@dockerforge/cli 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -42,6 +42,7 @@ dockerforge generate . # write files into the current directory
42
42
  dockerforge generate ./app -o ./out # write into a chosen directory
43
43
  dockerforge generate . --print # print the Dockerfile, write nothing
44
44
  dockerforge generate . --json # JSON output for scripts and CI
45
+ dockerforge generate . --pin-digests # resolve Docker Hub base images to sha256 digests
45
46
  ```
46
47
 
47
48
  | Flag | Effect |
@@ -49,6 +50,7 @@ dockerforge generate . --json # JSON output for scripts and CI
49
50
  | `-o, --output <dir>` | Write output to this directory. Defaults to the target path. |
50
51
  | `--print` | Print the Dockerfile to stdout instead of writing files. |
51
52
  | `--json` | Print `{ dockerfile, dockerignore, compose, confidence, improvements }`. |
53
+ | `--pin-digests` | Resolve Docker Hub base-image tags to immutable SHA-256 digests. Makes live registry requests. |
52
54
  | `--stack <name>` | Override stack detection (`node`, `python`, `dotnet`, ...). |
53
55
  | `--port <n>` | Set the exposed port. |
54
56
  | `--no-optimise` | Skip the optimisation pass. |
@@ -58,6 +60,11 @@ The default output is a coloured summary with the detected services, a confidenc
58
60
  warnings. `--json` and `--print` produce plain output with no decoration. Colour turns off when
59
61
  the output is not a terminal or when `NO_COLOR` is set.
60
62
 
63
+ Default generation is offline. `--pin-digests` is opt-in because it contacts Docker Hub to turn
64
+ base-image tags such as `node:20-alpine3.21` into `node:20-alpine3.21@sha256:...`. Digest-pinned
65
+ images stay fixed until you update them, so pair this with Docker Scout, Renovate, Dependabot, or
66
+ another digest refresh process.
67
+
61
68
  After reviewing the generated files, build and run with Docker:
62
69
 
63
70
  ```bash
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dockerforge/cli",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "description": "DockerForge CLI: generate production-grade Dockerfiles, .dockerignore, and Compose from a local project, and lint Dockerfiles (human/JSON/SARIF). Offline.",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Docker Forge",
@@ -44,7 +44,7 @@
44
44
  "sarif"
45
45
  ],
46
46
  "dependencies": {
47
- "@dockerforge/core": "0.2.1",
47
+ "@dockerforge/core": "0.2.2",
48
48
  "commander": "^13.1.0"
49
49
  }
50
50
  }
package/src/index.js CHANGED
@@ -46,6 +46,7 @@ program
46
46
  .option('--no-security', 'Skip security pass')
47
47
  .option('--stack <stack>', 'Hint the stack (node, python, dotnet, ...)')
48
48
  .option('--port <port>', 'Hint the exposed port', (v) => parseInt(v, 10))
49
+ .option('--pin-digests', 'Resolve Docker Hub base-image tags to immutable sha256 digests (network)')
49
50
  .option('--json', 'Output JSON {dockerfile, dockerignore, compose, confidence, improvements}')
50
51
  .action(async (targetPath, opts) => {
51
52
  try {
@@ -61,6 +62,14 @@ program
61
62
  hints,
62
63
  optimise: opts.optimise,
63
64
  security: opts.security,
65
+ pinDigests: opts.pinDigests,
66
+ digestResolver: process.env.DOCKERFORGE_TEST_DIGEST
67
+ ? async (imageRef) => ({
68
+ original: imageRef,
69
+ pinned: `${imageRef}@${process.env.DOCKERFORGE_TEST_DIGEST}`,
70
+ digest: process.env.DOCKERFORGE_TEST_DIGEST,
71
+ })
72
+ : undefined,
64
73
  });
65
74
 
66
75
  // --- machine output: keep byte-identical shape to the old CLI for CI use ---