Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Discussion: Rule 2. Use versioned and automatically built base images #9
One of the things I try to remember do is fork the original Dockerfiles or add reference link in my Dockerfile to the location of the Dockerfile for the the image I am pulling from.
This means I syand a chance of recreating something akin to any base container I pull on from my own copy of the Dockerfile. (Of course, if the Dockerfile uses "latest" package versions, then a build today may result in a container that is different from a build tomorrow.)
When pulling from a tagged/versioned image in a Docker repository, that image may have been built from a Dockerfile that:
So whilst my image may be reproducibly built from my Dockerfile as long as the image I'm building from exists, it may no longer be reproducible if that image disappears, or changes (eg changes because I didn't pin the exact image version ).
Depending on levels of trust, or when working in a closed / private environment, you may want to build your own, versioned image from someone else's Dockerfile (or one you have forked) and then pull on that.
I don't know if there is any emerging practice around archiving software projects that are based around Dockerised environments? I would imagine a complete archiving service might run it's own Dockerhub and push locally built or cloned images to it if that service were making runnable archived environments available?
This I've found to be a bit risky - I've done projects that have parsed thousands of Dockerfiles from Dockerhub between years, and it's astounding how many of them completely go away. I would say that if a user is really interested in using someone else's ML container, they are best to grab the Dockerfile (the entire file) and put it in their repository and then deploy with an automated build. That way, if the Dockerfile / container go away, it's the choice of the creator (and trust isn't placed in someone else).