The docker images should be re-built automatically on upstream changes and on schedule to ensure that security updates get installed.
Context
Normally (without Docker) security updates and other important updates are installed on a regular basis. With Docker that is not the case, the packages are installed when the image is built. The best practice is to install updates by rebuilding the image and restarting the containers, getting the security updates in place. We don't do that as far as I can see, the image is only built when there are changes in the code. In times of active development that works, but when there are no changes for a while it can be dangerous from a security perspective.
Expected Behavior
The image (at least latest) should be rebuilt on a regular basis.
Actual Behavior
The image is only updated when there is a new commit.
Possible Fix
It is possible to enable automatic builds in Docker hub. That way the image(s) can be built both when the code changes and when there are upstream changes. There is no built-in way to trigger regular builds, but it is possible to trigger a build with a curl command. I can run that command on one of my servers or someone else can do it; however, only the owner of the Docker account can setup the build and get the token for the curl command.
Steps to Reproduce
N/A
Your Environment
N/A
The docker images should be re-built automatically on upstream changes and on schedule to ensure that security updates get installed.
Context
Normally (without Docker) security updates and other important updates are installed on a regular basis. With Docker that is not the case, the packages are installed when the image is built. The best practice is to install updates by rebuilding the image and restarting the containers, getting the security updates in place. We don't do that as far as I can see, the image is only built when there are changes in the code. In times of active development that works, but when there are no changes for a while it can be dangerous from a security perspective.
Expected Behavior
The image (at least latest) should be rebuilt on a regular basis.
Actual Behavior
The image is only updated when there is a new commit.
Possible Fix
It is possible to enable automatic builds in Docker hub. That way the image(s) can be built both when the code changes and when there are upstream changes. There is no built-in way to trigger regular builds, but it is possible to trigger a build with a curl command. I can run that command on one of my servers or someone else can do it; however, only the owner of the Docker account can setup the build and get the token for the curl command.
Steps to Reproduce
N/A
Your Environment
N/A