From 7fb19099356939c12265dc2abe316a462fcd141b Mon Sep 17 00:00:00 2001
From: Sven Tennie <sven.tennie@wire.com>
Date: Thu, 30 Jan 2025 11:33:40 +0100
Subject: [PATCH] Update Docker usage docs

- Using an image tag is required.
- Minor fixes like typos.
---
 README.md | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 7c48bcb..8053435 100644
--- a/README.md
+++ b/README.md
@@ -41,27 +41,31 @@ A working example can be found in `./examples/wire-server`.
 ## use via docker
 
 If you have gotten here as a
-[wire-server](https://github.com/wireapp/wire-server) administrator
-and want to use this to populate your teams, you can use the docker
-image we're building from this repo (append version with `:` if you
-want to pin it):
+[wire-server](https://github.com/wireapp/wire-server) administrator and want to
+use this to populate your teams, you can use the docker image we're building
+from this repo. As we do not guarantee full backwards-compatibility (there may
+be breaking changes e.g. regarding CLI options), please always provide the
+image's tag. 
 
 ```sh
-docker pull quay.io/wire/ldap-scim-bridge
+docker pull quay.io/wire/ldap-scim-bridge:$IMAGE_TAG
 ```
 
-You need to create a config file that contains your setup.  If in doubt, you can start with [this example](./examples/wire-server/conf1.yaml), or [this one](./examples/wire-server/conf2.yaml).  Name the file `config.yaml` and place it into `/config-path`.  Let's say you want to work on release 0.5.  (You can check if there is a `:latest`, but at the time of writing this paragraph, we still have to add that.)
+Usually, `IMAGE_TAG` should be the latest release name without the `v`-prefix.
+E.g. for `v0.10.3` the `IMAGE_TAG` is `0.10.3`.
+
+You need to create a config file that contains your setup.  If in doubt, you can start with [this example](./examples/wire-server/conf1.yaml), or [this one](./examples/wire-server/conf2.yaml).  Name the file `config.yaml` and place it into `/config-path`.
 
 ```sh
 docker run -it --network=host \
   --mount type=bind,src=/config-path,target=/mnt \
-  quay.io/wire/ldap-scim-bridge \
+  quay.io/wire/ldap-scim-bridge:$IMAGE_TAG \
   ldap-scim-bridge /mnt/config.yaml
 ```
 
 This should work fine for Windows if you make sure the file path under `src` points to the right place.  You may need to you `\` instead of `/`.
 
-The connection to wire is not encrypted.  This tool is made for running inside the trusted network the backend is running in.  If you need to protect this connection you can use an off-the-shelf tls tunnel or vpn solution.
+The connection to Wire is not encrypted.  This tool is made for running inside the trusted network the backend is running in.  If you need to protect this connection you can use an off-the-shelf TLS tunnel or VPN solution.
 
 The connection to the LDAP source is TLS-encrypted.  If you need to add trusted certificates to the store in `/etc/ssl/certs/`, you can just mount it:
 
@@ -69,7 +73,7 @@ The connection to the LDAP source is TLS-encrypted.  If you need to add trusted
 docker run -it --network=host \
   --mount type=bind,src=/config-path,target=/mnt \
   --mount type=bind,src=/etc/ssl/certs,target=/etc/ssl/certs \
-  quay.io/wire/ldap-scim-bridge \
+  quay.io/wire/ldap-scim-bridge:$IMAGE_TAG \
   ldap-scim-bridge /mnt/config.yaml
 ```