Skip to content

tib-rijo/alpine_package_pinner

BranchesTags
 
 

Repository files navigation

alpine_package_pinner

MegaLinter

This will consume a text file containing a list of Alpine packages and write a versioned list to a "lock" file that apk can use to install packages.

Running

By default, the script will read ./apk.txt and write to ./apk-lock.txt safely (i.e., if the script is not able to read the contents of the source file or if no versions could be found (typically implying something else being wrong, such as an OS release mismatch), then the output file will not be overwritten.

The script can use the same filename for both input and output; that is, on the input side, it'll filter out the version information while the output won't be written to the filename until the entire input has been read. So, this works:

./alpine_package_pinner.bash -i apk.txt -o apk.txt

Running on non-Alpine

If the branch isn't provided (as an environment variable), then the script will attempt to determine the release of Alpine that's running.

The script doesn't need to be run from Alpine Linux.. if the Alpine release is provided via the -b flag. So, this will run from a system running Ubuntu:

./alpine_package_pinner.bash -b v3.17

Running in Docker

A pre-built image is available on DockerHub and GHCR for x86_64 and amd64 architectures. The following will run it locally:

docker run --rm -it -w "$PWD" -v "$PWD:$PWD" -u "$UID" tib-rijo/alpine_package_pinner -i apk.txt -o apk-lock.txt -b v3.17

Determining Package Versions

The Alpine website is queried and xmllint is used to parse out the results of what would have been a web-submitted query. If the site changes (i.e., if there is no longer a <td> tag with a class of version) then this script will break.

Installing Pinned Packages

xargs apk add < apk-lock.txt

Updating Dockerfiles

The following will retrieve the version of Alpine used in a Dockerfile:

sed -Ene 's/[[:space:]]*from[[:space:]]*alpine:([[:digit:]]*.[[:digit:]]*).*/v\1/Ip' < Dockerfile

From there, one may call the package pinner then add and commit the updated apk-lock.txt file.

There is a sample GitHub Action showing out this could work at update_alpine_dockerfile.yml .

Building container locally

Before building and pushing the image in CI, it can be built locally, also with Podman.

podman build --format docker -t tib-rijo/alpine_package_pinner:latest .
podman run --rm -it -w "$PWD" -v "$PWD:$PWD":z -u 0 tib-rijo/alpine_package_pinner:latest -i apk-lock.txt -o apk-lock.txt -b v3.23

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Shell 97.5%
  • Dockerfile 2.5%