What's the purpose of "docker build --pull"?

it will pull the latest version of any base image(s) instead of reusing whatever you already have tagged locally

take for instance an image based on a moving tag (such as ubuntu:bionic). upstream makes changes and rebuilds this periodically but you might have a months old image locally. docker will happily build against the old base. --pull will pull as a side effect so you build against the latest base image

it's ~usually a best practice to use it to get upstream security fixes as soon as possible (instead of using stale, potentially vulnerable images). though you have to trade off breaking changes (and if you use immutable tags then it doesn't make a difference)

Docker allows passing the --pull flag to docker build, e.g. docker build . --pull -t myimage. This is the recommended way to ensure that the build always uses the latest container image despite the version available locally. However one additional point worth mentioning:

To ensure that your build is completely rebuilt, including checking the base image for updates, use the following options when building:

--no-cache - This will force rebuilding of layers already available.

The full command will therefore look like this:

docker build . --pull --no-cache --tag myimage:version

The same options are available for docker-compose:

docker-compose build --no-cache --pull