Merge pull request OWASP#314 from OWASP/feature/313-clarify-docker-usage

Feature/313 clarify docker usage
huaijinli · Nov 5, 2021 · 3733b63 · 3733b63
2 parents 500be31 + 76d74e7
commit 3733b63
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -222,6 +222,6 @@ jobs:
           file: ./Dockerfile
           builder: ${{ steps.buildx.outputs.name }}
           push: ${{ startsWith(github.ref, 'refs/tags/v') }}
-          tags: ${{ env.image_name }}:${{ env.RELEASE_VERSION }}
+          tags: ${{ env.image_name }}:${{ env.RELEASE_VERSION }},stable
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
diff --git a/README.md b/README.md
@@ -48,12 +48,23 @@ To install, run: `npm install` from the root of the project.  A `postinstall` sc
 
 Running `npm run start` from the root directory of the repository will start the front-end and the server.
 
-## Docker
+## Docker (local build)
 To run Threat Dragon in a docker container, configure your environment using dotenv
 as described in [setup-env.md](setup-env.md) and run the following from the root of the project:
 - `docker build -t owasp-threat-dragon:dev .`
 - `docker run -it --rm -p 3000:3000 -v $(pwd)/.env:/app/.env owasp-threat-dragon:dev`
 
+## Docker (from dockerhub)
+Threat Dragon maintains a docker image on Dockerhub.  Each release is tagged as `v{major}.{minor}.{patch}`, eg `v1.5.8`
+
+### <ins>Do not use the latest tag (which is the default), as it could be a development release</ins>
+
+Alternatively, you can use the `stable` tag, which will always be the latest official release.
+
+- `docker pull threatdragon/owasp-threat-dragon:v1.5.8`
+- `docker run -it --rm -p 3000:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v1.5.8`
+
+
 ## Environment variables
 Threat Dragon uses GitHub to store threat models, so you need to go to your GitHub account and
 [register it as a GitHub application](https://github.com/settings/applications/new).

diff --git a/setup-env.md b/setup-env.md
@@ -126,7 +126,10 @@ Example compose file:
 version: '3.1'
 services:
   threatdragon:
-    image: owasp-threat-dragon:dev
+    # Always use a specific version tag, as "latest" may be a development build
+    # Alternatively, you can use the "stable" tag, as that will always
+    # be the latest released version
+    image: threatdragon/owasp-threat-dragon:v1.5.8
     ports:
       - 3000:3000
     environment: