From 90a4178c7a8fde7fabae25ea97b5e5879ba165a0 Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 28 Jan 2025 03:29:23 +0900 Subject: [PATCH] [docs/integration/docker] add sha pinning tip (#10955) ## Summary As requested in https://github.com/astral-sh/uv/issues/6565, this adds a tip discussing the ability to pin the image to a specific SHA digest and why it may be useful. ## Test Plan Start serving the documentation locally ```shell uvx --with-requirements docs/requirements.txt -- mkdocs serve -f mkdocs.public.yml ``` Then navigate to http://127.0.0.1:8000/uv/guides/integration/docker/ to see the tool tip being rendered properly --------- Co-authored-by: Zanie Blue --- docs/guides/integration/docker.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/guides/integration/docker.md b/docs/guides/integration/docker.md index 45ab9a257..4720db3fb 100644 --- a/docs/guides/integration/docker.md +++ b/docs/guides/integration/docker.md @@ -110,6 +110,18 @@ In either case, it is best practice to pin to a specific uv version, e.g., with: COPY --from=ghcr.io/astral-sh/uv:0.5.24 /uv /uvx /bin/ ``` +!!! tip + + While the Dockerfile example above pins to a specific tag, it's also + possible to pin a specific SHA256. Pinning a specific SHA256 is considered + best practice in environments that require reproducible builds as tags can + be moved across different commit SHAs. + + ```Dockerfile + # e.g., using a hash from a previous release + COPY --from=ghcr.io/astral-sh/uv@sha256:2381d6aa60c326b71fd40023f921a0a3b8f91b14d5db6b90402e65a635053709 /uv /uvx /bin/ + ``` + Or, with the installer: ```dockerfile