Create tool to update deis/base tag

Question

Create tool to update deis/base tag

Closed this issue 8 years ago · 2 comments

Rather than revving everything by hand and potentially missing some components.

Answer 1 · 2017-01-10T19:44:00.000Z

To be more specific, the current policy is to release deis/base only with immutable tags (no :latest). This allows for traceability and reproducible builds. The tradeoff is that a new deis/base tag must be created when a relevant CVE is fixed upstream in ubuntu, and then multiple components need to update their Dockerfile to start with FROM deis/base:<tag>.

That's a big pain that could be alleviated by a tool that created that set of PRs. (Alternately, we could re-re-revisit the idea of mutable vs. immutable tags here, but that's a different discussion.)

Answer 2 · 2017-01-11T16:33:47.000Z

Since I need to roll out the new deis/base image anyways, I'll write a script to automate this process.