selfh.st - dockcheck: A CLI Tool for Updating Container Images

selfh.st - dockcheck: A CLI Tool for Updating Container Images (selfh.st)
from mag37@lemmy.ml to selfhosted@lemmy.world on 09 Dec 21:25
https://lemmy.ml/post/40096199

I just has the honors of writing a guest article on selfh.st about my ever so slowly evolving project, dockcheck.

#selfhosted

threaded - newest

uninvitedguest@piefed.ca on 09 Dec 21:31 next collapse

I absolutely adore dockcheck. Thank you for your work.

tofubl@discuss.tchncs.de on 09 Dec 22:02 next collapse

Is this a replacement for Watchtower?

madcaesar@lemmy.world on 09 Dec 22:59 next collapse

Watchtower hadn’t been updated in like 3 years or something. It’s a dead project.

Evotech@lemmy.world on 09 Dec 23:16 next collapse

What more does it need to do

It works prefectly

madcaesar@lemmy.world on 10 Dec 00:07 next collapse

Stopped working for me with a recent docker cli update. That’s how I even found out it’s totally abandoned.

I’m not a big fan of running software that has access to the internet once it’s abandoned like this.

Evotech@lemmy.world on 10 Dec 02:38 next collapse

Is used by literal millions. I’m sure if there was a security issue or would be reported.

Changes for the reason of making changes doesn’t make sense either

Anyway, I use podman now. It had this functionality built in

madcaesar@lemmy.world on 10 Dec 11:30 collapse

How many people use it makes no difference if there is no devs fixing security bugs.

I switched to DIUN, but it doesn’t do updates only notifications. That’s why I’m excited to look at OP’s library.

Evotech@lemmy.world on 10 Dec 11:32 collapse

Are there security issues reported? Is open source

xcjs@programming.dev on 10 Dec 23:19 collapse

Sorry for spamming in this thread, but if you rely on Watchtower, there’s a maintained fork I recommend: github.com/nicholas-fedor/watchtower

xcjs@programming.dev on 10 Dec 23:19 collapse

Not for the latest and future versions of Docker.

This fork works, though: github.com/nicholas-fedor/watchtower

tofubl@discuss.tchncs.de on 10 Dec 12:22 next collapse

Your point being that I am not currently using it? Or that I should be looking for alternatives since I am currently using it?

madcaesar@lemmy.world on 10 Dec 13:35 collapse

I used to use it and switched away because it’s not maintained and I had errors with recent docker cli

xcjs@programming.dev on 10 Dec 23:18 collapse

There’s a maintained fork, fortunately!

github.com/nicholas-fedor/watchtower

mag37@lemmy.ml on 09 Dec 23:05 collapse

This question is usually asked a lot.

This started as a project to prove that you could check for updates without first pulling every new image to compare against, while that’s not why it kept get getting traction my original answer to this question still seems true:

From Watchtower Docs - Arguments

Due to Docker API limitations the latest image will still be pulled from the registry.

And:

Do not pull new images. When this flag is specified, watchtower will not attempt to pull new images from the registry. Instead it will only monitor the local image cache for changes

It’s also a different approach. With dockcheck you’d run it and then make the choice what you’ll update there and then. Selectively choosing exactly what containers to update at the moment. Or have it completely unattended auto update a selection of images.

With the notifications, you can get notified and then have a sitdown and auto-update what you choose.

It’s just different workflows and options.

The upcoming release will also add a new option to backup the image being updated and then autoprune old backups after N days. To allow for easy rollback if a new image breaks.

tofubl@discuss.tchncs.de on 10 Dec 12:20 collapse

Thanks for the detailed explanation. Will try to see how it fits my setup when I get a chance, but I have been wanting to move away from Watchtower as it is no longer maintained. Good to know there is an alternative, and from what you describe I like your approach. Having to opt-out of updates in Watchtower never really sat right with me- Watchtower clutter is okay in compose files that actually want something to do with Watchtower…

mag37@lemmy.ml on 10 Dec 13:29 next collapse

Thank you. I hope you can find some usefulness in it. You can also do things by compose labels. As well as dynamically at runtime. Either interactively or as arguments.

irmadlad@lemmy.world on 10 Dec 14:39 collapse

Watchtower as it is no longer maintained

Not to take away anything from the OP, but there is a fork of Watchtower that is maintained and works a lot better than the OG Watchtower. The original Watchtower would screw up the update fairly regularly. So, if you want to just yolo your updates, that’d be the way to go. If you want a bit more control, DockCheck seems to have that covered. It’s always good to have choices.

watchtower.devcdn.net

HairyHarry@lemmy.world on 09 Dec 22:07 next collapse

Perfect and just what I needed!

domi@lemmy.secnd.me on 10 Dec 13:34 next collapse

Does this check for version tags as well or only updates to the current tag?

Like the current container uses an image with the tag :0.1.0 or :v0.1.0 but :0.2.0 is available on the registry.

mag37@lemmy.ml on 10 Dec 15:38 next collapse

Sadly no, only within the scope of the tag specified in the compose.

Renovate, WUD or Diun might be other options for that!

MangoPenguin@lemmy.blahaj.zone on 10 Dec 15:56 collapse

If you want automatic updates over major versions most images will have the :latest tag for that.

domi@lemmy.secnd.me on 10 Dec 17:16 collapse

I don’t really want automatic updates, I want a notification once a month with all images that have a newer :latest available or if versionised, when a image with a newer version is available.

northernlights@lemmy.today on 10 Dec 19:34 collapse

Oh that’s neat, really liking the matrix notifications. Now to make it a systemd service on all my hosts.

mag37@lemmy.ml on 10 Dec 20:55 collapse

Oh nice, yeah I havn’t thought about suggesting a systemd-service thats neat! If you’d like you could contribute it as a discussion/suggestion/PR if you land on liking it, thatd be lovely.

With the image backups in the next release you could maybe even build some kind of auto rollback functionality.

northernlights@lemmy.today on 11 Dec 17:08 collapse

Sure I can do that. I make packages too, would you think your project could use AUR, deb, rpm and/or snap packages?

mag37@lemmy.ml on 11 Dec 17:37 collapse

Oh that’s very kind of you! There’s an AUR package and a brew already, don’t know if other packages is necessary tbh :)

Though some people have suggested they’d like a docker container - which I should try to spend some time on in the future.