We have the joke at work where it almost works all the time. As long as the base OS is the same. Also random updates to libraries that break the docker container. But thats less on Docker and more on base OS images that are provided (im looking at you Ubuntu and your "new" sudo...).

[–] Whelks_chance@lemmy.world 9 points 1 month ago (3 children)

And the discussion on whether or not to pin versions.

Pinned, these packages work together, but don't automatically pull in security updates.

Don't pin, things randomly change on each build, best of luck debugging things.

[–] mesamunefire@piefed.social 8 points 1 month ago

Oh yeah those are fun. Ive come across projects just 6 months after creation that cant work if they have a small version update. So it just sits there for a LONG time before a senior dev (mostly me) decides to get grumpy and fix the dang thing.

CI/CD builds can help....but you have to have someone keep an eye out for potential issues and, in best case, have a development deploy actually test the dang things.

[–] kionay@lemmy.world 2 points 1 month ago

I had success running unit tests for software deployments in pairs, one with pinned versions (error on a failed build) and one unpinned (warning on a failed build)

so at least you get forewarning when an upstream dependency messes everything up, and if the software changes are somewhat regular than each log of pipeline runs should show incremental changes making it easier to spot the package that started breaking everything

[–] Natanael@infosec.pub 1 points 1 month ago

Pin API / ABI versions.

If you're able to track that...

load more comments (4 replies)