According to me , it will be best for you to keep your Dockerfile with the source code. We use labels to add versioning info to the produced image. We add:
- the git commit and branch
- whether it's "dirty" meaning that changes were made locally on the src code from what's in git
- a CI version number (publicly visible)
- the person who built the image (not the person who last checked in git)
We also tag the image with the commit number.
Here's our code for one of our services. We're using Buildkite for our CI and Quay.io for our image registry.
build-image.sh
echo '===> Building docker image...'
GIT_BRANCH=$(git name-rev --name-only HEAD | sed "s/~.*//")
GIT_COMMIT=$(git rev-parse HEAD)
GIT_COMMIT_SHORT=$(echo $GIT_COMMIT | head -c 8)
GIT_DIRTY='false'
BUILD_CREATOR=$(git config user.email)
BUILD_NUMBER="${BUILDKITE_BUILD_NUMBER-0}"
# Whether the repo has uncommitted changes
if [[ $(git status -s) ]]; then
GIT_DIRTY='true'
fi
docker build \
-q \
-t quay.io/myco/servicename:latest \
-t quay.io/myco/servicename:"$GIT_COMMIT_SHORT" \
--build-arg GIT_BRANCH="$GIT_BRANCH" \
--build-arg GIT_COMMIT="$GIT_COMMIT" \
--build-arg GIT_DIRTY="$GIT_DIRTY" \
--build-arg BUILD_CREATOR="$BUILD_CREATOR" \
--build-arg BUILD_NUMBER="$BUILD_NUMBER" \
.
echo "Done"
echo "Push to quay using:"
echo " docker push quay.io/myco/servicename:latest"
echo " docker push quay.io/myco/servicename:$GIT_COMMIT_SHORT"
Dockerfile
FROM ...
ARG GIT_COMMIT
ARG GIT_BRANCH=master
ARG GIT_DIRTY=undefined
ARG BUILD_CREATOR
ARG BUILD_NUMBER
LABEL branch=$GIT_BRANCH \
commit=$GIT_COMMIT \
dirty=$GIT_DIRTY \
build-creator=$BUILD_CREATOR \
build-number=$BUILD_NUMBER
... etc
Then you can make scripts that check the version of your image. Eg:
docker inspect --format "{{.ContainerConfig.Labels.commit}}" image
I hope the above information will be helpful for you.
