[OC] mag37/dockcheck - CLI tool to automate docker image updates. (github.com)
from mag37@lemmy.ml to selfhosted@lemmy.world on 17 Mar 07:50
https://lemmy.ml/post/27296522

dockcheck is simple CLI tool to simplify keeping track of and updating your containers. Selective semi/fully auto updates, notifications on new versions and much more.

Another 6 months have passed and a bunch of updates have been made. The most recent ones are multi-threaded/asynchronous checks to greatly increase speed, notifications on new dockcheck release for those who run scheduled unattended checks, osx and bsd compatibility changes, prometheus exporter to push stats to eg. Grafana and more.

I’m happy to see the project still being used and improved by its users as I thought other great tools (dockge, wud, watchtower and others) would replace it.

As it’s been a while I’ll try to list the features:

I’ve got to thank this community for contributing with donations, ideas, surfacing issues, testing and PRs. It’s a joy!

#selfhosted

threaded - newest

trueheresy@lemmy.dbzer0.com on 17 Mar 12:15 next collapse

This looks great. Thanks so much for your work on this and sharing with us.

What in your opinion sets your software apart from the other options you mention?

I have recently setup dockers for plex, immich, nextcloud and paperlessngx but have yet to look at longterm maintenence inc. things like auto updates (I know to avoid on immich).

As someone who prob knows the options inside and out - would you recommend your option to this relative newbie or do you think one of the other options might be a better place to start?

mag37@lemmy.ml on 17 Mar 15:05 collapse

Thank you!

I sadly don’t have too much insights in the other alternatives, I try to not compare too much - maybe I should study them a bit more to understand the wider picture. There’s a few more I forgot to mention; renovate and dependabot.

While I think all those tools are great and have functionality that my project cant fulfill - I strive to keep dockcheck simple and lightweight. Options and functionality have been bolted on bit by bit while still trying to have it as simple as possible in its core functions - so a user could just download the main script dockcheck.sh and run it to list updates and optionally update. Everything else is optional, extras.

I guess it depends on what you’re looking for. If you’d like a GUI or more in depth setup or reporting - I’d look elsewhere, but if you’d like simplicity and maybe schedule it to notify you when there’s updates available - my project may be the thing.

So my answer would be yes: if you’re running docker compose this project is very newbie friendly and easy to get going!

trueheresy@lemmy.dbzer0.com on 17 Mar 17:04 collapse

Thanks so much for the reply, I’ll give it a download to play with it - I certainly am a big fan of simple!

perishthethought@lemm.ee on 17 Mar 18:25 next collapse

I’m happy with [dockge] (github.com/louislam/dockge) for now but thanks! If I ever decide to go full auto update, I’ll check this out.

HybridSarcasm@lemmy.world on 17 Mar 22:01 next collapse

Curious how this compares to Watchtower.

mag37@lemmy.ml on 18 Mar 13:07 collapse

It’s a different approach. This project started as a proof of concept - just to show that it’s possible to check for updates without pulling the whole image first (which is how Watchtower does it).

Then it evolved to orchestrate granular automatic updates with a bunch of extra functionality - while still adhering to the core goal of keeping it simple and lightweight.

suicidaleggroll@lemm.ee on 17 Mar 22:48 next collapse

This is a great tool, thanks for the continued support.

Personally, I don’t actually use dockcheck to perform updates, I only use it for its update check functionality, along with a custom plugin which, in cooperation with a python script of mine, serves a REST API that lists all containers on all of my systems with available updates. That then gets pulled into homepage using their custom API function to make something like this: imgur.com/a/tAaJ6xf

So at a glance I can see any containers that have updates available, then I can hop into Dockge to actually apply them on my own schedule.

Kuvwert@lemm.ee on 18 Mar 03:53 next collapse

Neat!

mag37@lemmy.ml on 18 Mar 05:28 collapse

Thank you! Oh! That’s pretty cool, do you mind sharing bits of how this is done? Would be nice to incorporate into a notify-template in the future.

suicidaleggroll@lemm.ee on 18 Mar 16:53 collapse

Sure, it’s a bit hack-and-slash, but not too bad. Honestly the dockcheck portion is already pretty complete, I’m not sure what all you could add to improve it. The custom plugin I’m using does nothing more than dump the array of container names with available updates to a comma-separated list in a file. In addition to that I also have a wrapper for dockcheck which does two things:

  1. dockcheck plugins only run when there’s at least one container with available updates, so the wrapper is used to handle cases when there are no available updates.
  2. Some containers aren’t handled by dockcheck because they use their own management system, two examples are bitwarden and mailcow. The wrapper script can be modified as needed to support handling those as well, but that has to be one-off since there’s no general-purpose way to handle checking for updates on containers that insist on doing things in their own custom way.

Basically there are 5 steps to the setup:

  1. Enable Prometheus metrics from Docker (this is just needed to get running/stopped counts, if those aren’t needed it can skipped). To do that, add the following to /etc/docker/daemon.json (create it if necessary) and restart Docker:
{
  "metrics-addr": "127.0.0.1:9323"
}

Once running, you should be able to run curl http://localhost:9323/metrics and see a dump of Prometheus metrics

  1. Clone dockcheck, and create a custom plugin for it at dockcheck/notify.sh:
send_notification() {
Updates=("$@")
UpdToString=$(printf ", %s" "${Updates[@]}")
UpdToString=${UpdToString:2}

File=updatelist_local.txt

echo -n $UpdToString > $File
}
  1. Create a wrapper for dockcheck:
#!/bin/bash

cd $(dirname $0)

./dockcheck/dockcheck.sh -mni

if [[ -f updatelist_local.txt ]]; then
  mv updatelist_local.txt updatelist.txt
else
  echo -n "None" > updatelist.txt
fi

At this point you should be able to run your script, and at the end you’ll have the file “updatelist.txt” which will either contain a comma-separated list of all containers with available updates, or “None” if there are none. Add this script into cron to run on whatever cadence you want, I use 4 hours.

  1. The main Python script:
#!/usr/bin/python3

from flask import Flask, jsonify

import os
import time
import requests
import json

app = Flask(__name__)

# Listen addresses for docker metrics
dockerurls = ['http://127.0.0.1:9323/metrics']

# Other dockerstats servers
staturls = []

# File containing list of pending updates
updatefile = '/path/to/updatelist.txt'

@app.route('/metrics', methods=['GET'])
def get_tasks():
  running = 0
  stopped = 0
  updates = ""

  for url in dockerurls:
      response = requests.get(url)

</
[deleted] on 18 Mar 21:29 next collapse

.

mag37@lemmy.ml on 18 Mar 21:29 collapse

Thats really nice! Thank you so much for the writeup.

Would you mind if I added this as a discussion (crediting you and this post!) in the github project? Or if you’d like to copypaste it yourself to get the credit and be a part of the discussion.

suicidaleggroll@lemm.ee on 20 Mar 14:41 collapse

Would you mind if I added this as a discussion (crediting you and this post!) in the github project?

Yeah that would be fine

mag37@lemmy.ml on 26 Mar 09:10 collapse

Very nice! Now posted here: github.com/mag37/dockcheck/discussions/146

geography082@lemm.ee on 18 Mar 07:56 collapse

Great work !