Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
By Sarah Gooding - Dec 03, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
docker-image-publish
Advanced tools
docker-image-publish
A script to build, tag and publish docker images with version labels and dev suffix, base on the source git branch.
Docker Image Publish
A script to build, tag and publish docker images with version labels and dev suffix, base on the source git branch.
It can be configured by env vars or pakege.json entries.
The env vars
APP_NAMEVERSIONPRODUCTION_BRANCHDOCKER_REPO: can be a comma separated list of repositories.DOCKER_GROUPIS_LATEST: acceptstrue,falseor empty.
The equivalent configuration in a pakege.json
{
"name": "app-name", // Will be used if it's not a git repo with a remote named "origin".
"version": "0.1.2",
...
"docker-repo": "registry.example.com,gcr.io/my-id",
"docker-group": "group-name",
"production-branch": "master",
"scripts": {
...
"docker:build:info": "docker-build-info",
"docker:build": "npm run -s build && docker-build",
"docker:push": "docker-push",
"docker:release": "npm run -s docker:build && docker-push",
"docker:release:latest": "npm run -s docker:build --latest && docker-push --latest",
"docker:run": ". docker-commom; docker run -p ${PORT:-8080}:80 $DOCKER_IMG",
"docker:run:sh": ". docker-commom; docker run -p ${PORT:-8080}:80 -it $DOCKER_IMG sh",
}
...
}
Optional features enabled by cli arguments
--latest: Adds a "latest" tag to the publishing list.--append-commit-hash: Adds the current git's commit hash to the full version tag.--append-timestamp: Adds the current UTC time to the full version tag.
Using without installing
Useful for tasks inside GitLab-CI and other ephemeral environments.
curl https://ntopus.gitlab.io/docker-image-publish/publish.sh |
APP_NAME=my-app VERSION=0.0.0 PRODUCTION_BRANCH=main \
DOCKER_REPO=docker.io DOCKER_GROUP=my-name | sh -e
This will run docker-build-info && docker-build && docker-push
Debugging
If you want to know what you will get published, you can run docker-build-info with any optional argument. The generate tags will be used by docker-build and docker-push.
Running without arguments will result in something alike:
• From version 0.1.2 was parsed: MAJOR:0 MINOR:1 PATCH:2
• The production branch is master, so it has no sufix.
• It will building docker image: app-name:0.1.2
• The repos to publish are:
• registry.example.com
• gcr.io/my-id
• The tags are:
• group-name/app-name:0
• group-name/app-name:0.1
• group-name/app-name:0.1.2
FAQs
A script to build, tag and publish docker images with version labels and dev suffix, base on the source git branch.
We found that docker-image-publish demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024