Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
docker-image-publish
Advanced tools
A script to build, tag and publish docker images with version labels and dev suffix, base on the source git branch.
A script to build, tag and publish docker images with version labels and dev suffix, base on the source git branch.
It can be configured by env vars or pakege.json
entries.
APP_NAME
VERSION
PRODUCTION_BRANCH
DOCKER_REPO
: can be a comma separated list of repositories.DOCKER_GROUP
IS_LATEST
: accepts true
, false
or empty.pakege.json
{
"name": "app-name", // Will be used if it's not a git repo with a remote named "origin".
"version": "0.1.2",
...
"docker-repo": "registry.example.com,gcr.io/my-id",
"docker-group": "group-name",
"production-branch": "master",
"scripts": {
...
"docker:build:info": "docker-build-info",
"docker:build": "npm run -s build && docker-build",
"docker:push": "docker-push",
"docker:release": "npm run -s docker:build && docker-push",
"docker:release:latest": "npm run -s docker:build --latest && docker-push --latest",
"docker:run": ". docker-commom; docker run -p ${PORT:-8080}:80 $DOCKER_IMG",
"docker:run:sh": ". docker-commom; docker run -p ${PORT:-8080}:80 -it $DOCKER_IMG sh",
}
...
}
--latest
: Adds a "latest" tag to the publishing list.--append-commit-hash
: Adds the current git's commit hash to the full version tag.--append-timestamp
: Adds the current UTC time to the full version tag.Useful for tasks inside GitLab-CI and other ephemeral environments.
curl https://ntopus.gitlab.io/docker-image-publish/publish.sh |
APP_NAME=my-app VERSION=0.0.0 PRODUCTION_BRANCH=main \
DOCKER_REPO=docker.io DOCKER_GROUP=my-name | sh -e
This will run docker-build-info && docker-build && docker-push
If you want to know what you will get published, you can run docker-build-info
with any optional argument. The generate tags will be used by docker-build
and docker-push
.
Running without arguments will result in something alike:
• From version 0.1.2 was parsed: MAJOR:0 MINOR:1 PATCH:2
• The production branch is master, so it has no sufix.
• It will building docker image: app-name:0.1.2
• The repos to publish are:
• registry.example.com
• gcr.io/my-id
• The tags are:
• group-name/app-name:0
• group-name/app-name:0.1
• group-name/app-name:0.1.2
FAQs
A script to build, tag and publish docker images with version labels and dev suffix, base on the source git branch.
The npm package docker-image-publish receives a total of 24 weekly downloads. As such, docker-image-publish popularity was classified as not popular.
We found that docker-image-publish demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.