As a methodology, I want to use specific versions of all my dependencies: Debian packages, npm packages, or even Docker images.
My build server pulls images on a nightly basis from Docker Hub and creates an installation ISO. I need a way to enable that if I reference a specific Docker Hub image, it will always be the same image.
Let’s look at the Logstash Dockerfile base image:
It depends on Java 8, but not on a specific minor version.
In case that a new Java minor version introduces a breaking change, I want to rely on an image which has a fixed base and cannot change. Meaning, if I pull logstash:1.5.1 every night, it will always be the same and not change its JRE version.
I can take the Logstash Dockerfile, replicate it, and create my own image, basing on a specific base image such as java:8u66-jre.
However, is there any other solution I can use so that I will always be able to pull the exact same image?