Bill/docker-compose-config-skill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use pinned version tags, remove SHA256 digests

Browse Source 
SHA256 digests are managed automatically by Renovate bot.
Images should use pinned version tags (never `latest`).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Bill Ballou
2025-12-30 16:50:32 -05:00
parent e769526b13
commit 3c1ed0a78b
2 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
SKILL.md
View File

@@ -33,7 +33,7 @@ name: <project-name>
services: services:
<service-name>: <service-name>:
container_name: <service_container> container_name: <service_container>
image: <registry>/<image>:<version>@sha256:<digest> image: <registry>/<image>:<version>
environment: environment:
PUID: ${UID} PUID: ${UID}
PGID: ${GID} PGID: ${GID}
@@ -57,10 +57,12 @@ networks:
### Key Patterns ### Key Patterns
1. **Image pinning**: Use SHA256 digests for reproducibility 1. **Image versioning**: Always use pinned version tags (never `latest`)
```yaml ```yaml
image: ghcr.io/org/image:v1.0.0@sha256:abc123... image: ghcr.io/org/image:v1.0.0
image: lscr.io/linuxserver/app:2.5.1
``` ```
Note: SHA256 digests are managed automatically by Renovate bot and should not be added manually.
2. **Port defaults**: Always provide defaults for ports 2. **Port defaults**: Always provide defaults for ports
```yaml ```yaml

12
references/examples.md
View File

@@ -42,7 +42,7 @@ services:
redis: redis:
container_name: immich_redis container_name: immich_redis
image: registry.redict.io/redict:7.3.6@sha256:2a99f322eed7... image: registry.redict.io/redict:7.3.6
restart: always restart: always
volumes: volumes:
- redis-data:/data - redis-data:/data
@@ -51,7 +51,7 @@ services:
database: database:
container_name: immich_postgres container_name: immich_postgres
image: ghcr.io/immich-app/postgres:16-vectorchord0.3.0@sha256:5b434f184ec... image: ghcr.io/immich-app/postgres:16-vectorchord0.3.0
environment: environment:
POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME} POSTGRES_USER: ${DB_USERNAME}
@@ -78,7 +78,7 @@ networks:
```yaml ```yaml
services: services:
swag: swag:
image: lscr.io/linuxserver/swag:5.2.2@sha256:c8afbd137c2f... image: lscr.io/linuxserver/swag:5.2.2
container_name: swag container_name: swag
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
@@ -116,7 +116,7 @@ networks:
```yaml ```yaml
services: services:
jellyfin: jellyfin:
image: lscr.io/linuxserver/jellyfin:10.11.4@sha256:234ea8d508b2... image: lscr.io/linuxserver/jellyfin:10.11.4
container_name: jellyfin container_name: jellyfin
runtime: nvidia runtime: nvidia
environment: environment:
@@ -146,7 +146,7 @@ services:
```yaml ```yaml
services: services:
deluge: deluge:
image: binhex/arch-delugevpn:latest@sha256:2ff474cba3af... image: binhex/arch-delugevpn:2.1.2-2-01
container_name: deluge container_name: deluge
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
@@ -171,7 +171,7 @@ services:
```yaml ```yaml
services: services:
database: database:
image: postgres:18.1@sha256:5ec39c188013... image: postgres:18.1
container_name: app-db container_name: app-db
restart: unless-stopped restart: unless-stopped
environment: environment: