WUD doesn't understand major-version-only tags?

[ajpanton]

I have a container that pulls images with tag "17-alpine". WUD first suggests "17.2-bookworm", so I added label "wud.tag.include=alpine". Then it suggests "17.2-alpine", which is the exact same version as the one I already have installed, with the same sha256.

Shouldn't it be obvious that "17-alpine" includes all 17.x versions? 17 doesn't mean 17.0. It also shouldn't suggest an update to a version with identical hash.

[fmartinou]

Hi,

By default, hash comparison is not enabled because it involves more requests to the Docker Registry (counted from the Docker Hub quota btw).

About your image, I assume that the image provider is pushing images tagged as:

• $major-alpine
• $major.$minor-alpine
• $major.$minor.$patch-alpine
  ?

If you want to track any update, I'd suggest you to run the image with the patch precision:

services:
  myservice:
    image: myservice:1.2.3-alpine
    labels:
      - 'wud.tag.include=^\d+\.\d+\.\d+-alpine$$'

If you prefer using tags with lower precision, you can though enable digest watching to avoid wud to report an update whereas the new tag is linked to the same hash than the one currently used

services:
  myservice:
    image: myservice:1-alpine
    labels:
      - 'wud.tag.include=^\d+\.\d+\.\d+-alpine$$'
      - wud.watch.digest=true

[ajpanton]

Right, thanks. Without the watch digest label, how does it actually determine if a newer version exists just from the tag? I've searched through the documentation multiple times looking for any mention of this, but can't find anything. Is there some logic that looks for numbers in the tag, and somehow constructs a version from that? Like if I were to just use ":latest", ":release" or ":alpine", I assume it would completely fail, but knowing how it fails would help a lot in setting up this service.

And about digest watching... how many docker registry pulls does it use? One for each tag? If so, how many tags does it check?

I see I can just go to the website and check the manifest digest (it appears to match my containers), and it doesn't seem to count towards my quota.

[fmartinou]

Without the watch digest label, how does it actually determine if a newer version exists just from the tag? I've searched through the documentation multiple times looking for any mention of this, but can't find anything. Is there some logic that looks for numbers in the tag, and somehow constructs a version from that? Like if I were to just use ":latest", ":release" or ":alpine",

By default, wud tries to coerce the tag value to get the semver digits.

If it succeeds, then wud is able to logically compare the tags to find if a greater one exists and what kind of change it is (major, minor...)

If it fails, you can though still helps wud by providing a transform function to get a semver compatible tag even the initial tag is not valid (by using wud.tag.transform)

services:

  searx:
    image: searx/searx:1.0.0-269-7b368146
    labels:
      - wud.tag.include=^\d+\.\d+\.\d+-\d+-.*$$
      - wud.tag.transform=^(\d+\.\d+\.\d+-\d+)-.*$$ => $$1

This example will convert 1.0.0-269-7b368146 (which is not semver valid) to 1.0.0-269 (which is semver valid).

And about digest watching... how many docker registry pulls does it use? One for each tag? If so, how many tags does it check?

That's variable.
If your tag inclusion/exclusion settings is properly defined, you should not get many update candidates.
Then for each of them, it will get the manifest (this call is counted from the quota) and will stop as soon as the first update is found (or until there is no more update candidates to check).

If I can give you any advice; don't use mutable tags at all 😃