https://github.com/MeneDev/dockmoor
Manage docker image references
https://github.com/MeneDev/dockmoor
devops docker dockerfile
Last synced: about 1 month ago
JSON representation
Manage docker image references
- Host: GitHub
- URL: https://github.com/MeneDev/dockmoor
- Owner: MeneDev
- Archived: true
- Created: 2018-09-03T07:22:57.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-04-22T11:26:05.000Z (almost 2 years ago)
- Last Synced: 2024-07-31T21:56:55.675Z (9 months ago)
- Topics: devops, docker, dockerfile
- Language: Go
- Homepage:
- Size: 8.76 MB
- Stars: 17
- Watchers: 3
- Forks: 5
- Open Issues: 9
-
Metadata Files:
- Readme: README.adoc
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Roadmap: ROADMAP.md
Awesome Lists containing this project
- awesome-docker - dockmoor - Manage docker image references and help to create reproducible builds with Docker. By [@MeneDev](https://github.com/MeneDev) (Docker Images / Dockerfile)
- awesome-docker - dockmoor - Manage docker image references and help to create reproducible builds with Docker. By [@MeneDev](https://github.com/MeneDev) (Docker Images / Dockerfile)
- awesome-docker - dockmoor - Manage docker image references and help to create reproducible builds with Docker. By [@MeneDev](https://github.com/MeneDev) (Docker Images / Dockerfile)
- awesome-docker - dockmoor - Manage docker image references and help to create reproducible builds with Docker. By [@MeneDev](https://github.com/MeneDev) (Docker Images / Dockerfile)
README
:branch: master
== dockmoor
image:https://github.com/MeneDev/dockmoor/workflows/Go/badge.svg?branch={branch}[Build Status (GitHub Actions), link=https://github.com/MeneDev/dockmoor/actions]
image:https://img.shields.io/coveralls/github/MeneDev/dockmoor/{branch}.svg[Coveralls statement coverage, link=https://coveralls.io/github/MeneDev/dockmoor]
image:https://goreportcard.com/badge/github.com/MeneDev/dockmoor[Go Report Card, https://goreportcard.com/report/github.com/MeneDev/dockmoor]
image:https://img.shields.io/github/release/MeneDev/dockmoor.svg["GitHub release",link="https://github.com/MeneDev/dockmoor/releases"]
image:https://img.shields.io/twitter/follow/MeneDev.svg?style=social&label=%40MeneDev[Follow @MeneDev on Twitter, link=https://twitter.com/MeneDev]
Once you found a nice dock, it's time to moor :anchor: +
dockmoor helps you to create reproducible builds with Docker.
> **Warning**
> This is currently unmaintained. Tracking docker as a dependency was a mistake.
>
> Renovate bot has a similar feature: https://docs.renovatebot.com/docker/#digest-pinning
== Features
*Implemented*
* pin image references to currently used image via digest to make builds reproducible
** works with (remote) docker daemon and docker registry (e.g. docker hub)
* list image references
* find Dockerfiles
* filter by various predicates, e.g. untagged, `latest`, RegEx-match
*Upcoming*
* amend missing tags
* find outdated image references
* other formats: docker-compose, GitLab CI, Circle CI, Travis CI, ...
[[_examples]]
== Examples
Note: all digests are abbreviated for better readability
[[pin-command-examples]]
=== pin command
The `pin` command queries a Docker daemon (local or remote) or a docker registry (e.g. docker hub) for images matching the used image references and pins the image reference by appending the digest.
*Note* the Docker daemon is used by default, but only knows pulled images!
[[_pin_well_known_image_references]]
==== Pin well-known image references
[subs=+macros]
....
dockmoor pin https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/pin-examples/Dockerfile-nginx[pin-examples/Dockerfile-nginx]
....
Given the following multi-stage dockerfile:
[source,Dockerfile]
----
# originally untagged
FROM nginx
# originally tagged 1.15
FROM nginx:1.15
# originally tagged 1
FROM nginx:1
# originally tagged 1.15-alpine-perl
FROM nginx:1.15-alpine-perl
RUN something
----
File after execution:
[source,Dockerfile]
----
# originally untagged
FROM nginx@sha256:31b..91
# originally tagged 1.15
FROM nginx:1.15@sha256:31b..91
# originally tagged 1
FROM nginx:1@sha256:31b..91
# originally tagged 1.15-alpine-perl
FROM nginx:1.15-alpine-perl@sha256:9c6..ae
RUN something
----
stdout is empty +
stderr is empty +
exit code: 0
[[_pin_all_image_references_in_a_dockerfile_using_a_docker_registry]]
==== Pin all image references in a dockerfile using a docker registry
[subs=+macros]
....
dockmoor pin --resolver=registry https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/pin-examples/Dockerfile-testimagea[pin-examples/Dockerfile-testimagea]
....
File before execution:
[source,Dockerfile]
----
FROM menedev/testimagea:1
FROM menedev/testimagea:1.0
FROM menedev/testimagea:1.0.0
FROM menedev/testimagea:1.0.1
FROM menedev/testimagea:1.1.0
FROM menedev/testimagea:1.1.1
FROM menedev/testimagea:2
FROM menedev/testimagea:2.0
FROM menedev/testimagea:2.0.0
FROM menedev/testimagea:latest
FROM menedev/testimagea
RUN something
----
File after execution:
[source,Dockerfile]
----
FROM menedev/testimagea:1@sha256:1e2..24
FROM menedev/testimagea:1.0@sha256:c27..4b
FROM menedev/testimagea:1.0.0@sha256:f38..df
FROM menedev/testimagea:1.0.1@sha256:c27..4b
FROM menedev/testimagea:1.1.0@sha256:bf1..96
FROM menedev/testimagea:1.1.1@sha256:1e2..24
FROM menedev/testimagea:2@sha256:3d4..a1
FROM menedev/testimagea:2.0@sha256:3d4..a1
FROM menedev/testimagea:2.0.0@sha256:3d4..a1
FROM menedev/testimagea:latest@sha256:3d4..a1
FROM menedev/testimagea@sha256:3d4..a1
RUN something
----
stdout is empty +
stderr is empty +
exit code: 0
[[_pin_image_references_with_latest_or_no_tag_in_a_dockerfile]]
==== Pin image references with latest or no tag in a dockerfile
[subs=+macros]
....
dockmoor pin --latest https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/pin-examples/Dockerfile-testimagea[pin-examples/Dockerfile-testimagea]
....
File after execution:
[source,Dockerfile]
----
FROM menedev/testimagea:1
FROM menedev/testimagea:1.0
FROM menedev/testimagea:1.0.0
FROM menedev/testimagea:1.0.1
FROM menedev/testimagea:1.1.0
FROM menedev/testimagea:1.1.1
FROM menedev/testimagea:2
FROM menedev/testimagea:2.0
FROM menedev/testimagea:2.0.0
FROM menedev/testimagea:latest@sha256:3d4..a1
FROM menedev/testimagea@sha256:3d4..a1
RUN something
----
stdout is empty +
stderr is empty +
exit code: 0
[[list-command-examples]]
=== list command
All single file examples refer to https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[a multi-stage build Dockerfile]
[[_list_all_image_references_where_the_tag_ends_in_test]]
==== List all image references where the tag ends in `-test`
Surrounding strings with `/` enables regular expression based matching.
[subs=+macros]
....
dockmoor list --tag=/-test$/ https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile]
....
stdout:
[subs=+macros]
....
image-name:1.12-test
image-name:1.11-test
docker.io/library/image-name:latest-test
example.com/image-name:1.12-test
example.com/image-name:latest-test@sha256:2c4..cf
....
stderr is empty +
exit code: 0
[[_list_all_image_references_with_latest_or_no_tag_from_a_specific_domain_in_file]]
==== List all image references with latest or no tag from a specific domain in file
You can use multiple predicates to filter the matching image references. In this example the `domain` predicate is used together wih the `latest` predicate. Predicates are connected to a `conjunction`: all predicates must match.
[subs=+macros]
....
dockmoor list --domain=example.com --latest https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile]
....
stdout:
[subs=+macros]
....
example.com/image-name:latest@sha256:2c4..cf
example.com/other-image
example.com/other-image:latest
....
stderr is empty +
exit code: 0
[[_list_all_image_references_in_file]]
==== List all image references in file
[subs=+macros]
....
dockmoor list https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile]
....
stdout:
[subs=+macros]
....
image-name
image-name:latest
image-name:1.12
image-name:1.12-test
image-name:1.11-test
image-name@sha256:2c4..cf
docker.io/library/image-name:1.12@sha256:2c4..cf
docker.io/library/image-name
docker.io/library/image-name:latest
docker.io/library/image-name:latest-test
example.com/image-name:1.12
example.com/image-name:1.12-test
example.com/image-name:1.12-testing
example.com/image-name:latest@sha256:2c4..cf
example.com/image-name:latest-test@sha256:2c4..cf
example.com/image-name@sha256:2c4..cf
example.com/other-image
example.com/other-image:latest
....
stderr is empty +
exit code: 0
[[_list_all_image_references_with_latest_or_no_tag_in_file]]
==== List all image references with latest or no tag in file
[subs=+macros]
....
dockmoor list --latest https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile]
....
stdout:
[subs=+macros]
....
image-name
image-name:latest
docker.io/library/image-name
docker.io/library/image-name:latest
example.com/image-name:latest@sha256:2c4..cf
example.com/other-image
example.com/other-image:latest
....
stderr is empty +
exit code: 0
[[_list_all_unpinned_image_references]]
==== List all unpinned image references
[subs=+macros]
....
dockmoor list --unpinned https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile]
....
stdout:
[subs=+macros]
....
image-name
image-name:latest
image-name:1.12
image-name:1.12-test
image-name:1.11-test
docker.io/library/image-name
docker.io/library/image-name:latest
docker.io/library/image-name:latest-test
example.com/image-name:1.12
example.com/image-name:1.12-test
example.com/image-name:1.12-testing
example.com/other-image
example.com/other-image:latest
....
stderr is empty +
exit code: 0
[[_use_unix_find_to_list_all_unpinned_image_references]]
==== Use unix find to list all unpinned image references
[subs=+macros]
....
find some-folder -type f -exec dockmoor list --unpinned {} \; | sort | uniq
....
stdout:
[subs=+macros]
....
nginx
nginx:1.15.3
nginx:latest
....
stderr is empty +
exit code: 0
[[_use_unix_find_to_list_all_image_references_with_latestno_tags]]
==== Use unix find to list all image references with latest/no tags
[subs=+macros]
....
find https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/[some-folder/] -type f -exec dockmoor list --latest {} \; | sort | uniq
....
stdout:
[subs=+macros]
....
nginx
nginx:latest
....
stderr is empty +
exit code: 0
[[_use_unix_find_to_list_all_image_references]]
==== Use unix find to list all image references
[subs=+macros]
....
find https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/[some-folder/] -type f -exec dockmoor list {} \; | sort | uniq
....
stdout:
[subs=+macros]
....
nginx
nginx:1.15.3
nginx:1.15.3-alpine@sha256:2c4..cf
nginx:latest
nginx@sha256:db5..44
....
stderr is empty +
exit code: 0
[[contains-command-examples]]
=== contains command
[[_use_unix_find_to_list_all_files_containing_unpinned_references]]
==== Use unix find to list all files containing unpinned references
[subs=+macros]
....
find some-folder -type f -exec dockmoor contains --unpinned {} \; -print
....
stdout:
[subs=+macros]
....
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-latest[some-folder/Dockerfile-nginx-latest]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-1.15.3[some-folder/Dockerfile-nginx-1.15.3]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-untagged[some-folder/Dockerfile-nginx-untagged]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/subfolder/Dockerfile-nginx-latest[some-folder/subfolder/Dockerfile-nginx-latest]
....
stderr is empty +
exit code: 0
[[_use_unix_find_to_list_all_files_containing_latestno_tags]]
==== Use unix find to list all files containing latest/no tags
[subs=+macros]
....
find some-folder -type f -exec dockmoor contains --latest {} \; -print
....
stdout:
[subs=+macros]
....
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-latest[some-folder/Dockerfile-nginx-latest]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-untagged[some-folder/Dockerfile-nginx-untagged]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/subfolder/Dockerfile-nginx-latest[some-folder/subfolder/Dockerfile-nginx-latest]
....
stderr is empty +
exit code: Unresolved directive in cmdContains.adoc - include::../end-to-end/results/containsLatestInFolder.exitCode[]
[[_use_unix_find_to_list_all_supported_files]]
==== Use unix find to list all supported files
[subs=+macros]
....
find some-folder -type f -exec dockmoor contains {} \; -print
....
stdout:
[subs=+macros]
....
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-latest[some-folder/Dockerfile-nginx-latest]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-1.15.3[some-folder/Dockerfile-nginx-1.15.3]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-tagged-digest[some-folder/Dockerfile-nginx-tagged-digest]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-untagged[some-folder/Dockerfile-nginx-untagged]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/Dockerfile-nginx-digest[some-folder/Dockerfile-nginx-digest]
https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/subfolder/Dockerfile-nginx-latest[some-folder/subfolder/Dockerfile-nginx-latest]
....
stderr is empty +
exit code: 0
[[_test_the_format_of_a_file]]
==== Test the format of a file
The `contains` command returns with exit code 0 when an image reference was found that matches. Using the `--any` predicate allows to match any file with a supported format that contains at least one image reference.
[subs=+macros]
....
dockmoor contains https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile]
....
stdout is empty +
stderr is empty +
exit code: 0
[subs=+macros]
....
dockmoor contains https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/some-folder/NotADockerfile[some-folder/NotADockerfile]
....
stdout is empty +
stderr is empty +
exit code: 4
[[_supported_formats]]
== Supported Formats
* https://github.com/MeneDev/dockmoor/blob/master/cmd/dockmoor/end-to-end/Dockerfile[Dockerfile] (as used by `docker build`)
[[_usage]]
== Usage
___________________________________________________________________________________________________________________________
dockmoor [OPTIONS] [command-OPTIONS]
___________________________________________________________________________________________________________________________
[[_application_options]]
== Application Options
*-l*, *--log-level* Sets the log-level (one of `NONE`, `ERROR`, `WARN`, `INFO`, `DEBUG`)
*--version* Show version and exit
[[_commands]]
=== Commands
* link:#contains-command[contains]
* link:#list-command[list]
* link:#pin-command[pin]
[[_contains_command]]
==== contains command
________________________________________________________
dockmoor [OPTIONS] contains [contains-OPTIONS] InputFile
________________________________________________________
Test if a file contains image references with matching predicates. Returns exit code 0 when the given input contains at least one image reference that satisfy the given conditions and is of valid format, non-null otherwise
[[_domain_predicates]]
===== Domain Predicates
Limit matched image references depending on their domain
*--domain* Matches all images matching one of the specified domains. Surround with '/' for regex i.e. /regex/.
[[_name_predicates]]
===== Name Predicates
Limit matched image references depending on their name
*--name* Matches all images matching one of the specified names (e.g. "docker.io/library/nginx"). Surround with '/' for regex i.e. /regex/.
*-f*, *--familiar-name* Matches all images matching one of the specified familiar names (e.g. "nginx"). Surround with '/' for regex i.e. /regex/.
*--path* Matches all images matching one of the specified paths (e.g. "library/nginx"). Surround with '/' for regex i.e. /regex/.
[[_tag_predicates]]
===== Tag Predicates
Limit matched image references depending on their tag
*--untagged* Matches images with no tag
*--latest* Matches images with latest or no tag. References with digest are only matched when explicit latest tag is present.
*--tag* Matches all images matching one of the specified tag. Surround with '/' for regex i.e. /regex/.
[[_digest_predicates]]
===== Digest Predicates
Limit matched image references depending on their digest
*--unpinned* Matches unpinned image references, i.e. image references without digest.
*--digest* Matches all image references with one of the provided digests.
[[_list_command]]
==== list command
________________________________________________
dockmoor [OPTIONS] list [list-OPTIONS] InputFile
________________________________________________
List image references with matching predicates. Returns exit code 0 when the given input contains at least one image reference that satisfy the given conditions and is of valid format, non-null otherwise
[[_domain_predicates_2]]
===== Domain Predicates
Limit matched image references depending on their domain
*--domain* Matches all images matching one of the specified domains. Surround with '/' for regex i.e. /regex/.
[[_name_predicates_2]]
===== Name Predicates
Limit matched image references depending on their name
*--name* Matches all images matching one of the specified names (e.g. "docker.io/library/nginx"). Surround with '/' for regex i.e. /regex/.
*-f*, *--familiar-name* Matches all images matching one of the specified familiar names (e.g. "nginx"). Surround with '/' for regex i.e. /regex/.
*--path* Matches all images matching one of the specified paths (e.g. "library/nginx"). Surround with '/' for regex i.e. /regex/.
[[_tag_predicates_2]]
===== Tag Predicates
Limit matched image references depending on their tag
*--untagged* Matches images with no tag
*--latest* Matches images with latest or no tag. References with digest are only matched when explicit latest tag is present.
*--tag* Matches all images matching one of the specified tag. Surround with '/' for regex i.e. /regex/.
[[_digest_predicates_2]]
===== Digest Predicates
Limit matched image references depending on their digest
*--unpinned* Matches unpinned image references, i.e. image references without digest.
*--digest* Matches all image references with one of the provided digests.
[[_pin_command]]
==== pin command
______________________________________________
dockmoor [OPTIONS] pin [pin-OPTIONS] InputFile
______________________________________________
Change image references to a more reproducible format
[[_domain_predicates_3]]
===== Domain Predicates
Limit matched image references depending on their domain
*--domain* Matches all images matching one of the specified domains. Surround with '/' for regex i.e. /regex/.
[[_name_predicates_3]]
===== Name Predicates
Limit matched image references depending on their name
*--name* Matches all images matching one of the specified names (e.g. "docker.io/library/nginx"). Surround with '/' for regex i.e. /regex/.
*-f*, *--familiar-name* Matches all images matching one of the specified familiar names (e.g. "nginx"). Surround with '/' for regex i.e. /regex/.
*--path* Matches all images matching one of the specified paths (e.g. "library/nginx"). Surround with '/' for regex i.e. /regex/.
[[_tag_predicates_3]]
===== Tag Predicates
Limit matched image references depending on their tag
*--untagged* Matches images with no tag
*--latest* Matches images with latest or no tag. References with digest are only matched when explicit latest tag is present.
*--tag* Matches all images matching one of the specified tag. Surround with '/' for regex i.e. /regex/.
[[_digest_predicates_3]]
===== Digest Predicates
Limit matched image references depending on their digest
*--unpinned* Matches unpinned image references, i.e. image references without digest.
*--digest* Matches all image references with one of the provided digests.
[[_reference_format]]
===== Reference format
Control the format of references, defaults are sensible, changes are not recommended
*--force-domain* Includes domain even in well-known references
*--no-name* Formats well-known references as digest only
*--no-tag* Don't include the tag in the reference
*--no-digest* Don't include the digest in the reference
[[_pin_options]]
===== Pin Options
Control how the image references are resolved
*-r*, *--resolver* Strategy to resolve image references (one of `dockerd`, `registry`)
*--tag-mode* Strategy to resolve image references (one of `unchanged`)
[[_output_parameters]]
===== Output parameters
Output parameters
*-o*, *--output* Output file to write to. If empty, input file will be used.
[[_building_locally_and_contributing]]
== Building locally and Contributing
Appreciated! See link:CONTRIBUTING.md[CONTRIBUTING] for details.
[[_roadmap]]
== Roadmap
Currently dockmoor is in a very eraly stage and under constant development.
To get an idea where the journey will go, take a look at the link:ROADMAP.md[Roadmap]