Binary program to restart unhealthy Docker containers

DeUnhealth

Restart your unhealthy containers safely

Build status

dockeri.co

Last release Last Docker tag Last release size GitHub last release date Commits since release

Latest size

GitHub last commit GitHub commit activity GitHub closed PRs GitHub issues GitHub closed issues

Lines of code Code size GitHub repo size Go version

MIT Visitors count

Features

  • Restart unhealthy containers marked with deunhealth.restart.on.unhealthy=true label
  • Receive Docker events as stream instead of polling periodically
  • Doesn't need network for security purposes
  • Compatible with amd64, 386, arm64, arm32v7, arm32v6, ppc64le, s390x and riscv64 CPU architectures
  • Docker image tags and sizes

Setup

  1. Use the following command:

    docker run -d --network none -v /var/run/docker.sock:/var/run/docker.sock qmcgaw/deunhealth

    You can also use docker-compose.yml with:

    docker-compose up -d
  2. Set labels on containers:

    • To restart containers if they go unhealthy, use the label deunhealth.restart.on.unhealthy=true
  3. You can update the image with docker pull qmcgaw/deunhealth:latest or use one of the tags available. ⚠️ You might want to use tagged images since latest will likely break compatibility until we reach a v1.0.0 release.

Environment variables

Environment variable Default Possible values Description
LOG_LEVEL info debug, info, warning, error Logging level
HEALTH_SERVER_ADDRESS 127.0.0.1:9999 Valid address Health server listening address
TZ America/Montreal string Timezone

Safety

  • The application doesn't need network to reduce the attack surface
  • Since Docker is written in Go, the program is also written in Go and uses the official Docker Go API
  • The Docker container is based on scratch to reduce the attack surface and only contains the static binary
  • The container has to run as root unfortunately 😢

Development

VSCode and Docker

Please refer to the corresponding readme.

Locally

  1. Install Go, Docker and Git

  2. Install Go dependencies with

    go mod download
  3. Install golangci-lint

  4. You might want to use an editor such as Visual Studio Code with the Go extension.

Commands available

# Build the binary
go build cmd/app/main.go
# Test the code
go test ./...
# Lint the code
golangci-lint run
# Build the Docker image
docker build -t qmcgaw/deunhealth .

See Contributing for more information on how to contribute to this repository.

TODOs

  1. Trigger mechanism such that a container restart triggers other restarts
  2. Inject pre-build binary doing a DNS lookup to containers labeled for it and that do not have a healthcheck built in (useful for scratch based images without healthcheck especially)
  3. Integration tests in Go instead of shell script
Owner
Quentin McGaw
Software ninja with an education Happy with Go, React, Flutter and all devops goodies
Quentin McGaw
Comments
  • Docker build fails

    Docker build fails

    Host OS (approximate answer is fine too): Fedora 34

    Is this urgent?: No

    What is the version of the program (See the line at the top of your logs)

    N/A - failure to build current git commit 196b83433

    What's the problem 🤔

    Docker build fails twice:

    docker build -t unhealth .

    1. RUN apk --update add git g++ I think should be apk --no-cache

    2. Not sure what this failure is from:

       go: found github.com/morikuni/aec in github.com/morikuni/aec v1.0.0
       go: found golang.org/x/time/rate in golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
       diff --git a/go.mod b/go.mod
       index c5394ae..bf6c9bd 100644
       --- a/go.mod
       +++ b/go.mod
       @@ -32,6 +32,6 @@ require (
       		golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect
       		golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
       		google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a // indirect
       -       google.golang.org/grpc v1.40.0 // indirect
       +       google.golang.org/grpc v1.41.0 // indirect
       		google.golang.org/protobuf v1.26.0 // indirect
        )
       The command '/bin/sh -c git init &&     git config user.email ci@localhost &&     git config user.name ci &&     git add -A && git commit -m ci &&     sed -i '/\/\/ indirect/d' go.mod &&     go mod tidy &&     git diff --exit-code -- go.mod' returned a non-zero code: 1
      

    Share your logs...

    N/A

  • Feature request: Support for docker socket proxy

    Feature request: Support for docker socket proxy

    What's the feature? 🧐

    Support for docker socket proxy

    With images that support the socket proxy, I can set DOCKER_HOST: tcp://socket-proxy:2375 as an env and then everything works fine.

  • Bug: Server API version too low

    Bug: Server API version too low

    I'm on Docker version 18.09.1, build 4c52b90

    2021/10/17 10:31:15 ERROR Error response from daemon: client version 1.41 is too new. Maximum supported API version is 1.39
    
  • Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.21+incompatible

    Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.21+incompatible

    Bumps github.com/docker/docker from 20.10.9+incompatible to 20.10.21+incompatible.

    Release notes

    Sourced from github.com/docker/docker's releases.

    v20.10.21

    This release of Docker Engine contains updated versions of Docker Compose, Docker Scan, Containerd, added packages for Ubuntu 22.10, and some minor bug fixes and enhancements.

    Client

    • Remove "experimental" gates around "--platform" in bash completion docker/cli#3824.

    Daemon

    • Allow "allow-nondistributable-artifacts" to be configured for Docker Hub moby/moby#44313.
    • Fix an Invalid standard handle identifie panic when registering the docker daemon as a service from a legacy CLI on Windows moby/moby#44326.

    Builder

    • Fix running git commands in Cygwin on Windows moby/moby#44332.
    • Update bundled BuildKit version to to fix "output clipped, log limit 1MiB reached" errors moby/moby#44339.

    Packaging

    • Provide packages for Ubuntu 22.10 "Kinetic Kudu".
    • Update Docker Compose to v2.12.2.
    • Update Docker Scan to v0.21.0.
    • Update containerd (containerd.io package) to v1.6.9.

    v20.10.20

    This release of Docker Engine contains partial mitigations for a Git vulnerability (CVE-2022-39253), and has updated handling of image:tag@digest image references.

    The Git vulnerability allows a maliciously crafted Git repository, when used as a build context, to copy arbitrary filesystem paths into resulting containers/images; this can occur in both the daemon, and in API clients, depending on the versions and tools in use.

    The mitigations available in this release and in other consumers of the daemon API are partial and only protect users who build a Git URL context (e.g. git+protocol://). As the vulnerability could still be exploited by manually run Git commands that interact with and check out submodules, users should immediately upgrade to a patched version of Git to protect against this vulernability. Further details are available from the GitHub blog ("Git security vulnerabilities announced").

    Client

    • Added a mitigation for CVE-2022-39253, when using the classic Builder with a Git URL as the build context.

    Daemon

    ... (truncated)

    Commits
    • 3056208 Merge pull request #44358 from thaJeztah/20.10_backport_busybox_w32_img
    • f99cb82 integration: download busybox-w32 from GitHub Release
    • 24aa4c9 Merge pull request #44353 from thaJeztah/20.10_backport_update_containerd_binary
    • 3f9dc25 update containerd binary to v1.6.9
    • 753cd92 Merge pull request #44326 from thaJeztah/20.10_bump_term_ansiterm
    • 82f583c Merge pull request #44339 from crazy-max/20.10_update_buildkit
    • 87ccd38 vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compatibility
    • e83e465 [20.10] vendor: github.com/moby/buildkit eeb7b65ab7d651770a5ec52a06ea7c96eb97...
    • e3fef9a Merge pull request #44340 from thaJeztah/20.10_backport_skip_tests
    • 9c84417 skip TestImagePullStoredfDigestForOtherRepo() on Windows and rootless
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.21+incompatible

    Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.21+incompatible

    Bumps github.com/moby/moby from 20.10.9+incompatible to 20.10.21+incompatible.

    Release notes

    Sourced from github.com/moby/moby's releases.

    v20.10.21

    This release of Docker Engine contains updated versions of Docker Compose, Docker Scan, Containerd, added packages for Ubuntu 22.10, and some minor bug fixes and enhancements.

    Client

    • Remove "experimental" gates around "--platform" in bash completion docker/cli#3824.

    Daemon

    • Allow "allow-nondistributable-artifacts" to be configured for Docker Hub moby/moby#44313.
    • Fix an Invalid standard handle identifie panic when registering the docker daemon as a service from a legacy CLI on Windows moby/moby#44326.

    Builder

    • Fix running git commands in Cygwin on Windows moby/moby#44332.
    • Update bundled BuildKit version to to fix "output clipped, log limit 1MiB reached" errors moby/moby#44339.

    Packaging

    • Provide packages for Ubuntu 22.10 "Kinetic Kudu".
    • Update Docker Compose to v2.12.2.
    • Update Docker Scan to v0.21.0.
    • Update containerd (containerd.io package) to v1.6.9.

    v20.10.20

    This release of Docker Engine contains partial mitigations for a Git vulnerability (CVE-2022-39253), and has updated handling of image:tag@digest image references.

    The Git vulnerability allows a maliciously crafted Git repository, when used as a build context, to copy arbitrary filesystem paths into resulting containers/images; this can occur in both the daemon, and in API clients, depending on the versions and tools in use.

    The mitigations available in this release and in other consumers of the daemon API are partial and only protect users who build a Git URL context (e.g. git+protocol://). As the vulnerability could still be exploited by manually run Git commands that interact with and check out submodules, users should immediately upgrade to a patched version of Git to protect against this vulernability. Further details are available from the GitHub blog ("Git security vulnerabilities announced").

    Client

    • Added a mitigation for CVE-2022-39253, when using the classic Builder with a Git URL as the build context.

    Daemon

    ... (truncated)

    Commits
    • 3056208 Merge pull request #44358 from thaJeztah/20.10_backport_busybox_w32_img
    • f99cb82 integration: download busybox-w32 from GitHub Release
    • 24aa4c9 Merge pull request #44353 from thaJeztah/20.10_backport_update_containerd_binary
    • 3f9dc25 update containerd binary to v1.6.9
    • 753cd92 Merge pull request #44326 from thaJeztah/20.10_bump_term_ansiterm
    • 82f583c Merge pull request #44339 from crazy-max/20.10_update_buildkit
    • 87ccd38 vendor: moby/term, Azure/go-ansiterm for golang.org/x/sys/windows compatibility
    • e83e465 [20.10] vendor: github.com/moby/buildkit eeb7b65ab7d651770a5ec52a06ea7c96eb97...
    • e3fef9a Merge pull request #44340 from thaJeztah/20.10_backport_skip_tests
    • 9c84417 skip TestImagePullStoredfDigestForOtherRepo() on Windows and rootless
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.20+incompatible

    Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.20+incompatible

    Bumps github.com/docker/docker from 20.10.9+incompatible to 20.10.20+incompatible.

    Release notes

    Sourced from github.com/docker/docker's releases.

    v20.10.20

    This release of Docker Engine contains partial mitigations for a Git vulnerability (CVE-2022-39253), and has updated handling of image:tag@digest image references.

    The Git vulnerability allows a maliciously crafted Git repository, when used as a build context, to copy arbitrary filesystem paths into resulting containers/images; this can occur in both the daemon, and in API clients, depending on the versions and tools in use.

    The mitigations available in this release and in other consumers of the daemon API are partial and only protect users who build a Git URL context (e.g. git+protocol://). As the vulnerability could still be exploited by manually run Git commands that interact with and check out submodules, users should immediately upgrade to a patched version of Git to protect against this vulernability. Further details are available from the GitHub blog ("Git security vulnerabilities announced").

    Client

    • Added a mitigation for CVE-2022-39253, when using the classic Builder with a Git URL as the build context.

    Daemon

    • Updated handling of image:tag@digest references. When pulling an image using the image:tag@digest ("pull by digest"), image resolution happens through the content-addressable digest and the image and tag are not used. While this is expected, this could lead to confusing behavior, and could potentially be exploited through social engineering to run an image that is already present in the local image store. Docker now checks if the digest matches the repository name used to pull the image, and otherwise will produce an error.

    Builder

    • Updated handling of image:tag@digest references. Refer to the "Daemon" section above for details.
    • Added a mitigation to the classic Builder and updated BuildKit to v0.8.3-31-gc0149372, for CVE-2022-39253.

    v20.10.19

    This release of Docker Engine comes with some bug-fixes, and an updated version of Docker Compose.

    Builder

    • Fix an issue that could result in a panic during docker builder prune or docker system prune moby/moby#44122.

    Daemon

    ... (truncated)

    Commits
    • 03df974 Merge pull request #6 from moby/ghsa-ambiguous-pull-by-digest
    • 3adff51 Merge pull request #9 from moby/update_buildkit
    • d7c33ad Merge pull request #8 from moby/20.10_fix_git_file_leak
    • 2f3bf18 [20.10] vendor moby/buildkit v0.8.3-31-gc0149372
    • 4b9902b Validate digest in repo for pull by digest
    • c0d1188 builder: make git config isolation opt-in
    • 9f5f3ab builder: isolate git from local system
    • 10db4c2 builder: explicitly set CWD for all git commands
    • 8816c3c builder: modernize TestCheckoutGit
    • c964641 Merge pull request #44122 from thaJeztah/20.10_bump_buildkit
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.20+incompatible

    Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.20+incompatible

    Bumps github.com/moby/moby from 20.10.9+incompatible to 20.10.20+incompatible.

    Release notes

    Sourced from github.com/moby/moby's releases.

    v20.10.20

    This release of Docker Engine contains partial mitigations for a Git vulnerability (CVE-2022-39253), and has updated handling of image:tag@digest image references.

    The Git vulnerability allows a maliciously crafted Git repository, when used as a build context, to copy arbitrary filesystem paths into resulting containers/images; this can occur in both the daemon, and in API clients, depending on the versions and tools in use.

    The mitigations available in this release and in other consumers of the daemon API are partial and only protect users who build a Git URL context (e.g. git+protocol://). As the vulnerability could still be exploited by manually run Git commands that interact with and check out submodules, users should immediately upgrade to a patched version of Git to protect against this vulernability. Further details are available from the GitHub blog ("Git security vulnerabilities announced").

    Client

    • Added a mitigation for CVE-2022-39253, when using the classic Builder with a Git URL as the build context.

    Daemon

    • Updated handling of image:tag@digest references. When pulling an image using the image:tag@digest ("pull by digest"), image resolution happens through the content-addressable digest and the image and tag are not used. While this is expected, this could lead to confusing behavior, and could potentially be exploited through social engineering to run an image that is already present in the local image store. Docker now checks if the digest matches the repository name used to pull the image, and otherwise will produce an error.

    Builder

    • Updated handling of image:tag@digest references. Refer to the "Daemon" section above for details.
    • Added a mitigation to the classic Builder and updated BuildKit to v0.8.3-31-gc0149372, for CVE-2022-39253.

    v20.10.19

    This release of Docker Engine comes with some bug-fixes, and an updated version of Docker Compose.

    Builder

    • Fix an issue that could result in a panic during docker builder prune or docker system prune moby/moby#44122.

    Daemon

    ... (truncated)

    Commits
    • 03df974 Merge pull request #6 from moby/ghsa-ambiguous-pull-by-digest
    • 3adff51 Merge pull request #9 from moby/update_buildkit
    • d7c33ad Merge pull request #8 from moby/20.10_fix_git_file_leak
    • 2f3bf18 [20.10] vendor moby/buildkit v0.8.3-31-gc0149372
    • 4b9902b Validate digest in repo for pull by digest
    • c0d1188 builder: make git config isolation opt-in
    • 9f5f3ab builder: isolate git from local system
    • 10db4c2 builder: explicitly set CWD for all git commands
    • 8816c3c builder: modernize TestCheckoutGit
    • c964641 Merge pull request #44122 from thaJeztah/20.10_bump_buildkit
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump peter-evans/dockerhub-description from 2.4.3 to 3.1.1

    Build(deps): bump peter-evans/dockerhub-description from 2.4.3 to 3.1.1

    Bumps peter-evans/dockerhub-description from 2.4.3 to 3.1.1.

    Release notes

    Sourced from peter-evans/dockerhub-description's releases.

    Docker Hub Description v3.1.1

    ⚙️ Bumps @actions/core to transition away from deprecated runner commands.

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v3.1.0...v3.1.1

    Docker Hub Description v3.1.0

    ⚙️ The action no longer throws an error when the 25,000 byte content limit is exceeded. The request will be sent to DockerHub's API where DockerHub will truncate it to 25,000 bytes.

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v3.0.0...v3.1.0

    Docker Hub Description v3.0.0

    What's new

    • Updated runtime to Node.js 16
      • The action now requires a minimum version of v2.285.0 for the Actions Runner.
      • If using GitHub Enterprise Server, the action requires GHES 3.4 or later.

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v2.4.3...v3.0.0

    Commits
    • 1488116 Merge pull request #75 from peter-evans/update-distribution
    • 4fd4656 build: update distribution
    • 9404f28 Merge pull request #74 from peter-evans/dependabot/npm_and_yarn/actions/core-...
    • eef18f8 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
    • db792ed ci: update dependabot
    • 4fdf852 docs: add funding
    • bc97286 Merge pull request #73 from peter-evans/update-distribution
    • b2ff61b build: update distribution
    • c908a72 Merge pull request #72 from peter-evans/dependabot/npm_and_yarn/actions/core-...
    • 2c9ccb1 build(deps): bump @​actions/core from 1.6.0 to 1.9.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.19+incompatible

    Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.19+incompatible

    Bumps github.com/moby/moby from 20.10.9+incompatible to 20.10.19+incompatible.

    Release notes

    Sourced from github.com/moby/moby's releases.

    v20.10.18

    This release of Docker Engine comes with a fix for a low-severity security issue, some minor bug fixes, and updated versions of Docker Compose, Docker Buildx, containerd, and runc.

    Client

    Builder

    • Fix an issue where file-capabilities were not preserved during build moby/moby#43876.
    • Fix an issue that could result in a panic caused by a concurrent map read and map write moby/moby#44067

    Daemon

    • Fix a security vulnerability relating to supplementary group permissions, which could allow a container process to bypass primary group restrictions within the container CVE-2022-36109, GHSA-rc4r-wh2q-q6c4.
    • seccomp: add support for Landlock syscalls in default policy moby/moby#43991.
    • seccomp: update default policy to support new syscalls introduced in kernel 5.12 - 5.16 moby/moby#43991.
    • Fix an issue where cache lookup for image manifests would fail, resulting in a redundant round-trip to the image registry moby/moby#44109.
    • Fix an issue where exec processes and healthchecks were not terminated when they timed out moby/moby#44018.

    Packaging

    v20.10.17

    This release of Docker Engine comes with updated versions of the compose, containerd, and runc components, as well as some minor bug fixes.

    Client

    • Remove asterisk from docker commands in zsh completion script docker/cli#3648.

    Networking

    • Fix Windows port conflict with published ports in host mode for overlay moby/moby#43644.
    • Ensure performance tuning is always applied to libnetwork sandboxes moby/moby#43683.

    Packaging

    ... (truncated)

    Commits
    • c964641 Merge pull request #44122 from thaJeztah/20.10_bump_buildkit
    • 3bb9973 Merge pull request #44127 from thaJeztah/20.10_backport_image_spec_no_literal
    • 435c40c Merge pull request #44247 from thaJeztah/20.10_bump_go_1.18.7
    • 11bdbf4 [20.10] Update to go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022...
    • 35eaf7e Merge pull request #44238 from cpuguy83/20.10_fix_restore_volumerefs
    • 66ddb7f Fix live-restore w/ restart policies + volume refs
    • f219cb5 Merge pull request #44218 from thaJeztah/20.10_backport_more_robust_rootless
    • c003392 contrib: make dockerd-rootless-setuptool.sh more robust
    • 53313be docker-rootless-setuptools.sh: use context after install
    • 4163c55 Merge pull request #44202 from crazy-max/20.10_backport_api-fix-logo
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.19+incompatible

    Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.19+incompatible

    Bumps github.com/docker/docker from 20.10.9+incompatible to 20.10.19+incompatible.

    Release notes

    Sourced from github.com/docker/docker's releases.

    v20.10.18

    This release of Docker Engine comes with a fix for a low-severity security issue, some minor bug fixes, and updated versions of Docker Compose, Docker Buildx, containerd, and runc.

    Client

    Builder

    • Fix an issue where file-capabilities were not preserved during build moby/moby#43876.
    • Fix an issue that could result in a panic caused by a concurrent map read and map write moby/moby#44067

    Daemon

    • Fix a security vulnerability relating to supplementary group permissions, which could allow a container process to bypass primary group restrictions within the container CVE-2022-36109, GHSA-rc4r-wh2q-q6c4.
    • seccomp: add support for Landlock syscalls in default policy moby/moby#43991.
    • seccomp: update default policy to support new syscalls introduced in kernel 5.12 - 5.16 moby/moby#43991.
    • Fix an issue where cache lookup for image manifests would fail, resulting in a redundant round-trip to the image registry moby/moby#44109.
    • Fix an issue where exec processes and healthchecks were not terminated when they timed out moby/moby#44018.

    Packaging

    v20.10.17

    This release of Docker Engine comes with updated versions of the compose, containerd, and runc components, as well as some minor bug fixes.

    Client

    • Remove asterisk from docker commands in zsh completion script docker/cli#3648.

    Networking

    • Fix Windows port conflict with published ports in host mode for overlay moby/moby#43644.
    • Ensure performance tuning is always applied to libnetwork sandboxes moby/moby#43683.

    Packaging

    ... (truncated)

    Commits
    • c964641 Merge pull request #44122 from thaJeztah/20.10_bump_buildkit
    • 3bb9973 Merge pull request #44127 from thaJeztah/20.10_backport_image_spec_no_literal
    • 435c40c Merge pull request #44247 from thaJeztah/20.10_bump_go_1.18.7
    • 11bdbf4 [20.10] Update to go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022...
    • 35eaf7e Merge pull request #44238 from cpuguy83/20.10_fix_restore_volumerefs
    • 66ddb7f Fix live-restore w/ restart policies + volume refs
    • f219cb5 Merge pull request #44218 from thaJeztah/20.10_backport_more_robust_rootless
    • c003392 contrib: make dockerd-rootless-setuptool.sh more robust
    • 53313be docker-rootless-setuptools.sh: use context after install
    • 4163c55 Merge pull request #44202 from crazy-max/20.10_backport_api-fix-logo
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump actions/checkout from 2.3.5 to 3.1.0

    Build(deps): bump actions/checkout from 2.3.5 to 3.1.0

    Bumps actions/checkout from 2.3.5 to 3.1.0.

    Release notes

    Sourced from actions/checkout's releases.

    v3.1.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/checkout/compare/v3.0.2...v3.1.0

    v3.0.2

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v3...v3.0.2

    v3.0.1

    v3.0.0

    • Updated to the node16 runtime by default
      • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

    v2.4.2

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v2...v2.4.2

    v2.4.1

    • Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

    v2.4.0

    • Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr
    Changelog

    Sourced from actions/checkout's changelog.

    v3.1.0

    v3.0.2

    v3.0.1

    v3.0.0

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    v2 (beta)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.22+incompatible

    Build(deps): bump github.com/moby/moby from 20.10.9+incompatible to 20.10.22+incompatible

    Bumps github.com/moby/moby from 20.10.9+incompatible to 20.10.22+incompatible.

    Release notes

    Sourced from github.com/moby/moby's releases.

    v20.10.22

    Bug fixes and enhancements

    • Improve error message when attempting to pull an unsupported image format or OCI artifact (moby/moby#44413, moby/moby#44569).
    • Fix an issue where the host's ephemeral port-range was ignored when selecting random ports for containers (moby/moby#44476).
    • Fix ssh: parse error in message type 27 errors during docker build on hosts using OpenSSH 8.9 or above (moby/moby#3862).
    • seccomp: block socket calls to AF_VSOCK in default profile (moby/moby#44564).

    Packaging Updates

    v20.10.21

    This release of Docker Engine contains updated versions of Docker Compose, Docker Scan, Containerd, added packages for Ubuntu 22.10, and some minor bug fixes and enhancements.

    Client

    • Remove "experimental" gates around "--platform" in bash completion docker/cli#3824.

    Daemon

    • Allow "allow-nondistributable-artifacts" to be configured for Docker Hub moby/moby#44313.
    • Fix an Invalid standard handle identifie panic when registering the docker daemon as a service from a legacy CLI on Windows moby/moby#44326.

    Builder

    • Fix running git commands in Cygwin on Windows moby/moby#44332.
    • Update bundled BuildKit version to to fix "output clipped, log limit 1MiB reached" errors moby/moby#44339.

    Packaging

    • Provide packages for Ubuntu 22.10 "Kinetic Kudu".
    • Update Docker Compose to v2.12.2.
    • Update Docker Scan to v0.21.0.
    • Update containerd (containerd.io package) to v1.6.9.

    v20.10.20

    This release of Docker Engine contains partial mitigations for a Git vulnerability (CVE-2022-39253), and has updated handling of image:tag@digest image references.

    The Git vulnerability allows a maliciously crafted Git repository, when used as a build context, to copy arbitrary filesystem paths into resulting containers/images; this can occur in both the daemon, and in API clients, depending on the versions and tools in use.

    ... (truncated)

    Commits
    • 42c8b31 Merge pull request #44656 from thaJeztah/20.10_containerd_binary_1.6.13
    • ff29c40 update containerd binary to v1.6.13
    • 0234322 Merge pull request #44488 from thaJeztah/20.10_backport_update_gotestsum
    • edca413 [20.10] update gotestsum to v1.8.2
    • 6112b23 Merge pull request #44476 from sbuckfelder/20.10_UPDATE
    • 194e73f Merge pull request #44607 from thaJeztah/20.10_containerd_binary_1.6.12
    • a9fdcd5 [20.10] update containerd binary to v1.6.12 (addresses CVE-2022-23471)
    • 48f955d Merge pull request #44597 from thaJeztah/20.10_containerd_1.6.11
    • 50d4d98 Merge pull request #44569 from thaJeztah/20.10_backport_relax_checkSupportedM...
    • 17451d2 Merge pull request #44593 from thaJeztah/20.10_update_go_1.18.9
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.22+incompatible

    Build(deps): bump github.com/docker/docker from 20.10.9+incompatible to 20.10.22+incompatible

    Bumps github.com/docker/docker from 20.10.9+incompatible to 20.10.22+incompatible.

    Release notes

    Sourced from github.com/docker/docker's releases.

    v20.10.22

    Bug fixes and enhancements

    • Improve error message when attempting to pull an unsupported image format or OCI artifact (moby/moby#44413, moby/moby#44569).
    • Fix an issue where the host's ephemeral port-range was ignored when selecting random ports for containers (moby/moby#44476).
    • Fix ssh: parse error in message type 27 errors during docker build on hosts using OpenSSH 8.9 or above (moby/moby#3862).
    • seccomp: block socket calls to AF_VSOCK in default profile (moby/moby#44564).

    Packaging Updates

    v20.10.21

    This release of Docker Engine contains updated versions of Docker Compose, Docker Scan, Containerd, added packages for Ubuntu 22.10, and some minor bug fixes and enhancements.

    Client

    • Remove "experimental" gates around "--platform" in bash completion docker/cli#3824.

    Daemon

    • Allow "allow-nondistributable-artifacts" to be configured for Docker Hub moby/moby#44313.
    • Fix an Invalid standard handle identifie panic when registering the docker daemon as a service from a legacy CLI on Windows moby/moby#44326.

    Builder

    • Fix running git commands in Cygwin on Windows moby/moby#44332.
    • Update bundled BuildKit version to to fix "output clipped, log limit 1MiB reached" errors moby/moby#44339.

    Packaging

    • Provide packages for Ubuntu 22.10 "Kinetic Kudu".
    • Update Docker Compose to v2.12.2.
    • Update Docker Scan to v0.21.0.
    • Update containerd (containerd.io package) to v1.6.9.

    v20.10.20

    This release of Docker Engine contains partial mitigations for a Git vulnerability (CVE-2022-39253), and has updated handling of image:tag@digest image references.

    The Git vulnerability allows a maliciously crafted Git repository, when used as a build context, to copy arbitrary filesystem paths into resulting containers/images; this can occur in both the daemon, and in API clients, depending on the versions and tools in use.

    ... (truncated)

    Commits
    • 42c8b31 Merge pull request #44656 from thaJeztah/20.10_containerd_binary_1.6.13
    • ff29c40 update containerd binary to v1.6.13
    • 0234322 Merge pull request #44488 from thaJeztah/20.10_backport_update_gotestsum
    • edca413 [20.10] update gotestsum to v1.8.2
    • 6112b23 Merge pull request #44476 from sbuckfelder/20.10_UPDATE
    • 194e73f Merge pull request #44607 from thaJeztah/20.10_containerd_binary_1.6.12
    • a9fdcd5 [20.10] update containerd binary to v1.6.12 (addresses CVE-2022-23471)
    • 48f955d Merge pull request #44597 from thaJeztah/20.10_containerd_1.6.11
    • 50d4d98 Merge pull request #44569 from thaJeztah/20.10_backport_relax_checkSupportedM...
    • 17451d2 Merge pull request #44593 from thaJeztah/20.10_update_go_1.18.9
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump actions/checkout from 2.3.5 to 3.2.0

    Build(deps): bump actions/checkout from 2.3.5 to 3.2.0

    Bumps actions/checkout from 2.3.5 to 3.2.0.

    Release notes

    Sourced from actions/checkout's releases.

    v3.2.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/checkout/compare/v3...v3.2.0

    v3.1.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/checkout/compare/v3.0.2...v3.1.0

    v3.0.2

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v3...v3.0.2

    v3.0.1

    v3.0.0

    • Updated to the node16 runtime by default
      • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

    v2.5.0

    What's Changed

    Full Changelog: https://github.com/actions/checkout/compare/v2...v2.5.0

    ... (truncated)

    Changelog

    Sourced from actions/checkout's changelog.

    Changelog

    v3.1.0

    v3.0.2

    v3.0.1

    v3.0.0

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump peter-evans/dockerhub-description from 2.4.3 to 3.1.2

    Build(deps): bump peter-evans/dockerhub-description from 2.4.3 to 3.1.2

    Bumps peter-evans/dockerhub-description from 2.4.3 to 3.1.2.

    Release notes

    Sourced from peter-evans/dockerhub-description's releases.

    Docker Hub Description v3.1.2

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v3.1.1...v3.1.2

    Docker Hub Description v3.1.1

    ⚙️ Bumps @actions/core to transition away from deprecated runner commands.

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v3.1.0...v3.1.1

    Docker Hub Description v3.1.0

    ⚙️ The action no longer throws an error when the 25,000 byte content limit is exceeded. The request will be sent to DockerHub's API where DockerHub will truncate it to 25,000 bytes.

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v3.0.0...v3.1.0

    Docker Hub Description v3.0.0

    What's new

    • Updated runtime to Node.js 16
      • The action now requires a minimum version of v2.285.0 for the Actions Runner.
      • If using GitHub Enterprise Server, the action requires GHES 3.4 or later.

    What's Changed

    Full Changelog: https://github.com/peter-evans/dockerhub-description/compare/v2.4.3...v3.0.0

    Commits
    • 93b9339 Merge pull request #79 from peter-evans/fix-tag-push
    • 3103d14 fix: push all tags
    • 0b9f9c4 Merge pull request #76 from peter-evans/fix-any
    • 3b9f4f2 fix: replace use of any type
    • 1488116 Merge pull request #75 from peter-evans/update-distribution
    • 4fd4656 build: update distribution
    • 9404f28 Merge pull request #74 from peter-evans/dependabot/npm_and_yarn/actions/core-...
    • eef18f8 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
    • db792ed ci: update dependabot
    • 4fdf852 docs: add funding
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump docker/build-push-action from 2.7.0 to 3.2.0

    Build(deps): bump docker/build-push-action from 2.7.0 to 3.2.0

    Bumps docker/build-push-action from 2.7.0 to 3.2.0.

    Release notes

    Sourced from docker/build-push-action's releases.

    v3.2.0

    What's Changed

    Full Changelog: https://github.com/docker/build-push-action/compare/v3.1.1...v3.2.0

    v3.1.1

    Full Changelog: https://github.com/docker/build-push-action/compare/v3.1.0...v3.1.1

    v3.1.0

    • no-cache-filters input by @​crazy-max (#653)
    • Bump @​actions/github from 5.0.1 to 5.0.3 (#619)
    • Bump @​actions/core from 1.6.0 to 1.9.0 (#620 #637)
    • Bump csv-parse from 5.0.4 to 5.3.0 (#623 #650)

    Full Changelog: https://github.com/docker/build-push-action/compare/v3.0.0...v3.1.0

    v3.0.0

    • Node 16 as default runtime by @​crazy-max (#564)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • Standalone mode support by @​crazy-max (#601 #609)
    • chore: update dev dependencies and workflow by @​crazy-max (#571)
    • Bump @​actions/exec from 1.1.0 to 1.1.1 (#573)
    • Bump @​actions/github from 5.0.0 to 5.0.1 (#582)
    • Bump minimist from 1.2.5 to 1.2.6 (#584)
    • Bump semver from 7.3.5 to 7.3.7 (#595)
    • Bump csv-parse from 4.16.3 to 5.0.4 (#533)

    Full Changelog: https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0

    v2.10.0

    • Add imageid output and use metadata to set digest output (#569)
    • Add build-contexts input (#563)
    • Enhance outputs display (#559)

    v2.9.0

    • add-hosts input (#553 #555)
    • Fix git context subdir example and improve README (#552)
    • Add e2e tests for ACR (#548)
    • Add description on github-token option to README (#544)
    • Bump node-fetch from 2.6.1 to 2.6.7 (#549)

    ... (truncated)

    Commits
    • c56af95 Merge pull request #704 from crazy-max/setOutput
    • 75aaa63 Remove workaround for setOutput
    • f97d6e2 Merge pull request #700 from crazy-max/update-docs
    • 47c00d7 ci: secret job to check for invalid secrets
    • 871b930 docs: update links and layout
    • 105bf59 docs: copy between registries with buildx
    • 48888e0 Merge pull request #699 from crazy-max/docs-outputs
    • 6b820ad docs: note about multiple outputs
    • e1a1035 Merge pull request #665 from baibaratsky/patch-1
    • 0f5a7d4 docs: named contexts
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Build(deps): bump docker/login-action from 1.10.0 to 2.1.0

    Build(deps): bump docker/login-action from 1.10.0 to 2.1.0

    Bumps docker/login-action from 1.10.0 to 2.1.0.

    Release notes

    Sourced from docker/login-action's releases.

    v2.1.0

    What's Changed

    • Ensure AWS temp credentials are redacted in workflow logs by @​crazy-max (#275)
    • Bump @​actions/core from 1.6.0 to 1.10.0 (#252 #292)
    • Bump @​aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)
    • Bump @​aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

    Full Changelog: https://github.com/docker/login-action/compare/v2.0.0...v2.1.0

    v2.0.0

    • Node 16 as default runtime by @​crazy-max (#161)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • chore: update dev dependencies and workflow by @​crazy-max (#170)
    • Bump @​actions/exec from 1.1.0 to 1.1.1 (#167)
    • Bump @​actions/io from 1.1.1 to 1.1.2 (#168)
    • Bump minimist from 1.2.5 to 1.2.6 (#176)
    • Bump https-proxy-agent from 5.0.0 to 5.0.1 (#182)

    Full Changelog: https://github.com/docker/login-action/compare/v1.14.1...v2.0.0

    v1.14.1

    • Revert to Node 12 as default runtime to fix issue for GHE users (#160)

    v1.14.0

    • Update to node 16 (#158)
    • Bump @​aws-sdk/client-ecr from 3.45.0 to 3.53.0 (#157)
    • Bump @​aws-sdk/client-ecr-public from 3.45.0 to 3.53.0 (#156)

    v1.13.0

    • Handle proxy settings for aws-sdk (#152)
    • Workload identity based authentication docs for GCR and GAR (#112)
    • Test login against ACR (#49)
    • Bump @​aws-sdk/client-ecr from 3.44.0 to 3.45.0 (#132)
    • Bump @​aws-sdk/client-ecr-public from 3.43.0 to 3.45.0 (#131)

    v1.12.0

    • ECR: only set credentials if username and password are specified (#128)
    • Refactor to use aws-sdk v3 (#128)

    v1.11.0

    • ECR: switch implementation to use the AWS SDK (#126)
    • ecr input to specify whether the given registry is ECR (#123)
    • Test against Windows runner (#126)
    • Update instructions for Google registry (#127)
    • Update dev workflow (#111)
    • Small changes for GHCR doc (#86)
    • Update dev dependencies (#85)
    • Bump ansi-regex from 5.0.0 to 5.0.1 (#101)
    • Bump tmpl from 1.0.4 to 1.0.5 (#100)
    • Bump @​actions/core from 1.4.0 to 1.6.0 (#94 #103)

    ... (truncated)

    Commits
    • f4ef78c Merge pull request #299 from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...
    • 9ad4ce3 Update generated content
    • 884eadd Bump @​aws-sdk/client-ecr-public from 3.53.0 to 3.186.0
    • a266232 Merge pull request #298 from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...
    • f97efcf Update generated content
    • 5ae789b Bump @​aws-sdk/client-ecr from 3.53.0 to 3.186.0
    • 71c23b5 Merge pull request #292 from docker/dependabot/npm_and_yarn/actions/core-1.10.0
    • 6401d70 Update generated content
    • 67e8909 Bump @​actions/core from 1.9.1 to 1.10.0
    • 21f251a Merge pull request #275 from crazy-max/redact-aws-creds
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
A tool to restart a Docker container with a newer version of the image

repull A tool to restart a Docker container with a newer version of an image used by the container Often you may need to pull a newer version of an im

Nov 28, 2022
Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers Benchmark specification
Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers  Benchmark specification

lxd-probe Scan your Linux container runtime !! Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and outp

Dec 26, 2022
Monitoring changes in the source file and automatically compile and run (restart).
Monitoring changes in the source file and automatically compile and run (restart).

dogo Monitoring changes in the source file and automatically compile and run (restart). 中文 Install go get github.com/liudng/dogo Create config Here's

Dec 28, 2022
Simple docker tui to list, start and stop your containers
Simple docker tui to list, start and stop your containers

docker-tui Simple docker tui that lets you list, start and stop your containers. Current status Rough, initial prototype. Build with This tool relies

Dec 2, 2022
A super simple demo to document my journey to reasonably sized docker containers.

hello-docker A super simple demo to document my journey to reasonably sized docker containers. Task at Hand Build a docker container as small as possi

Nov 30, 2021
This repository is where I'm learning to write a CLI using Go, while learning Go, and experimenting with Docker containers and APIs.

CLI Project This repository contains a CLI project that I've been working on for a while. It's a simple project that I've been utilizing to learn Go,

Dec 12, 2021
Build and run Docker containers leveraging NVIDIA GPUs
Build and run Docker containers leveraging NVIDIA GPUs

NVIDIA Container Toolkit Introduction The NVIDIA Container Toolkit allows users to build and run GPU accelerated Docker containers. The toolkit includ

Jan 7, 2023
Docker-NodeJS - Creating a CI/CD Environment for Serverless Containers on Google Cloud Run
Docker-NodeJS - Creating a CI/CD Environment for Serverless Containers on Google Cloud Run

Creating a CI/CD Environment for Serverless Containers on Google Cloud Run Archi

Jan 8, 2022
My Homemade ci-cd service made for docker containers

Docker-CI-CD What Is This? The Docker-CI-CD is a tool that helps you to make every commit and push to your github repositories happen seamlessly and a

Jan 24, 2022
Show dependency graph of docker images/containers
Show dependency graph of docker images/containers

docker-graph Show dependency graph of docker images/containers like this: Orange is images and green is containers. Features Collect docker images, co

Feb 7, 2022
Copy files and artifacts via SSH using a binary, docker or Drone CI.

drone-scp Copy files and artifacts via SSH using a binary, docker or Drone CI. Feature Support routines. Support wildcard pattern on source list. Supp

Dec 6, 2022
Running Go binary into Docker

This go file make a get into an API, that API provides a JSON with a cat information

Feb 7, 2022
Explore Docker registries and manipulate Docker images!
Explore Docker registries and manipulate Docker images!

L/S tags Utility and API to manipulate (analyze, synchronize and aggregate) images across different Docker registries. Example invocation $ lstags alp

Nov 25, 2022
Docker-based remote code runner / 基于 Docker 的远程代码运行器
Docker-based remote code runner / 基于 Docker 的远程代码运行器

Docker-based remote code runner / 基于 Docker 的远程代码运行器

Nov 9, 2022
ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)
ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)

English / 日本語 ecsk ECS + Task = ecsk ?? ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run

Dec 13, 2022
Hassle-free minimal CI/CD for git repositories with docker or docker-compose projects.
Hassle-free minimal CI/CD for git repositories with docker or docker-compose projects.

GIT-PIPE Hassle-free minimal CI/CD for git repos for docker-based projects. Features: zero configuration for repos by default automatic encrypted back

Sep 23, 2022
Tool to convert docker-compose files to set of simple docker commands

docker-decompose Tool to convert docker-compose files to set of simple docker commands. Install Use go get to install the latest version of the librar

Apr 12, 2022
Go-http-server-docker - Simple sample server using docker and go

go-http-server-docker Simple sample webserver using docker and go.

Jan 8, 2022
Docker-hub-rate-limit - Show pulling rate status of Docker-hub

Docker-Hub Pull Rate Status This tool shows current status of docker hub pull ra

Jan 28, 2022