From 7dd8bf13bead93a7bb05327deeb65b7913e5c687 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@keylocation.sg>
Date: Tue, 24 Oct 2017 05:33:03 +0200
Subject: [PATCH] refactor: add pinDigests configuration option for docker
 (#1033)

---
 docs/configuration.md         |  9 ++++++
 lib/config/definitions.js     |  6 ++++
 lib/workers/package/docker.js | 53 +++++++++++++++++++----------------
 3 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/docs/configuration.md b/docs/configuration.md
index fc09388b31..95a5abea95 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -92,6 +92,7 @@ $ node renovate --help
     --package-files <list>               Package file paths
     --ignore-paths <list>                Skip any package.json whose path matches one of these.
     --ignore-deps <list>                 Dependencies to ignore
+    --pin-digests [boolean]              Whether to add digests to Dockerfile source images
     --pin-versions [boolean]             Convert ranged versions in package.json to pinned versions
     --separate-major-releases [boolean]  If set to false, it will upgrade dependencies to latest release only, and not separate major/minor branches
     --separate-patch-releases [boolean]  If set to true, it will separate minor and patch updates into separate branches
@@ -458,6 +459,14 @@ Obviously, you can't set repository or package file location with this method.
   <td></td>
   <td><td>
 </tr>
+<tr>
+  <td>`pinDigests`</td>
+  <td>Whether to add digests to Dockerfile source images</td>
+  <td>boolean</td>
+  <td><pre>true</pre></td>
+  <td>`RENOVATE_PIN_DIGESTS`</td>
+  <td>`--pin-digests`<td>
+</tr>
 <tr>
   <td>`pinVersions`</td>
   <td>Convert ranged versions in package.json to pinned versions</td>
diff --git a/lib/config/definitions.js b/lib/config/definitions.js
index de02d29e7b..ed3de2f8ad 100644
--- a/lib/config/definitions.js
+++ b/lib/config/definitions.js
@@ -315,6 +315,12 @@ const options = [
     env: false,
   },
   // Version behaviour
+  {
+    name: 'pinDigests',
+    description: 'Whether to add digests to Dockerfile source images',
+    stage: 'package',
+    type: 'boolean',
+  },
   {
     name: 'pinVersions',
     description: 'Convert ranged versions in package.json to pinned versions',
diff --git a/lib/workers/package/docker.js b/lib/workers/package/docker.js
index d8f71989e2..f148442cb4 100644
--- a/lib/workers/package/docker.js
+++ b/lib/workers/package/docker.js
@@ -5,29 +5,34 @@ module.exports = {
 };
 
 async function renovateDockerImage(config) {
-  const newDigest = await dockerApi.getDigest(
-    config.depName,
-    config.currentTag,
-    config.logger
-  );
-  if (!newDigest || config.currentDigest === newDigest) {
-    return [];
+  const { currentTag, logger } = config;
+  const upgrades = [];
+  if (config.pinDigests) {
+    logger.debug('Checking Docker pinDigests');
+    const newDigest = await dockerApi.getDigest(
+      config.depName,
+      currentTag,
+      config.logger
+    );
+    if (newDigest && config.currentDigest !== newDigest) {
+      const upgrade = {};
+      upgrade.newTag = currentTag;
+      upgrade.newDigest = newDigest;
+      upgrade.newVersion = newDigest;
+      upgrade.newFrom = config.depName;
+      if (upgrade.newTag) {
+        upgrade.newFrom += `:${upgrade.newTag}`;
+      }
+      upgrade.newFrom += `@${upgrade.newDigest}`;
+      if (config.currentDigest) {
+        upgrade.type = 'digest';
+        upgrade.isDigest = true;
+      } else {
+        upgrade.type = 'pin';
+        upgrade.isPin = true;
+      }
+      upgrades.push(upgrade);
+    }
   }
-  const upgrade = {};
-  upgrade.newTag = config.currentTag;
-  upgrade.newDigest = newDigest;
-  upgrade.newVersion = newDigest;
-  upgrade.newFrom = config.depName;
-  if (upgrade.newTag) {
-    upgrade.newFrom += `:${upgrade.newTag}`;
-  }
-  upgrade.newFrom += `@${upgrade.newDigest}`;
-  if (config.currentDigest) {
-    upgrade.type = 'digest';
-    upgrade.isDigest = true;
-  } else {
-    upgrade.type = 'pin';
-    upgrade.isPin = true;
-  }
-  return [upgrade];
+  return upgrades;
 }
-- 
GitLab