Docker image rollback: best practices

Hello,

Let say I have a container running a third party image from the public registry.

For security reasons, I update the image using docker pull every night via cron.
(I could also use watchtower or any similar software)

But for now I just have a cron job doing:

docker pull owner/image:latest
docker restart my_container

So far, so good.

Now, imagine that yesterday, owner pushed to the public registry a bugged verson of his image.
Of course, my cron updated the image and restarted the container.
Now the container is no more working as it is using the latest bugged version of owner/image

What I’m trying to achieve is to be able to run my container on the previous image that was working (which is no more available on the public registry as latest).

How would you do this ?
Tag the working image as “good” before pulling and thus can revert to this tag in case of bugged image ?
Perform docker save / docker load ?
Use a private registry ?
Any other idea ?

Thanks for any advice / experience on this matter.

Regards,

Himred

IMHO docker restart just restarts your container and doesn’t build a new container from your image.

Pardon the necrobump, but this is pretty high up in the search results and has no solution here, so thought it might be useful to point people at this: Updating and Backing Up Docker Containers With Version Control