docker - 需要时重建容器
问题描述
解决方案
Running docker build --pull --no-cache
once a week or so is a reasonable compromise. It's highly likely there will be some fix in the OS-level packages in that time frame, so you're going to be restarting the container with a new image to get security updates, which is reasonable. Depending on how often you deploy to production, "on every production deploy" may or may not be a good time to do this as well.
If consistency across environments is important to you, consider using a date-stamped version of the debian
image (FROM debian:stable-20200422
), or building your own base image that you can store in a registry. You can then use a Dockerfile ARG
to specify the date stamp, and if you do that, you never need --no-cache
. (But, you will have to manually discover the current version.)
# Build with
# docker build --build-arg DATE_STAMP=-20200422
# This must have a leading hyphen
ARG DATE_STAMP
FROM debian:stable${DATE_STAMP:-}
For language packages, also consider that most package managers have a lock file that specifies an exact version of packages to use (NPM package-lock.json
, yarn.lock
, Ruby Bundler Gemfile.lock
, Python requirements.txt
or Pipfile.lock
). In these cases you have to run some sort of "update" operation to update the lock file; doing that generates a commit, which triggers the CI system, and a file change, which will invalidate the Docker build cache.
推荐阅读
- android - 关于使用 Fastlane + Gitlab 在 Android Play Store 上上传应用程序
- python - 运行代码时显示错误,我无法弄清楚第二个问题
- sql-server-2019 - 实时监控
- python - 如何基于查找数据框创建数据框并在特定列中的动态和映射值上创建多列
- r - GGPLOT2:使用时间时编辑 x 轴标签的问题
- python-3.x - 在 Python 中将值插入字符串
- c# - 无法验证 api.nuget.org 的证书,由“CN=Microsoft Azure TLS Issuing CA 01,O=Microsoft Corporation,C=US”颁发
- android - 使用 Camera2 api 开始视频录制时,闪光灯关闭
- angular - d3单元测试一些工具提示语句无法覆盖
- javascript - 如何导入猫鼬加密而不是使用“要求”