What's the purpose of “docker build --pull”?

Question

When building a docker image you normally use docker build ..

But i\'ve found that you can specify --pull, so the whole command would look like

Answer 1

it will pull the latest version of any base image(s) instead of reusing whatever you already have tagged locally

take for instance an image based on a moving tag (such as ubuntu:bionic). upstream makes changes and rebuilds this periodically but you might have a months old image locally. docker will happily build against the old base. --pull will pull as a side effect so you build against the latest base image

it's ~usually a best practice to use it to get upstream security fixes as soon as possible (instead of using stale, potentially vulnerable images). though you have to trade off breaking changes (and if you use immutable tags then it doesn't make a difference)