Comments (10)
You should probably give users a choice between automatic updates serversideup/php:8.1-fpm-nginx
and manual updates serversideup/php:8.1-fpm-nginx-v2.0.0
So when you make an update for example serversideup/php:8.1-fpm-nginx-v2.0.1
you can also push the same update to serversideup/php:8.1-fpm-nginx
from docker-php.
I think this is a very sensible approach.
It's basically saying "the user is choosing where to place their responsibility".
Anyone else have any thoughts before I put this on schedule for development?
from docker-php.
A question came up on Discord by @zigazajc007:
So it would be for example: serversideup/php:8.1-fpm-nginx-2.0.0 ?
"Latest" image example:
serversideup/php:8.1-fpm-nginx
Tagged version:
serversideup/php:8.1-fpm-nginx-v2.0.0
If someone uses the tagged version, they are responsible for their own security updates (they simply can add apt-get update && apt-get upgrade
if they stick on a tagged version for an extended period).
This may be very helpful for people like @fideloper at Fly.io ☝️
from docker-php.
Thanks for opening this up. I am fully aware of this and want a solution.
If you need to roll back to the previous version, use this release: https://github.com/serversideup/docker-php/releases/tag/v.1.5.0
The Challenge with tagging things
If I tag v2.0.0
, it's easy for me to do that on first build. The problem becomes if v2.0.0
is a "stable build" for many months, the hard part becomes: How do I update that image with the latest Ubuntu tags?
The only way I see it is a very custom CI process.
I am open to thoughts if anyone else has any potential solutions.
from docker-php.
I think base image (Ubuntu), php version and Webserver should rather be part of the docker repository name, not the tag. That would allow you to version the Dockerfile itself using the tags, and not the other components
from docker-php.
I'm not sure if I am fully following your comment @alxy. Could you provide an example?
Also, once I tag things -- I am still unsure how I will provide security updates to versions that are tagged.
from docker-php.
Sure, so currently you are using a scheme like this: serversideup/php:8.1-fpm-nginx
What I would suggest is serversideup/ubuntu2204-php81-fpm-nginx122:1.0.0
as an example. That would move the version of the components that you use (ubuntu, php, nginx) to the repository/image name, and would leave the tag for you to increment whenever you:
- Change the Dockerfile
- Change the behavior/configuraton of any of the components your ship
- Upgrade any of the components and apply a critical security fix (Say in PHP
8.1.23
there is security vulnerability found and you need to upgrade to8.1.24
- in that case you could issue a new tag, e.g.1.0.1
) - ...
Not sure if that solves the original problem, but that is hw I understood the issue. Id also argue you are currently "missusing" tags a bit, and that woud be more aligned with how I would versions would expect towork.
from docker-php.
I agree with your proposal, but I think it may be too granular. It's probably best to put the library versions in each release (similar to how S6 Overlay does it)
Id also argue you are currently "missusing" tags a bit, and that woud be more aligned with how I would versions would expect towork.
I see your perspective, but I think it is preference. I think changing repo names at this point would be too much effort for everyone.
Moving forward
I still need to figure out this problem:
- How should tagged versions be handled with security updates?
As of now, anything tagged like serversideup/php:8.1-fpm-nginx
gets automatically rebuilt every week with the latest security updates.
If we do serversideup/php:8.1-fpm-nginx-v2.0.0
, it will never get an update again. Thoughts?
Here is a diagram to visualize a tag on commit vs a scheduled build.
from docker-php.
Here are my latest thoughts on this. This is how my GitHub Actions Workflows will look like:
Notable enhancements
- Development will all be on the
main
branch - Anything on
main
will go into my "beta" images - Production images will only be updated on "release"
- There will be two images provided, one for automatic updates, one for user-managed updates (locking in a version)
- All GitHub Actions will use "common files" between eachother to eliminate repeated code
More updates will be posted as I have them, but feel free to chime in if you have any other thoughts/feedback.
from docker-php.
Tagging is now implemented 🥳🚀
I just added this in v2.0.2.
If you want the latest changes
Use tags like:
serversideup/php:8.1-fpm-nginx
If you want to "lock your version"
Use tags like:
serversideup/php:8.1-fpm-nginx-v2.0.2
If you want to "rollback" to the images before the S6 Overlay upgrade
You can use this image like this:
serversideup/php:8.1-fpm-nginx-v1.5.0
Long story short
There's a much cleaner development, testing, and release process compared to before. This will make it easier to bring even more AMAZING updates to these images. I have some awesome ideas in the works 😃🚀
from docker-php.
Related Issues (20)
- Latest beta-8.2-fpm-nginx breaks apt HOT 5
- Add versioning to docker image names
- php artisan tinker: Writing to directory /var/www/.config/psysh is not allowed HOT 2
- Debug mode permission denied HOT 2
- It worked fine for me until a few minutes ago when I did a --build, now I get these errors HOT 1
- Not a bug HOT 7
- cURL error 28: Operation timed out after 15000 milliseconds with 0 bytes received HOT 1
- Check shell scripts HOT 4
- More typos HOT 4
- PRs fail because of the Nuxt content ENV not being set
- PRs fail because of Docker Logins are not set HOT 5
- I encountered issues with some vulnerabilities but couldn't find a way to update the dependencies. HOT 6
- Adding custom script fails to start HOT 2
- gRPC can't be found anymore! HOT 1
- Nginx Unit Docker Image Exposes Ports 80 and 443 alongside 8080 and 8443? HOT 1
- ⚠️ Delayed release of v3.1.0 HOT 1
- mkdir() "/var/lib/nginx/body" failed (13: Permission denied) HOT 3
- Cannot start SSUPv3 docker image on Google CloudRun HOT 10
- Improve Horizon Support HOT 3
- nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/site-opts.d/https.conf:2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-php.