This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kustomize: support docker digest pinning #8089
Comments
We'd love this feature (and infact it would be required to use renovate)! |
If you set a digest manually then you should find it updates fine after that. This FR is just to automate the state of going from no digest to digest. |
In https://github.com/hashbang/gitops/blob/4df5f4c7f815ed2e993c7e15122bb4f4f60926f2/argocd/kustomization.yaml the images section was not updated, it still contains:
|
digest pinning is currently not supported on kustomize, you can workaround using regex manager. looking into it |
It's partially supported if you put digest to newTag, see #7987 |
We maybe don't support that particular syntax. Can you create a reproduction repo (ie as simple as possible) and crest a separate issue to track? |
Kustomize images are more complicated than i initially thought. This are all working samples taken from here kind: Kustomization
resources:
- deployment.yaml
images:
- name: renovate/renovate
newTag: 19-slim
- name: mariadb
digest: sha256:3f18ce9e12e3ece07029895336f5497eeb2d9cb8fe148cc54d4905f77cbc062d
- name: alpine
newTag: 3.12.2
digest: sha256:25f5332d060da2c7ea2c8a85d2eac623bd0b5f97d508b165f846c7d172897438
- name: postgres
newTag: 11@sha256:b0cfe264cb1143c7c660ddfd5c482464997d62d6bc9f97f8fdf3deefce881a8c
- name: busybox:1.30.0
digest: sha256:e1488cb900233d035575f0a7787448cb1fa93bed0ccc0d4efc1963d7d72a8f17
newTag: 1.32.1
- name: busybox
newName: amd64/busybox:1.30.1
- name: busybox:1.0.0@sha256:e1488cb900233d035575f0a7787448cb1fa93bed0ccc0d4efc1963d7d72a8f17
newName: amd64/busybox:1.1.1@sha256:53071b97a88426d4db86d0e8436ac5c869124d2c414caf4c9e4a4e48769c7f37 For some of them it's not clear what renovate should do. |
If both |
Just wanted to chime in here that I'd love to have this feature for my Kubeflow deployment repository. @viceice Is there any way I can help with #8110 to have this implemented? |
@davidspek You can use my pr / branch as base and try to finish. But there are so many edge cases we need to define before any future work can be done. See my comments above. |
#11153 is a tangential solution if anyone wants to try It skips the hard bits that would fully support pinning:
Aside: it seems everyone who wants this is running Argo. |
Hi there, Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible. Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. To get started, please read our guide on creating a minimal reproduction. We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment. Good luck, The Renovate team |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
What would you like Renovate to be able to do?
Pin digests for docker images in Kustomize
Did you already have any implementation ideas?
Likely we need to use
autoReplaceStringTemplate
The text was updated successfully, but these errors were encountered: