Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Daily builds? #96

Open
shawly opened this issue Feb 6, 2023 · 3 comments
Open

Daily builds? #96

shawly opened this issue Feb 6, 2023 · 3 comments

Comments

@shawly
Copy link

shawly commented Feb 6, 2023

My watchtower constantly updates autoheal because of the daily builds, which is kind of bothersome since I always get notifications for that.

Now I saw that the Dockerfile uses alpine:3.13.5 hardcoded, so I don't really get why it is built daily when it is always the same EOL alpine image.

I think it would make more sense to either use alpine:latest and just build if alpine:latest is updated or just disable daily builds as they don't bring any benefits in the current state.

I wrote a workflow for keepalived that checks if the keepalived package in the alpine repo has updates https://github.com/shawly/docker-keepalived/blob/main/.github/workflows/update-keepalivd-version.yml, you could use this as a starting point for building a workflow that only builds when packages or the main image get updated.

@hasnat
Copy link
Contributor

hasnat commented Feb 7, 2023

kindof agree to this; only benefit now is up-to-date curl/jq off alpine 3.13.5 repo;

similar question here #57

@shawly
Copy link
Author

shawly commented Feb 7, 2023

The alpine jq package hasn't been updated since January 2020 https://pkgs.alpinelinux.org/packages?name=jq&branch=v3.13&repo=&arch=&maintainer= and jq itself hasn't seen an update since 2018, so I wouldn't see that as a benefit.
It's rather luck that the daily builds haven't killed compatibility with the autoheal entrypoint scripts because jq isn't updated regularily so the syntax never changes.

similar question here #57

I personally would not recommend using latest in production, or watchtower for that matter. Bad updates can happen.

Regular and automated updates are a necessity in bigger infrastructures, so not using them because of possible bad updates is kind of more irresponsible than keeping possibly exploitable applications in your infrastructure because you need to manually update every time which costs time and resources on your end. Having backups and using snapshots is integral for rolling back bad updates, because manually upgrading won't ever save you from a "bad update".

So having a proper workflow that actually updates packages (or docker images in this case) on a regular basis but only when necessary is definitely a better practice than just doing nightlies, especially when these nightlies run under the latest tag and not under an edge tag which should be used for untested images. Since one of these bad updates could also affect jq or curl and make the latest tag unusable. Also nightlies give the false impression of an image being maintained actively although it might not be which can only be visible by checking an authors activity or in this case checking the base image that this nightly is built on, which is EOL.

@MyWay
Copy link

MyWay commented Mar 6, 2024

I agree. Would it be possible to move current latest build to nightly or edge?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants