One of the best things about Docker is the ability to create build scripts that allow anyone to re-create a working environment.
In order to achieve this it is important to specify version numbers in your docker files as demonstrated in the Dockerfile of my python-lev project:
ARG PYTHON_VERSION=3.9
ARG ALPINE_VERSION=3.13
FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION} AS builder
RUN apk add --no-cache g++
RUN pip install --user --no-cache-dir python-Levenshtein==0.12.*
FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
COPY --from=builder /root/.local/lib/ /usr/local/lib/
Points of note in this example:
Since Python, Alpine and PIP use semantic versioning, I allow use the latest patch release but not the latest major or minor releases. This allows me to chose when I move to the next major or minor release but only after reviewing the release notes.
The biggest advantage is that the Dockerfile can be shared and re-used with high confidence of a consistent Docker image. The downside to this approach is that it necessitates the need for periodic updates to the Dockerfile.
The way that I monitor for new Docker images is via a homemade Python script which I have called the Docker Curator.
Docker Curator generates a report which gives me a heads-up of new images on Docker Hub.
The script uses a simple JSON configuration file and searches Docker Hub for newer versions of specific images.
Once I know what new Docker images are available, I go through my projects and update them accordingly:
Whilst updating projects to use the latest base images, I also tend to update system packages and Python packages.
Alpine system packages are installed using “apk”.
I have listed the Alpine packages in a separate Alpine document.
Debian packages are installed using “apt-get”.
I have listed the Debian packages in a separate Debian (slim) document.
Ubuntu packages are installed using “apt-get”.
I have listed the Ubuntu packages in a separate Ubuntu document.
Many of my projects and Docker images install images from PyPI using “pip”.
I have listed these libraries in a separate pip document as there is no dependency on the Docker base image.