docker-source-checksum-0.2.0 is not a library.
Deterministic source-based docker image checksum
Use case
You have a CI pipeline that builds a monorepo with many Dockerfiles.
You want to efficiently avoid rebuilding Dockerfiles that haven't changed, even when the rest of the monorepo did.
docker-source-checksum
will calculate a hash of:
Dockerfile
content- all source files referenced by that
Dockerfile
(figured out by parsing it) - any additiona arguments that might affect the build
and then hashing all of these together, to give you deterministic checksum,
before you even attempt to call docker build
. You can use it as a
deterministic content-based ID to avoid rebuilding containers that
were already built (eg. by taging them with that checksum).
Warnings and missing features
- don't use it on untrusted
Dockerfiles
- the exact checksum is not stable yet and can change between versions
["src1", "src", "dst"]
syntax ofADD
andCOPY
is not supported (PRs welcome)- file ownership is ignored
- it was put together in 2 hours, so if you plan to use it in production, maybe... review the code or something and tell me what you think
Having said that, seems to work great.