检查是否有新版本的 docker 镜像可用

curl -kvu "myuser:mypasswd" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X HEAD https://myrepo:5000/v2/myimage/manifests/<tag>

将返回如下响应：

< HTTP/1.1 200 OK
< Content-Length: 9080
< Content-Type: application/vnd.docker.distribution.manifest.v2+json
< Docker-Content-Digest: sha256:5891d3d01fcdb5ec7dc8a27f25360b132510c7b92369ad50926c27ca7d7cfacf
< Docker-Distribution-Api-Version: registry/2.0
< Etag: "sha256:5891d3d01fcdb5ec7dc8a27f25360b132510c7b92369ad50926c27ca7d7cfacf"
< X-Content-Type-Options: nosniff

Docker-Content-Digest:digest应根据本地图像检查字段

docker images --digests myrepo:5000/myimage
REPOSITORY                         TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
myrepo:5000/myimage   i386                sha256:5891d3d01fcdb5ec7dc8a27f25360b132510c7b92369ad50926c27ca7d7cfacf   b9e9c7f4a462        6 days ago          491 MB

docker images --digests myrepo:5000/myimage应在没有标签的情况下运行（在本例中为 i386）

如果摘要不匹配，则有较新版本的图像可用。因此，基本上，您要检查远程和本地映像的摘要。 如果它们不匹配，则有较新版本可用。

这是一个可立即使用的 shell 脚本，用于根据 GitLab 的 Docker Registry 进行检查。

set -e

GITLAB_SERVER="xxx.example.com"
REGISTRY_SERVER="$GITLAB_SERVER:5001"
IMAGE="group/subgroup1/subgroup2/project/image"

AUTH=$(jq -r ".auths.\"$REGISTRY_SERVER\".auth" ~/.docker/config.json | base64 -d)  # WARN: on OSX base64 -D not -d
TOKEN=$(curl -u "$AUTH" "https://$GITLAB_SERVER/jwt/auth?client_id=docker&offline_token=true&service=container_registry&scope=repository:$IMAGE:push,pull" | jq -r .token)
REMOTE_SHA=$(curl -fH "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -I https://$REGISTRY_SERVER/v2/$IMAGE/manifests/latest | grep Docker-Content-Digest | awk '{print $2}')
LOCAL_SHA=$(docker inspect "$REGISTRY_SERVER/${IMAGE}:latest"  -f '{{index .Id}}')

echo "Local:  $LOCAL_SHA"
echo "Remote: $REMOTE_SHA" 

if [[ "$LOCAL_SHA" == "$REMOTE_SHA" ]]; then
  echo "$IMAGE up-to-date"
else
  echo "$IMAGE outdated"
fi