mag37 / dockcheck Goto Github PK
View Code? Open in Web Editor NEWCLI tool to automate docker image updates. No pre-pull, selective, notify, prune.
License: GNU General Public License v3.0
CLI tool to automate docker image updates. No pre-pull, selective, notify, prune.
License: GNU General Public License v3.0
I am running it with ap parametere:
./dockcheck.sh -ap
It updates all the images, recreates the containers and purges old images. Once finished I run
docker-compose up -d
And all updated containers are again recreated. Why does it recreate them again?
Thank you.
Is it possible to add an optional option to the notify_telegram.sh template to send a message not only to chat, but also to a specific chat topic?
The "message_thread_id" parameter is responsible for this.
Hi there!
Just an idea: why not package the script / repo contents into a container. Then we can use it to run everything inside docker - no need to install dependencies and stuff locally.
What do you think of that?
Best wishes,
koseduhemak
Great script. Love it. Already copied a whole section to one of my project.
Would recommend added UpdYes="no" just before line 20 of the dockcheck.sh script so that if invoked without option, it defaults to simply checking status of docker images.
Hi there!
Nice script :)
Not sure how difficult it would be to support this kind of setup.
Folder structure:
_ Root docker folder
|\_ pialert
| \_ docker-compose.yml
\_ syncthing
| \_docker-compose.yml
\_ .env_nas
Currently, I have to go thru (cd pialert
) the folders and run the following in each folder:
sudo docker-compose --env-file ../.env_nas up -d
This resolves all environmental variables if present.
Anyway, I know this is a more complex setup, and not sure if your script is intended to solve updates in such a setup.
Either way, great work!
I'm not sure if this is the right place to post this but I didn't know where would be better.
I use the DockCheck Web project (https://github.com/Palleri/dockcheck-web), to send me push notifications when a container needs to be updated. As I'm sure you're aware this project is based on your script. I'm not a coder but it seems that the Docker build is specifically calling dc_brief.sh. You recently updated the script to more accurately filter excluded container, but it doesn't look like this file was updated, so DockCheck web is still using the old exclude parameters. Would you be able to update this @mag37 ? I compared the code and it looks like this would do the trick but I'm more likely to break something than fix it lol:
[[ "${Excludes[@]}" == ${i} ]] && continue;
The old docker-compose binary returns error if called without arguments, so the script thinks it does not exist even if it does. It will probably make sense to ask for version or help
PhotonOS 4.0
root@photon [ ~/dockcheck ]# ./dockcheck.sh
. . . . . . . . . . . . . . . . . . . .
Containers on latest version:
Portainer
Influxdb
Containers with errors, wont get updated:
Containers with updates available:
1) Grafana
2) Prometheus
Choose what containers to update.
Enter number(s) separated by comma, [a] for all - [q] to quit: 1
Updating containers:
Grafana
./dockcheck.sh: line 239: cd: /data/compose/76: No such file or directory
Path error - skipping Grafana
All done!
Would you like to prune dangling images? y/[n]: n
root@photon [ ~/dockcheck ]# ls -l /
total 48
lrwxrwxrwx 1 root root 7 Feb 24 2021 bin -> usr/bin
drwxr-xr-x 4 root root 4096 Jul 9 07:25 boot
drwxr-xr-x 17 root root 3140 Aug 9 22:20 dev
drwxr-xr-x 51 root root 4096 Aug 7 13:07 etc
drwxr-xr-x 2 root root 4096 Feb 24 2021 home
lrwxrwxrwx 1 root root 7 Feb 24 2021 lib -> usr/lib
lrwxrwxrwx 1 root root 7 Feb 24 2021 lib64 -> usr/lib
drwx------ 2 root root 16384 Apr 27 14:37 lost+found
lrwxrwxrwx 1 root root 9 Feb 24 2021 media -> run/media
drwxr-xr-x 9 root root 4096 Aug 5 15:03 mnt
drwx--x--x 3 root root 4096 Apr 27 15:39 opt
dr-xr-xr-x 803 root root 0 Aug 9 22:19 proc
drwxr-x--- 9 root root 4096 Aug 9 17:41 root
drwxr-xr-x 21 root root 720 Aug 10 06:43 run
lrwxrwxrwx 1 root root 8 Feb 24 2021 sbin -> usr/sbin
lrwxrwxrwx 1 root root 7 Feb 24 2021 srv -> var/srv
dr-xr-xr-x 11 root root 0 Aug 9 22:19 sys
drwxrwxrwt 11 root root 220 Aug 10 13:06 tmp
drwxr-xr-x 10 root root 4096 Apr 27 14:37 usr
drwxr-xr-x 12 root root 4096 Apr 27 14:38 var
As you can see there is no /data/compose/76 directory which is what was stored in ConPath from docker inspect "Grafana" --format '{{ index .Config.Labels "com.docker.compose.project.working_dir" }}'
Possibly caused because container was created using a Portianer stack?
root@photon [ ~/dockcheck ]# docker inspect "Grafana" --format '{{ index .Config.Labels "com.docker.compose.project.working_dir" }}'
/data/compose/76
Hello, i'm using Portainer to deploy with the following docker compose.
version: '3.2'
services:
dockcheck-web:
container_name: dockcheck-web
image: 'palleri/dockcheck-web:arm'
restart: unless-stopped
ports:
- '87:80'
volumes:
- ./data:/var/www/html
- /var/run/docker.sock:/var/run/docker.sock
I checked the logs and i get the following errors:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.224.2. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.224.2. Set the 'ServerName' directive globally to suppress this message
[Sat Jan 28 08:56:55.171750 2023] [mpm_prefork:notice] [pid 463] AH00163: Apache/2.4.54 (Debian) PHP/8.1.15RC1 configured -- resuming normal operations
[Sat Jan 28 08:56:55.172063 2023] [core:notice] [pid 463] AH00094: Command line: 'apache2 -D FOREGROUND'
My pi's ip is 192.168.1.32, don't know if that helps.
Hi! I just noticed this with the new update:
❯ cd ~/github/dockcheck/ && ./dockcheck.sh -y -p
New version available! Local: v0.2.3 - Latest: v0.2.4
Change Notes: Fixes to the Exclude-option to only exclude exact matches. +cleaning
Choose update procedure (or do it manually) - git/curl/[no]:
Which prevents my cron task from running. Maybe you could add another option for automatic updates?
Thank you for a great tool!
When trying to run the script I'm running into the following error:
Required dependency 'regctl' missing, do you want it downloaded? y/[n] y
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 8076k 100 8076k 0 0 360k 0 0:00:22 0:00:22 --:--:-- 449k
. . . . . . . . .
Containers on latest version:
fr24feed
cloudflared
mosquitto
unifi
Containers with updates available:
0) ALL
1) mariadb
Do you want to update? y/[n] y
What containers do you like to update?
Enter number(s) separated by comma (eg. 1,3,4): 0
You've SelectedUpdates:
mariadb
stat /opt/docker-compose.yml: no such file or directory
stat /opt/docker-compose.yml: no such file or directory
I have just updated to the latest version (0.2.0) and tried to run dockcheck. It has successfully updated one of my containers, but the rest of them fails. Here's the output of a re-run of dockcheck (and therefore missing the successful update):
$ LANG=c ./dockcheck.sh -a
. . . . . . .
Containers on latest version:
adguard
nginxproxymanager-app-1
nginxproxymanager-db-1
Containers with updates available:
filezilla
heimdall
portainer
unifi-controller
./dockcheck.sh: line 178: cd: /opt/docker-compose/tools/docker-compose.yml,/opt/docker-compose/tools: No such file or directory
Path error - skipping filezilla
./dockcheck.sh: line 178: cd: /opt/docker-compose/tools/docker-compose.yml,/opt/docker-compose/tools: No such file or directory
Path error - skipping heimdall
./dockcheck.sh: line 178: cd: /opt/docker-compose/tools/docker-compose.yml,/opt/docker-compose/tools: No such file or directory
Path error - skipping portainer
./dockcheck.sh: line 178: cd: /opt/docker-compose/tools/docker-compose.yml,/opt/docker-compose/tools: No such file or directory
Path error - skipping unifi-controller
All done!
# tree /opt/docker-compose
/opt/docker-compose
├── adguard
│ └── docker-compose.yml
├── LICENSE
├── nginxproxymanager
│ └── docker-compose.yml
├── README.md
├── teamspeak
│ └── docker-compose.yml
└── tools
├── docker-compose.override.yml
└── docker-compose.yml
Would it be possible to add an option to pass an API token to allow authenticated docker pulls?
Basically getting the below error
You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
This script looks like the perfect solution for what I'm trying to put together.
I have a Grafana Dashboard that lists details about my running containers and host system. I'd like to have a panel that counts how many containers currently have updates available to download.
Dockcheck handles the majority of the work, but it's difficult to pull the data I need out of it after. I can't seem to be able to grab anything with Echo or Awk, though my Bash knowledge is extremely beginner. Would it be possible to add a Minimal Output mode, that just prints the containers with updates available to stdout, and nothing else?
Hi mag37,
first of all, thank you for the well thought-out script. It has directly replaced Watchtower for me and one function is currently missing for my setup.
Is it possible to add the option to the script to specify the file names of the .env files myself and, ideally, more than one?
The background. I have a global.env
and local.env
.
As the name suggests, the global.env
contains variables that can apply to all services.
The local.env
is specific to the respective service.
The file structure looks like this:
|-- root
|-- global.env
|-- service 1
|-- local.env
|-- service 2
|-- local.env
Not every service requires a global. or local.env, so the command to start the service always varies:
docker compose --env-file ../global.env --env-file local.env up -d
docker compose --env-file ../global.env up -d
docker compose --env-file local.env up -d
Many thanks and best regards,
Buddinski88
I'm running dockcheck.sh from within a shellscript wrapper to provide logging and email notifications. For that it would be lovely if there was a monochrome option, i.e. dockcheck.sh -m
which behaves exactly the same but doesn't use color escape code sequences, as they aren't playing well with email.
Thanks for your consideration!
Would it be possible to include the current respectively the available image version in the list of images that have an update? Maybe even with a link to the releases page of that image, e.g.:
The version could be rendered like the version update notification for dockcheck itself (https://github.com/mag37/dockcheck/blob/main/dockcheck.sh#L149).
Rationale: For me this would be useful to safe a lot of time checking the version gap of the update. And I wouldn't update immediately when the raise is like from 2.13
to 3.0
because I'd also wait for at least one or two point releases.
What do you think about adding install instructions? A simple variant for a minimal setup foris like this:
wget -O /usr/local/bin/dockcheck.sh "https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh" && chmod +x /usr/local/bin/dockcheck.sh
This works also for updates.
The notifiers aren't included. This could be solved like that:
wget -O- https://api.github.com/repos/mag37/dockcheck/tarball | tar -xz -C "/usr/local/bin" --strip 1 && chmod +x /usr/local/bin/{dockcheck,notify_*}.sh
The drawback is having other files from the repo cluttering the bin
folder. This could be solved by creating a release.tar.gz
with each release.
I have used the following script for pushbullet integration, and it's working well. Do you mind integrating it into your supported notification list?
### DISCLAIMER: This is a third party addition to dockcheck - best effort testing.
# Copy/rename this file to notify.sh to enable the notification snippet. Make sure you have jq package installed and it's on path
send_notification() {
Updates=("$@")
UpdToString=$( printf "%s\n" "${Updates[@]}" )
FromHost=$(hostname)
# platform specific notification code would go here
printf "\nSending pushbullet notification\n"
printf "\nThe following docker containers on %s need to be updated:\n%s\n" "$FromHost" "$UpdToString"
MessageTitle="$FromHost - updates available."
# Setting the MessageBody variable here.
MessageBody="Containers on $FromHost with updates available: $UpdToString"
# Modify to fit your setup:
PushUrl="https://api.pushbullet.com/v2/pushes"
PushToken="Your Pushbullet token here"
# Requires jq to process json data
jq -n --arg title "$MessageTitle" --arg body "$MessageBody" '{body: $body, title: $title, type: "note"}' | curl -sS -o /dev/null --show-error --fail -X POST -H "Access-Token: $PushToken" -H "Content-type: application/json" $PushUrl -d @-
}
After I run dockcheck.sh and select to update all that have updated, I still need to run "docker image prune" to clear old images. Can this be automated?
Thank you.
Hello,
Love your script. I experiencing one minor bug or maybe it's a feature request? When I exclude a container i.e. photoprism_mariadb, the photoprism container also gets excluded. They are part of the same docker compose file, but are two separate containers so I'm not sure why that's happening. I'm trying to exclude all of the database containers since upgrading databases has been tricky at times. I'd like to use the -a|y flag with -e but currently that isn't going to work the way I'd like it to.
hi! i recently tried cloning the dockcheck repo to my raspberry pi (running raspberry pi os bookworm) to update docker containers, but received an error when installing dependencies that my architecture is not supported for regctl.
has anyone found a way to run dockcheck on their raspberry pi with this being considered?
This is not a real issue but more ad implementation...
I've tried using this script in my Unraid system, running from ROOT, and everything was great.
Then I moved to UBUNTU and it wasn't working since it needs a SUDO before running DOCKER commands (you don't run script from ROOT usually).
There are methods to avoid this? Like implementing a "system check" to add a SUDO if it's needed?
Thank you
Hi,
I love this little tool. Please consider to add an update function into dockcheck script itself, so it should be able to automatically download latest dockcheck version.
This script is great. I just wanted to add email notification for my synology DSM and it works with a few lines.
It's quite specific to DSM emails however. How can I still benefit from the script's nice self update feature if email notifications don't make it in?
One line in the patch is a general fix to find regctl when running as a cron job (the script itself and regctl are not in the path but regctl is with the script. This line should make it in regardless of email notification.
Add a comment tag in each notification add-on template giving its filename and a "do not delete" warning.
If a notify.sh file exists, grep for that tag and automatically also download that template file when automatically downloading dockcheck.sh.
The user's changes are safe in notify.sh but it's now easy to diff notify.sh notify_xxx.sh to see if the new dockcheck version has also improved the template being used.
I've been looking for something that would let me auto update to new version only after the current latest has been released for some amount of time.
I like to try to avoid problem versions by waiting for the version number not to change for a bit but, so far, it's been a pretty manual process as of now.
Hi mag37,
I have another idea 😊
At the moment I only check if there are new versions, because I always like to check beforehand if there is a breaking change in a miner service, i.e. I look at the release notes.
Wouldn't it be cool if the link to the GitHub repo was displayed directly after checking each service?
Best regards
Buddinski88
DockCheck seems to not find all updates, and in fact finds a different update that other tools don't find. For reference, I have containers running via Portainer stacks (which uses Compose).
Watchtower reports that a certain set of containers have newer images (which is accurate), while DockCheck doesn't report any of those, but reports that a different container has an update that Watchtower. Pretty strange.
just what it says in the title, there is no v0.3.2 branch yet, the code changes are only in main
I'm running Diun currently to notify me when containers have new images available.
Today, for example, it suggests:
Tue, 14 Feb 2023 00:00:03 UTC INF Image update found image=lscr.io/linuxserver/radarr:latest provider=docker
Tue, 14 Feb 2023 00:00:03 UTC INF Image update found image=docker.io/louislam/uptime-kuma:latest provider=docker
Tue, 14 Feb 2023 00:00:03 UTC INF Image update found image=docker.io/linuxserver/plex:latest provider=docker
Tue, 14 Feb 2023 00:00:04 UTC INF Image update found image=docker.io/linuxserver/transmission:latest provider=docker
Tue, 14 Feb 2023 00:00:04 UTC INF Image update found image=docker.io/linuxserver/jackett:latest provider=docker
But running ./dockcheck.sh
returns:
Containers on latest version:
diun
jackett
plex
portainer
radarr
transmission
uptime-kuma
It's good that it's at least detecting what containers I have, but obviously the two things cannot be true. Updates are available.
This has happened previously with different updates. Dockcheck has not yet suggested any available updates when updates have been available.
Have I misunderstood this tool?
I think this is very easy to implement, and a very important feature to make sure I am working with the right version. Thank you.
Hi,
I think it would be better if there was an option to choose which containers to update.
For example, it would return a numbered list of containers that have updates, and it would expect a comma separated list of numbers to update or update them all.
Thank you for the script, it's very convenient.
When updating a set of containers within a docker-compose file, it should respect depends_on within a given service. Restarting each container individually can lead to overall issues in the stack working properly. Alternatively, choosing to stop a docker-compose stack, updating, and restarting would work as well.
If the -s option is used to include stopped containers the progress bar acts funny even dividing by zero when no containers are running. This change makes it work.
diff dockcheck.sh dockcheck.sh.original
209c209
< DocCount=$(docker ps $Stopped --filter "name=$SearchName" --format '{{.Names}}' | wc -l)
---
> DocCount=$(docker ps --filter "name=$SearchName" --format '{{.Names}}' | wc -l)
212c212
< ### Check the image-hash of every concerned container VS the registry
---
> ### Check the image-hash of every running container VS the registry
Hi
I’ve been using Dockcheck for a while, but I do so entirely via the web interface. My process is to copy the names of the containers that have updates and then running a one time watch tower docker command line just with the ones I want to update.
Some Ideas for the web UI.
Many thanks
like your tool, but saving a preference for updates regarding git or curl would be nice :)
Sorry I'm no programmer but I think it should be easy to determine if it was pulled via git or someone just downloaded the script?
Hi!
I have seen your project on reddit and, while I can find it useful, it doesn't seem to have a license.
Because of this, this project is not usable/forkable/distributable/modifiable by any person other than the creator, you:
To use a piece of software, whether it’s open source or commercial, you need some grant of rights. In the U.S. and many other places, creative work (including software) is protected by exclusive copyright by default. This means that no one can legally use, copy, distribute, or modify that software without explicit permission from the creator/author. This permission comes in the form of a license that grants the right to do so. Without that license, the baseline assumption is that you do not have permission to use the software.
(Source)
I suggest you to choose a license, so that anybody can help you!
Anyway, good job and keep up the good work!
Hi,
Just an FYI - as I use DIUN for push notification, I’ve noticed that as some of my containers use the :develop
build, rather than :latest
; dockcheck does not pick them up.
I assume something similar happens when you use a specific build to :4.6
?
Maybe there is scope in a future update to add these to the UI, perhaps highlighting them in a different section.
Is it possible to add an option to have the dockers update one by one instead of all at once.
I have a location where the internet is a bit slow and doing a docker compose pull
kills the internet as it tries to update all the containers at once.
docker compose pull dockername
however works as it just downloads one container at a time.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.