Moby: Docker command to check if a local container image is outdated?
Say compared to the remote image on dockerhub. I've been looking for a canonical way of doing this, but all I've been able to find is brittle bash scripts and the like. No official, recommended way of doing performing such a check. A stack overflow question also hasn't resulted in any definitive answers yet. Neither has this similar question.
Being able to verify whether a local image is outdated compared to its remote is pretty useful for development and staging environments (docker-cloud even allows you to set up auto updating containers for this). I know that there is the possibility of using a webhook to trigger a re-pull after a succesfull image build, but let's say I want to be able to initiate the check from my server, instead of having to have it listen.
Am I right in assuming that there is currently no docker command available to perform this check, or have I missed an obvious, docker native solution to this problem?
ismay
All 3 comments
No, there's currently no built-in option to check if an image is "outdated". Automatically updating containers is something that really differs per use-case; "blindly" updating to the latest image is non-trivial. For example some-image:latest can result in a _completely_ different image (e.g. ubuntu:latest refers to the latest "LTS" release, which at some point switched from 14.04 to 16.04), at the same time, some-image:1.2.3 "looks" like a SemVer(ish) tag, but there's no guarantee, because its up to the image-author to decide on both the "tag" scheme, and what it means (basically, tags are just a free form "label").
For this reason, it's recommended to use an immutable identifier for your containers (for example ubuntu@sha256:aabbbcccddd); that allows you to _test_ the exact image version you're running, and have a guarantee that it's the _same_ version as was tested in your QA process.
Having said the above, there are some options;
- when using
docker compose, you candocker-compose pullto pull the latest version of all images used in your compose stack - when _building_ images, you can
docker build --pull .....to force pulling the image defined inFROMbefore starting a build - when using services;
docker service update --force --image foo:bar <servicename>resolves the latest version of the specifiedfoo:barimage, and "pins" all instances of the service to that version
I hope this answers your question. Please keep in mind that the GitHub issue tracker is not intended as a general support forum, but for reporting bugs and feature requests. For other type of questions, consider using one of;
I'm going to close this issue because this is not a bug, but feel free to continue the conversation 👍
thaJeztah
on 21 Mar 2017
There is a difference though between "blindly updating" and just getting notified the remote image changed (using the same tag), so that you can start your build and QA process.
jojomi
on 15 Jan 2018
Indeed. A stable mechanism by which one can detect updates to a container _without re-downloading the entire container every day_ would be awesome.
Security updates are extremely important, and with this feature missing isn't making it any easier to keep up to date.....
sbrl
on 12 Aug 2020
Related issues
kunyan
·
3Comments
nisanharamati
·
3Comments
cefn
·
3Comments
moxiegirl
·
3Comments
xied75
·
3Comments
Most helpful comment
There is a difference though between "blindly updating" and just getting notified the remote image changed (using the same tag), so that you can start your build and QA process.