker images are typically specified by their name and tag in Dockerfiles. Unfortunately tags are mutable which can cause non-deterministic behaviour at a later date. To avoid this, digests can be used to lock images to an immutable version.
For example, the image openjdk:8 can be locked down to a specific version using
openjdk:8@sha256:d2e5ce9a87c571481197229f618d573d183c6eca1fe3a90ab668ca1d625f0ff9
Install locally by running:
sudo curl -so /usr/local/bin/locker https://raw.githubusercontent.com/markhobson/locker/master/locker
sudo chmod +x /usr/local/bin/lockerTo lock image references in a Dockerfile:
locker DockerfileTo unlock image references in a Dockerfile:
locker --unlock DockerfileThe test suite uses Bats. To run the test suite:
-
Pull the images used by the tests:
docker pull openjdk docker pull oracle/openjdk docker pull openjdk:8 -
Run the tests:
npx bats test
- Use locally built images in tests to avoid having to pull them
- Ignore images that don't exist locally
- Discard digest to allow relocking files
- Recursive syntax to lock all supported files in a directory
- Pull flag to pull newer images before locking
- Support
docker-compose.yml - Support AWS CloudFormation templates
