From 4c0b29ed03871fb998a79c4e1f923dd829207780 Mon Sep 17 00:00:00 2001 From: Ryan Pham Date: Sat, 25 Jan 2025 15:35:02 +0900 Subject: [PATCH 1/2] [docs/integration/docker] add sha pinning tip As requested in https://github.com/astral-sh/uv/issues/6565, this adds a tip discussing the ability to pin the image to a specific SHA digest and why it may be useful. --- docs/guides/integration/docker.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/guides/integration/docker.md b/docs/guides/integration/docker.md index 45ab9a257e31c..1ccfc9d109c46 100644 --- a/docs/guides/integration/docker.md +++ b/docs/guides/integration/docker.md @@ -110,6 +110,18 @@ In either case, it is best practice to pin to a specific uv version, e.g., with: COPY --from=ghcr.io/astral-sh/uv:0.5.24 /uv /uvx /bin/ ``` +!!! tip + + While the Dockerfile example above pins to a specific tag, it's also + possible to pin a specific SHA256. Pinning a specific SHA256 is considered + best practice in environments that require reproducible builds as tags can + be moved across different commit SHAs. + + ```Dockerfile + # The sha256 for 0.5.24 + COPY --from=ghcr.io/astral-sh/uv@sha256:2381d6aa60c326b71fd40023f921a0a3b8f91b14d5db6b90402e65a635053709 /uv /uvx /bin/ + ``` + Or, with the installer: ```dockerfile From 9cb41e219d81706161ba3cf0dc7502a67999ec55 Mon Sep 17 00:00:00 2001 From: Zanie Blue Date: Mon, 27 Jan 2025 12:28:24 -0600 Subject: [PATCH 2/2] Update docs/guides/integration/docker.md --- docs/guides/integration/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/integration/docker.md b/docs/guides/integration/docker.md index 1ccfc9d109c46..4720db3fb4a67 100644 --- a/docs/guides/integration/docker.md +++ b/docs/guides/integration/docker.md @@ -118,7 +118,7 @@ COPY --from=ghcr.io/astral-sh/uv:0.5.24 /uv /uvx /bin/ be moved across different commit SHAs. ```Dockerfile - # The sha256 for 0.5.24 + # e.g., using a hash from a previous release COPY --from=ghcr.io/astral-sh/uv@sha256:2381d6aa60c326b71fd40023f921a0a3b8f91b14d5db6b90402e65a635053709 /uv /uvx /bin/ ```