You should probably give users a choice between automatic updates serversideup/php:8.1-fpm-nginx and manual updates serversideup/php:8.1-fpm-nginx-v2.0.0

So when you make an update for example serversideup/php:8.1-fpm-nginx-v2.0.1 you can also push the same update to serversideup/php:8.1-fpm-nginx

from docker-php.

I think this is a very sensible approach.

It's basically saying "the user is choosing where to place their responsibility".

Anyone else have any thoughts before I put this on schedule for development?

from docker-php.

A question came up on Discord by @zigazajc007:

So it would be for example: serversideup/php:8.1-fpm-nginx-2.0.0 ?

"Latest" image example:

serversideup/php:8.1-fpm-nginx

Tagged version:

serversideup/php:8.1-fpm-nginx-v2.0.0

If someone uses the tagged version, they are responsible for their own security updates (they simply can add apt-get update && apt-get upgrade if they stick on a tagged version for an extended period).

This may be very helpful for people like @fideloper at Fly.io ☝️

from docker-php.

Thanks for opening this up. I am fully aware of this and want a solution.

If you need to roll back to the previous version, use this release: https://github.com/serversideup/docker-php/releases/tag/v.1.5.0

The Challenge with tagging things

If I tag v2.0.0, it's easy for me to do that on first build. The problem becomes if v2.0.0 is a "stable build" for many months, the hard part becomes: How do I update that image with the latest Ubuntu tags?

The only way I see it is a very custom CI process.

I am open to thoughts if anyone else has any potential solutions.

from docker-php.

I think base image (Ubuntu), php version and Webserver should rather be part of the docker repository name, not the tag. That would allow you to version the Dockerfile itself using the tags, and not the other components

from docker-php.

I'm not sure if I am fully following your comment @alxy. Could you provide an example?

Also, once I tag things -- I am still unsure how I will provide security updates to versions that are tagged.

from docker-php.

Sure, so currently you are using a scheme like this: serversideup/php:8.1-fpm-nginx

What I would suggest is serversideup/ubuntu2204-php81-fpm-nginx122:1.0.0 as an example. That would move the version of the components that you use (ubuntu, php, nginx) to the repository/image name, and would leave the tag for you to increment whenever you:

• Change the Dockerfile
• Change the behavior/configuraton of any of the components your ship
• Upgrade any of the components and apply a critical security fix (Say in PHP 8.1.23 there is security vulnerability found and you need to upgrade to 8.1.24 - in that case you could issue a new tag, e.g. 1.0.1)
• ...

Not sure if that solves the original problem, but that is hw I understood the issue. Id also argue you are currently "missusing" tags a bit, and that woud be more aligned with how I would versions would expect towork.

from docker-php.

I agree with your proposal, but I think it may be too granular. It's probably best to put the library versions in each release (similar to how S6 Overlay does it)

Id also argue you are currently "missusing" tags a bit, and that woud be more aligned with how I would versions would expect towork.

I see your perspective, but I think it is preference. I think changing repo names at this point would be too much effort for everyone.

Moving forward

I still need to figure out this problem:

• How should tagged versions be handled with security updates?

As of now, anything tagged like serversideup/php:8.1-fpm-nginx gets automatically rebuilt every week with the latest security updates.

If we do serversideup/php:8.1-fpm-nginx-v2.0.0, it will never get an update again. Thoughts?

Here is a diagram to visualize a tag on commit vs a scheduled build.

from docker-php.

Here are my latest thoughts on this. This is how my GitHub Actions Workflows will look like:

Notable enhancements

• Development will all be on the main branch
• Anything on main will go into my "beta" images
• Production images will only be updated on "release"
• There will be two images provided, one for automatic updates, one for user-managed updates (locking in a version)
• All GitHub Actions will use "common files" between eachother to eliminate repeated code

More updates will be posted as I have them, but feel free to chime in if you have any other thoughts/feedback.

from docker-php.

Tagging is now implemented 🥳🚀

I just added this in v2.0.2.

If you want the latest changes

Use tags like:

serversideup/php:8.1-fpm-nginx

If you want to "lock your version"

Use tags like:

serversideup/php:8.1-fpm-nginx-v2.0.2

If you want to "rollback" to the images before the S6 Overlay upgrade

You can use this image like this:

serversideup/php:8.1-fpm-nginx-v1.5.0

Long story short

There's a much cleaner development, testing, and release process compared to before. This will make it easier to bring even more AMAZING updates to these images. I have some awesome ideas in the works 😃🚀

from docker-php.