I’ve just set WatchTower to one-shot runs and whenever I have some time to fix eventual issues, I start the WatchTower container, it’ll pull any updates and stop again. No need to mess with my compose files (all set to latest) and no need for pull requests or similar.
This. Except for a few projects that have given me headaches for an automatic update before (I’m looking at you Jellyfin). Those I have them locked to a version and only upgrade when I think it’s truly stable (spoiler: stable release was not stable) and when I know I will have time to fix things that may broke.
If I understood correctly, he manually runs watchtower to poll rather than leaving it running all the time. What wasn’t clear to me was if he has it doing the updates (evidenced by him saying he cleans up where needed after) or just pull down the updated images and he then manually restarts/rebuilds the container.
I leave it running all the time and it only updates at something like 03:00. The only containers I don’t have set to latest are DBs as major updates tend to break things.
Yes, I’ve set WATCHTOWER_RUN_ONCE and run it manually (letting it download and automatically apply the updates) when I find time. In the rare case something breaks, I can fix it immediately or roll back the broken container by setting the label to the previous version.
I’ve just set WatchTower to one-shot runs and whenever I have some time to fix eventual issues, I start the WatchTower container, it’ll pull any updates and stop again. No need to mess with my compose files (all set to
latest) and no need for pull requests or similar.Sounds like your would benefit from using dockcheck.sh for your use case.
Yeah, if you run
latest, there’s no need for renovate. I don’t thoughThis. Except for a few projects that have given me headaches for an automatic update before (I’m looking at you Jellyfin). Those I have them locked to a version and only upgrade when I think it’s truly stable (spoiler: stable release was not stable) and when I know I will have time to fix things that may broke.
Interesting. Can you clarify what you meant by one-shot runs?
I have watchtower running all the time, would it be worth it/is it best practice to stop it
If I understood correctly, he manually runs watchtower to poll rather than leaving it running all the time. What wasn’t clear to me was if he has it doing the updates (evidenced by him saying he cleans up where needed after) or just pull down the updated images and he then manually restarts/rebuilds the container.
I leave it running all the time and it only updates at something like 03:00. The only containers I don’t have set to latest are DBs as major updates tend to break things.
Yes, I’ve set
WATCHTOWER_RUN_ONCEand run it manually (letting it download and automatically apply the updates) when I find time. In the rare case something breaks, I can fix it immediately or roll back the broken container by setting the label to the previous version.