docker-lock
Our great sponsors
docker-lock | renovate | |
---|---|---|
3 | 12 | |
424 | - | |
1.2% | - | |
0.0 | - | |
3 months ago | - | |
Go | ||
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-lock
-
:latest or :version for supporting services?
I do both! I tag my services with :latest, then use docker-lock. It scans your docker and docker-compose, generates a lock file and adds the current sha to git. That lets me freely update because I can always go get the previous version from git, rollback, and pin the version for that specific container if there is a problem. It really is the best of both worlds.
-
Keeping Up with Docker Official Images
Nice! I was thinking about building something similar -- just filed an issue for how you might extend this to work for migrating registries.
Pleasantly surprised to come across this PR: https://github.com/safe-waters/docker-lock/pull/73
This is a perfect application of crane :)
renovate
-
Understanding Mend Renovate's Pull Request Workflow
Navigate to the Mend Renovate App on the GitHub Marketplace: https://github.com/apps/renovate.
-
:latest or :version for supporting services?
You commit your docker-compose.yml file(s) to a GitHub repo (don't commit secrets!!), then add the Renovate App to your repo, merge the onboarding PR, then you'll get PRs when an image is updated.
-
Renovate app vs Github Action
I can't figure out and my google-fu is failing but what is the difference between using the Renovate App [https://github.com/apps/renovate] and using the Action [https://github.com/renovatebot/github-action]
-
Automatically Updating Helm Chart Referenced in Argo CD Using Renovate - Part 2
renovate[bot] posted on May 05, 2023
-
How can I get all the repositories for which an app/bot is installed?
I want to gather some statistics to see for example how many repositories have installed Renovate: https://github.com/apps/renovate
-
Axios shipped a buggy version and it broke many productions apps. Let this be a lesson to pin your dependencies!
Use a dependency updater like dependabot or https://github.com/apps/renovate.
-
Automating Dependency Management Using Renovate
On the GitHub Marketplace, search for the Renovate app and click install. Select the organization or account where you wish to install Renovate. Next, choose whether to install Renovate across all of your repositories or just one particular one. We will only select one repository in this article.
-
Renovate, a Dependabot alternative
It's a breeze to set up Renovate on your repositories. Just browse the GitHub Renovate app and click on the big gree Install button in the top right corner. Choose which organization and which repositories you'll install Renovate in.
-
A cutting edge guide to maintaining your open source project
Firstly, you'd want to integrate Renovate with your GitHub account from here. Then click install, and follow the steps as instructed. While configuring, Renovate lets you decide, if it should run on all the repositories by default or to run on only on specified repositories, select the option as you wish (Note: If you'd want, Renovate to run on forked repositories, Selecting All repositories would skip forked repos by default, in such cases, you'd want to manually add the forked repo(s)). Soon after setting up Renovate with the required repositories, an onboarding PR is submitted by the Renovate bot which contains information like configuration summary and what packages/dependencies are supposed to be upgraded. For demonstration purposes, I've forked a repo from my GitHub account that is supposedly a mobile application built on React Native, which is no longer maintained, so it'd serve as a good example to test on. If you follow the above steps correctly, you should see an onboarding PR similar to this:
-
5 developer tools for detecting and fixing security vulnerabilities
Setting up Renovate is a matter of installing the hosted app, and configuring it by adding a renovate.json in the root of the repository. You can also install and run the Renovate CLI tool to get feedback on all your commits.
What are some alternatives?
image-spec - OCI Image Format
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
go-containerregistry - Go library and CLIs for working with container registries
github-actions-and-renovate
Diun - Receive notifications when an image is updated on a Docker registry
up-to-date-react-template - ♻ An Always up-to-date React template with Typescript, Jest, Prettier, Github Actions and Renovate
athenapdf - Drop-in replacement for wkhtmltopdf built on Go, Electron and Docker
opentelemetry-tracing - Demo for end-to-end tracing via OpenTelemetry
traefik - The Cloud Native Application Proxy
renovate - Universal dependency automation tool.
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
renovate-runner