This directory contains directories and Dockerfiles for the custom images used in the app's CI pipeline on CircleCI. When upgrading ruby, it is best to copy the folder and name it according to the CircleCI base image you are using.
To upgrade the docker image you must have an account on DockerHub and docker installed on your computer (Install instructions are here. You can then run the following steps.
- Create a new directory and copy an existing Dockerfile into the new directory as described above.
- "cd" into that directory and modify the Dockerfile to point to the correct base image.
- Log in to DockerHub
docker login -u <username>
- Build the docker image (replace
<tag>below with for example2.5.1-stretch.docker build -t <username>/cii-bestpractices:<tag> .
- Push your image.
docker push <username>/cii-bestpractices:<tag>
Once completed you must then update .circleci/config.yml to use the new image.
You should also add your new/updated Dockerfile to version control.
Note that, as required by OpenSSF Scorecard, you should pin the dependencies to specific hash values instead of versions, so that changes (which might be malicious) won't be silently accepted. See the existing Dockerfile(s) and CircleCI configuration file for how to do that.