Pin and update Docker image digests in Dockerfiles and compose files
Installation • Usage • Pre-commit
# PyPI
uv tool install pindock
# AUR
yay -S pindock-bin
# Docker
docker pull ghcr.io/deadnews/pindockUsage: pindock <command> [flags]
Pin and update Docker image digests.
Commands:
run Pin unpinned image digests.
check Verify all images are pinned.
run flags:
-C, --dir=. Directory to scan.
-u, --update Also update pinned digests to latest.
-v, --verbose Show all images, including pinned.
check flags:
-C, --dir=. Directory to scan.
-u, --update Also check pinned digests for updates.
-v, --verbose Show all images, including pinned.When no files are given, pindock auto-discovers files recursively.
Dockerfile,Containerfile(and variants likeDockerfile.dev,*.dockerfile)compose*.yml,docker-compose*.yml(and.yaml)
| Dockerfile | Compose |
|---|---|
FROM [--platform=...] image:tag[@digest] [AS name] |
image: image:tag[@digest] |
COPY --from=image:tag[@digest] ... |
|
RUN --mount=from=image:tag[@digest],... ... |
Uses existing Docker credentials. If you can docker pull, pindock works too.
repos:
- repo: https://github.com/deadnews/pindock
rev: v1.0.0
hooks:
- id: pindock
- id: pindock-check
# example with args
- id: pindock-check
args: [--update, --verbose]