Hello,
I moved my home servers to fedora silverblue and docker-compose (ipv6 reasons :/). I stumpled upon the problem that I neither wanted to update image tags manually, nor have no idea what “:latest” deployed on my server in case I need to roll back.
To alleviate that problem, I made a small update-tool. It takes care of writing down the image@sha256… digest every time so that you can roll back. It also automatically snapshots and restarts the services.
It is made in Python but doesn’t need any dependencies, so no catering for a venv either. You only need to have skopeo and snapper in working order. Maybe you’ll find it useful, but please be aware that it is in an early stage. Also I’m not responsible if it nukes your server 😅
I like the concept, you could also detect the compose file name automatically.
Or write down hashes for tag even if compose don’t use your variables so reading from compose, so people would not need to relay on the script but could use it as additional backup