From 01f90648ccd71eadb981e771bad0a5d365934752 Mon Sep 17 00:00:00 2001 From: Ramon Smits <ramon.smits@gmail.com> Date: Fri, 14 Feb 2025 13:40:53 +0100 Subject: [PATCH] Docker tag usage (#639) * Docker tag usage * Update README.md * Update README.md * Changed based on feedback * Feedback --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index b9bc9581..07b6c14c 100644 --- a/README.md +++ b/README.md @@ -165,15 +165,42 @@ For easy deployment, we've created an official Docker container. There are two v The default one will run as `root`: +> [!WARNING] +> It is discouraged to use `latest` tag for WatchTower or similar tools. The `latest` tag can reference unreleased developer, test builds, and patch releases for older versions. Use an actual version tag until transfer.sh supports major or minor version tags. + ```bash docker run --publish 8080:8080 dutchcoders/transfer.sh:latest --provider local --basedir /tmp/ ``` +### No root + +The `-noroot` tags indicate image builds that run with least priviledge to reduce the attack surface might an application get compromised. +> [!NOTE] +> Using `-noroot` is **recommended** + The one tagged with the suffix `-noroot` will use `5000` as both UID and GID: ```bash docker run --publish 8080:8080 dutchcoders/transfer.sh:latest-noroot --provider local --basedir /tmp/ ``` +> [!NOTE] +> Development history details at: +> - https://github.com/dutchcoders/transfer.sh/pull/418 + +### Tags + +Name | Usage +--|-- +latest| Latest CI build, can be nightly, at commit, at tag, etc. +latest-noroot| Latest CI build, can be nightly, at commit, at tag, etc. using [no root] +nightly| Scheduled CI build every midnight UTC +nightly-noroot| Scheduled CI build every midnight UTC using [no root] +edge| Latest CI build after every commit on `main` +edge-noroot| Latest CI build after every commit on `main` using [no root] +x.y.z| CI build after tagging a release +x.y.z-noroot| CI build after tagging a release using [no root] + + ### Building the Container You can also build the container yourself. This allows you to choose which UID/GID will be used, e.g. when using NFS mounts: ```bash -- GitLab