๐ณ Docker Hub pull limit ๐ not an issue for checks but for actual pulls - read more
For Podman - see the fork sudo-kraken/podcheck!
- v0.7.3: Bugfix - unquoted variable in printf list caused occasional issues.
- v0.7.2:
- Label rework:
- Moved up label logic to work globally on the current run.
- Only iterating on labeled containers when used with
-loption, not listing others. - Clarified messaging and readme/help texts.
- List reformatting for "available updates" numbering to easier highlight and copy:
- Padded with zero, changed
)to-, example:02 - homer - Can be selected by writing
2,3,4or02,03,04.
- Padded with zero, changed
- Label rework:
- v0.7.1:
- Added support for multiple notifications using the same template
- Added support for notification output format
- Added support for file output
- Added optional configuration variables per channel to (replace
<channel>with any channel name):<channel>_TEMPLATE: Specify a template<channel>_SKIPSNOOZE: Skip snooze<channel>_CONTAINERSONLY: Only notify for docker container related updates<channel>_ALLOWEMPTY: Always send notifications, even when empty<channel>_OUTPUT: Define output format
- v0.7.0:
- Bugfix: snooze dockcheck.sh-self-notification and some config clarification.
- Added authentication support to Ntfy.sh.
- Added suport for sendmail in the SMTP-template.
$ ./dockcheck.sh -h
Syntax: dockcheck.sh [OPTION] [comma separated names to include]
Example: dockcheck.sh -y -x 10 -d 10 -e nextcloud,heimdall
Options:
-a|y Automatic updates, without interaction.
-c D Exports metrics as prom file for the prometheus node_exporter. Provide the collector textfile directory.
-d N Only update to new images that are N+ days old. Lists too recent with +prefix and age. 2xSlower.
-e X Exclude containers, separated by comma.
-f Force stop+start stack after update. Caution: restarts once for every updated container within stack.
-F Only compose up the specific container, not the whole compose stack (useful for master-compose structure).
-h Print this Help.
-i Inform - send a preconfigured notification.
-I Prints custom releasenote urls alongside each container with updates in CLI output (requires urls.list).
-l Only include containers with label set. See readme.
-m Monochrome mode, no printf colour codes and hides progress bar.
-M Prints custom releasenote urls as markdown (requires template support).
-n No updates, only checking availability.
-p Auto-Prune dangling images after update.
-r Allow checking for updates/updating images for docker run containers. Won't update the container.
-s Include stopped containers in the check. (Logic: docker ps -a).
-t N Set a timeout (in seconds) per container for registry checkups, 10 is default.
-u Allow automatic self updates - caution as this will pull new code and autorun it.
-v Prints current version.
-x N Set max asynchronous subprocesses, 1 default, 0 to disable, 32+ tested.
$ ./dockcheck.sh
. . .
Containers on latest version:
glances
homer
Containers with updates available:
1) adguardhome
2) syncthing
3) whoogle-search
Choose what containers to update:
Enter number(s) separated by comma, [a] for all - [q] to quit:
Then it proceeds to run pull and up -d on every container with updates.
After the updates are complete, you'll get prompted if you'd like to prune dangling images.
- Running docker (duh) and compose, either standalone or plugin. (see Podman fork
- Bash shell or compatible shell of at least v4.3
- POSIX
xargs, usually default but can be installed with thefindutilspackage - to enable async.
- POSIX
- jq
- User will be prompted to install with package manager or download static binary.
- regclient/regctl (Licensed under Apache-2.0 License)
- User will be prompted to download
regctlif not inPATHorPWD. - regctl requires
amd64/arm64- see workaround if other architecture is used.
- User will be prompted to download
Download the script to a directory in PATH, I'd suggest using ~/.local/bin as that's usually in PATH.
For OSX/macOS preferably use /usr/local/bin.
# basic example with curl:
curl -L https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh -o ~/.local/bin/dockcheck.sh
chmod +x ~/.local/bin/dockcheck.sh
# or oneliner with wget:
wget -O ~/.local/bin/dockcheck.sh "https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh" && chmod +x ~/.local/bin/dockcheck.sh
# OSX or macOS version with curl:
curl -L https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh -o /usr/local/bin/dockcheck.sh && chmod +x /usr/local/bin/dockcheck.shThen call the script anywhere with just dockcheck.sh.
Add preferred notify.sh-template to the same directory - this will not be touched by the scripts self-update function.
To modify settings and have them persist through updates - copy the default.config to dockcheck.config alongside the script or in ~/.config/.
Alternatively create an alias where specific flags and values are set.
Example alias dc=dockcheck.sh -p -x 10 -t 3.
Triggered with the -i flag. Will send a list of containers with updates available and a notification when dockcheck.sh itself has an update.
notify_templates/notify_v2.sh is the default notification wrapper, if notify.sh is present and configured, it will override.
Example of a cron scheduled job running non-interactive at 10'oclock excluding 1 container and sending notifications:
0 10 * * * /home/user123/.local/bin/dockcheck.sh -nix 10 -e excluded_container1
Set up a directory structure as below.
You only need the notify_templates/notify_v2.sh file and any notification templates you wish to enable, but there is no harm in having all of them present.
.
โโโ notify_templates/
โ โโโ notify_DSM.sh
โ โโโ notify_apprise.sh
โ โโโ notify_discord.sh
โ โโโ notify_generic.sh
โ โโโ notify_gotify.sh
โ โโโ notify_HA.sh
โ โโโ notify_matrix.sh
โ โโโ notify_ntfy.sh
โ โโโ notify_pushbullet.sh
โ โโโ notify_pushover.sh
โ โโโ notify_slack.sh
โ โโโ notify_smtp.sh
โ โโโ notify_telegram.sh
โ โโโ notify_v2.sh
โโโ dockcheck.config
โโโ dockcheck.sh
โโโ urls.list # optional
- Uncomment and set the
NOTIFY_CHANNELS=""environment variable indockcheck.configto a space separated string of your desired notification channels to enable. - Uncomment and set the environment variables related to the enabled notification channels. Eg.
GOTIFY_DOMAIN=""+GOTIFY_TOKEN="".
It's recommended to only do configuration with variables within dockcheck.config and not modify notify_templates/notify_X.sh directly. If you wish to customize the notify templates yourself, you may copy them to your project root directory alongside the main dockcheck.sh (where they're also ignored by git).
Customizing notify_v2.sh is handled the same as customizing the templates, but it must be renamed to notify.sh within the dockcheck.sh root directory.
Configure to receive scheduled notifications only if they're new since the last notification - within a set time frame.
Example: Dockcheck is scheduled to run every hour. You will receive an update notification within an hour of availability.
Snooze enabled: You will not receive a repeated notification about an already notified update within the snooze duration.
Snooze disabled: You will receive additional (possibly repeated) notifications every hour.
To enable snooze uncomment the SNOOZE_SECONDS variable in your dockcheck.config and set it to the number of seconds you wish to prevent duplicate alerts.
Snooze is split into three categories; container updates, dockcheck.sh self updates and notification template updates.
If an update becomes available for an item that is not snoozed, notifications will be sent and include all available updates for that item's category, even snoozed items.
The actual snooze duration will be 60 seconds less than SNOOZE_SECONDS to account for minor scheduling or run time issues.
- Synology DSM
- Email with mSMTP (or deprecated alternative sSMTP)
- Apprise (with it's multitude of notifications)
- both native caronc/apprise and the standalone linuxserver/docker-apprise-api
- Read the QuickStart
- ntfy - HTTP-based pub-sub notifications.
- Gotify - a simple server for sending and receiving messages.
- Home Assistant - Connection to the notify integrations.
- Pushbullet - connecting different devices with cross-platform features.
- Telegram - Telegram chat API.
- Matrix-Synapse - Matrix, open, secure, decentralised communication.
- Pushover - Simple Notifications (to your phone, wearables, desktops)
- Discord - Discord webhooks.
- Slack - Slack curl api
Further additions are welcome - suggestions or PRs! Initiated and first contributed by yoyoma2.
All required environment variables for each notification channel are provided in the default.config file as comments and must be uncommented and modified for your requirements.
For advanced users, additional functionality is available via custom configurations and environment variables.
Use cases - all configured in dockcheck.config:
(replace <channel> with the upper case name of the of the channel as listed in NOTIFY_CHANNELS variable, eg TELEGRAM_SKIPSNOOZE)
- To bypass the snooze feature, even when enabled, add the variable
<channel>_SKIPSNOOZEand set it totrue. - To configure the channel to only send container update notifications, add the variable
<channel>_CONTAINERSONLYand set it totrue. - To send notifications even when there are no updates available, add the variable
<channel>_ALLOWEMPTYand set it totrue. - To use another notification output format, add the variable
<channel>_OUTPUTand set it tocsv,json, ortext. If unset or set to an invalid value, defaults totext. - To send multiple notifications using the same notification template:
- Strings in the
NOTIFY_CHANNELSlist are now treated as unique names and do not necessarily refer to the notification template that will be called, though they do by default. - Add another notification channel to
NOTIFY_CHANNELSindockcheck.config. The name can contain upper and lower case letters, numbers and underscores, but can't start with a number. - Add the variable
<channel>_TEMPLATEtodockcheck.configwhere<channel>is the name of the channel added above and set the value to an available notification template script (slack,apprise,gotify, etc.) - Add all other environment variables required for the chosen template to function with
<channel>in upper case as the prefix rather than the template name.- For example, if
<channel>ismynotificationand the template configured isslack, you would need to setMYNOTIFICATION_CHANNEL_IDandMYNOTIFICATION_ACCESS_TOKEN.
- For example, if
- Strings in the
There's a function to use a lookup-file to add release note URL's to the notification message.
Copy the notify_templates/urls.list file to the script directory, it will be used automatically if it's there.
Modify it as necessary, the names of interest in the left column needs to match your container names.
To also list the URL's in the CLI output (choose containers list) use the -I option or variable config.
For Markdown formatting also add the -M option. (this requires the template to be compatible - see gotify for example)
The output of the notification will look something like this:
Containers on hostname with updates available:
apprise-api -> https://github.com/linuxserver/docker-apprise-api/releases
homer -> https://github.com/bastienwirtz/homer/releases
nginx -> https://github.com/docker-library/official-images/blob/master/library/nginx
...
The urls.list file is just an example and I'd gladly see that people contribute back when they add their preferred URLs to their lists.
Pass -x N where N is number of subprocesses allowed, experiment in your environment to find a suitable max!
Change the default value by editing the MaxAsync=N variable in dockcheck.sh. To disable the subprocess function set MaxAsync=0.
If you run your container through the Container Manager GUI - only notifications are supported.
While if running manual (vanilla docker compose CLI) will allow you to use the update function too.
Some extra setup to tie together with Synology DSM - check out the addons/DSM/README.md.
Dockcheck can be used together with Prometheus and node_exporter to export metrics via the file collector, scheduled with cron or likely.
This is done with the -c option, like this:
dockcheck.sh -c /path/to/exporter/directory
See the README.md for more detailed information on how to set it up!
Contributed by tdralle.
If you already use Zabbix - this config will show numbers of available docker image updates on host.
Example: 2 Docker Image updates on host-xyz
See project: thetorminal/zabbix-docker-image-updates
A custom python script to serve a REST API to get pulled into other monitoring tools like homepage.
See discussion here.
A custom bash wrapper script to allow the usage of dockcheck as a Unraid User Script plugin.
See discussion here.
Optionally add labels to compose-files. Currently these are the usable labels:
labels:
mag37.dockcheck.update: true
mag37.dockcheck.only-specific-container: true
mag37.dockcheck.restart-stack: true
mag37.dockcheck.update: truewill when used with the-loption only check and update containers with this label set and skip the rest.mag37.dockcheck.only-specific-container: trueworks instead of the-Foption, specifying the updated container when doing compose up, likedocker compose up -d homer.mag37.dockcheck.restart-stack: trueworks instead of the-foption, forcing stop+restart on the whole compose-stack (Caution: Will restart on every updated container within stack).
Adding or modifying labels in compose-files requires a restart of the container to take effect.
regctl provides binaries for amd64/arm64, to use on other architecture you could try this workaround.
Run regctl in a container wrapped in a shell script. Copied from regclient/docs/install.md:
cat >regctl <<EOF
#!/bin/sh
opts=""
case "\$*" in
"registry login"*) opts="-t";;
esac
docker container run \$opts -i --rm --net host \\
-u "\$(id -u):\$(id -g)" -e HOME -v \$HOME:\$HOME \\
-v /etc/docker/certs.d:/etc/docker/certs.d:ro \\
ghcr.io/regclient/regctl:latest "\$@"
EOF
chmod 755 regctlTest it with ./regctl --help and then either add the file to the same path as dockcheck.sh or in your path (eg. ~/.local/bin/regctl).
Due to recent changes in Docker Hub usage and limits
Unauthenticated users: 10 pulls/hour
Authenticated users with a free account: 100 pulls/hour
This is not an issue for registry checks. But if you have a large stack and pull more than 10 updates at once consider updating more often or to create a free account.
You could use/modify the login-wrapper function in the example below to automate the login prior to running dockcheck.sh.
Example - Change names, paths, and remove cat+password flag if you rather get prompted:
function dchk {
cat ~/pwd.txt | docker login --username YourUser --password-stdin
~/dockcheck.sh "$@"
}Wont auto-update the containers, only their images. (compose is recommended)
docker run dont support using new images just by restarting a container.
Containers need to be manually stopped, removed and created again to run on the new image.
Using the -r option together with eg. -i and -n to just check for updates and send notifications and not update is safe though!
- No detailed error feedback (just skip + list what's skipped).
- Not respecting
--profileoptions when re-creating the container. - Not working well with containers created by Portainer.
- Watchtower might cause issues due to retagging images when checking for updates (and thereby pulling new images).
If you hit issues, you could check the output of the extras/errorCheck.sh script for clues.
Another option is to run the main script with debugging in a subshell bash -x dockcheck.sh - if there's a particular container/image that's causing issues you can filter for just that through bash -x dockcheck.sh nginx.
dockcheck is created and released under the GNU GPL v3.0 license.
๐ธ avegy ๐ธ eichhorn ๐ธ stepdg ๐ธ acer2220 ๐ธ shgew ๐ธ jonas3456 ๐ธ 4ndreasH ๐ธ
