Locks Docker image references by digest.
Docker images are typically specified by their name and tag in Dockerfile
s. Unfortunately tags are mutable which can cause non-deterministic behaviour at a later date. To avoid this, digests can be used to lock images to an immutable version.
For example, the image openjdk:8
can be locked down to a specific version using
openjdk:8@sha256:d2e5ce9a87c571481197229f618d573d183c6eca1fe3a90ab668ca1d625f0ff9
Install locally by running:
sudo curl -so /usr/local/bin/locker https://raw.githubusercontent.com/markhobson/locker/master/locker
sudo chmod +x /usr/local/bin/locker
To lock image references in a Dockerfile
:
locker Dockerfile
To unlock image references in a Dockerfile
:
locker --unlock Dockerfile
The test suite uses Bats. To run the test suite:
-
Pull the images used by the tests:
docker pull openjdk docker pull oracle/openjdk docker pull openjdk:8
-
Run the tests:
npx bats test
- Use locally built images in tests to avoid having to pull them
- Ignore images that don't exist locally
- Discard digest to allow relocking files
- Recursive syntax to lock all supported files in a directory
- Pull flag to pull newer images before locking
- Support
docker-compose.yml
- Support AWS CloudFormation templates