eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/zot/pin-container-versions.md
Erich Blume 16a804b80b Pin container versions for devpi, cv, and quartz 
- devpi: Pin devpi-server==6.19.1 and devpi-web==5.0.1
- cv: Add ARG CV_VERSION=1.0.3 (matches latest Forgejo package release)
- quartz: Pin nginx base to 1.28.2-alpine (ARG NGINX_VERSION)
- Update service-versions.yaml with correct version values
- Mark pin-container-versions Mikado card as complete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 20:13:48 -08:00

2.5 KiB
Raw Blame History

title modified tags
Pin Container Versions 2026-02-20
how-to
containers
ci
zot

Pin Container Versions

Ensure every container has an explicit, parseable version declaration so that add-container-version-sync-check has something to validate against.

Context

Discovered during analysis of adopt-commit-based-container-tags: most containers already have version ARGs (miniflux, navidrome, ntfy, etc.), but several do not. Without explicit versions in the build files, there is nothing for a VERSION file to sync against.

Containers Needing Work

devpi — Pin pip dependencies

Currently installs devpi-server and devpi-web without version pins:

RUN pip install --no-cache-dir devpi-server devpi-web

Add version ARGs and pin:

ARG DEVPI_SERVER_VERSION=6.12.1
ARG DEVPI_WEB_VERSION=4.2.2
RUN pip install --no-cache-dir \
    devpi-server==${DEVPI_SERVER_VERSION} \
    devpi-web==${DEVPI_WEB_VERSION}

The VERSION file will track devpi-server as the primary version.

cv — Add internal version ARG

Thin nginx wrapper that downloads content at runtime. No upstream app to track — the version reflects the container definition itself:

ARG CV_VERSION=0.1.0

Bump when the Dockerfile or scripts change.

quartz — Add internal version ARG

Same pattern as cv:

ARG QUARTZ_VERSION=0.1.0

nettest — Already handled

Utility container with no upstream. Will use 0.1.0 in VERSION file. No Dockerfile ARG needed since there's nothing to pin — the Dockerfile just installs Alpine packages at whatever version Alpine ships. The sync check can skip the Dockerfile ARG validation for containers without a *_VERSION ARG.

forgejo-runner — Already handled

Has ARG DAGGER_VERSION=0.19.11 as its primary version. Good enough.

Key Files

File Change
containers/devpi/Dockerfile Pin devpi-server and devpi-web versions
containers/cv/Dockerfile Add ARG CV_VERSION
containers/quartz/Dockerfile Add ARG QUARTZ_VERSION

Verification

  • Every container Dockerfile either has a *_VERSION ARG or is documented as version-exempt (nettest)
  • devpi container builds with pinned versions
  • cv and quartz containers still build and serve correctly

Related