docs: Revise watchtower page and adapt to community fork (#4641)#50
Conversation
* docs: Revise `watchtower` page and adapt to community fork * docs: Use the GHCR registry for `watchtower` * chore: Update `CHANGELOG.md`
There was a problem hiding this comment.
Pull request overview
This PR updates the watchtower documentation to migrate from the unmaintained original project (containrrr/watchtower) to a maintained community fork (nicholas-fedor/watchtower). The documentation is revised to use the new image registry (GHCR) and includes updated links to the community fork's documentation.
Changes:
- Updated watchtower image reference from
containrrr/watchtowertoghcr.io/nickfedor/watchtower - Revised and expanded documentation with clearer explanations of watchtower behavior
- Added info box explaining the unmaintained status of the original project and the community fork
- Updated all documentation links to point to the community fork's documentation site
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| docs/content/config/advanced/maintenance/update-and-cleanup.md | Comprehensive revision of watchtower documentation, migrating references from the original unmaintained project to the community fork, with expanded explanations and updated links |
| CHANGELOG.md | Added entry documenting the migration to the community fork in the Updated/Documentation section |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ``` | ||
|
|
||
| !!! tip "The image tag used for a container is monitored for updates (eg: `:latest`, `:edge`, `:13`)" | ||
| The `watchtower` container can use the [`WATCHTOWER_CLEANUP=true` ENV (CLI option: `--cleanup`)][watchtower-docs::cleanup] to enable automatic cleanup (removal) of the previous image used for container it updates. Removal occurs after the container is restarted with the new image pulled. |
There was a problem hiding this comment.
Grammar error: "for container it updates" is missing an article. Should be "for each container it updates" or "for the container it updates".
| The `watchtower` container can use the [`WATCHTOWER_CLEANUP=true` ENV (CLI option: `--cleanup`)][watchtower-docs::cleanup] to enable automatic cleanup (removal) of the previous image used for container it updates. Removal occurs after the container is restarted with the new image pulled. | |
| The `watchtower` container can use the [`WATCHTOWER_CLEANUP=true` ENV (CLI option: `--cleanup`)][watchtower-docs::cleanup] to enable automatic cleanup (removal) of the previous image used for each container it updates. Removal occurs after the container is restarted with the new image pulled. |
| By default the `watchtower` service will check every 24 hours for new image updates to pull, based on currently running containers (_**not restricted** to only those running within your `compose.yaml`_). | ||
|
|
||
| Images eligible for updates can configured with a [custom `command`][docker-docs-compose-command] that provides a list of container names, or via other supported options (eg: labels). This configuration is detailed in the [`watchtower` docs][watchtower-docs]. | ||
| Images eligible for updates can configured with a [custom `command`][docker-docs::compose-command] that provides a list of container names, alternatively via [container labels to monitor only specific containers][watchtower-docs::monitor-labels] (_or instead exclude specific containers from monitoring_). |
There was a problem hiding this comment.
Grammar error: "Images eligible for updates can configured" is missing "be". Should be "Images eligible for updates can be configured".
| Images eligible for updates can configured with a [custom `command`][docker-docs::compose-command] that provides a list of container names, alternatively via [container labels to monitor only specific containers][watchtower-docs::monitor-labels] (_or instead exclude specific containers from monitoring_). | |
| Images eligible for updates can be configured with a [custom `command`][docker-docs::compose-command] that provides a list of container names, alternatively via [container labels to monitor only specific containers][watchtower-docs::monitor-labels] (_or instead exclude specific containers from monitoring_). |
| - Omit the minor or patch portion of the semver tag to receive updates for the omitted portion (_eg: `13` will represent the latest minor + patch release of `v13`_). | ||
| --- | ||
|
|
||
| The tag for an image is never modified by `watchtower`, instead `watchtower` monitors the image digest associated to that image tag (_which will change to a new image digest if a new image release reassigns the tag_), when the digest for the tag changes this triggers a pull of the new image. |
There was a problem hiding this comment.
This sentence is a run-on sentence with multiple independent clauses joined only by commas. Consider breaking it into multiple sentences or using proper conjunctions. For example: "The tag for an image is never modified by watchtower. Instead, watchtower monitors the image digest associated to that image tag (which will change to a new image digest if a new image release reassigns the tag). When the digest for the tag changes, this triggers a pull of the new image."
| The tag for an image is never modified by `watchtower`, instead `watchtower` monitors the image digest associated to that image tag (_which will change to a new image digest if a new image release reassigns the tag_), when the digest for the tag changes this triggers a pull of the new image. | |
| The tag for an image is never modified by `watchtower`. Instead, `watchtower` monitors the image digest associated with that image tag (_which will change to a new image digest if a new image release reassigns the tag_). When the digest for the tag changes, this triggers a pull of the new image. |
| image: ghcr.io/nickfedor/watchtower:latest | ||
| # Automatic cleanup: | ||
| environment: | ||
| - WATCHTOWER_CLEANUP=true | ||
| volumes: | ||
| - /var/run/docker.sock:/var/run/docker.sock |
There was a problem hiding this comment.
Using the third-party ghcr.io/nickfedor/watchtower:latest image while mounting the host’s /var/run/docker.sock and relying on the mutable latest tag introduces a significant supply-chain risk. If the image registry or tag is ever compromised, a malicious image could be pulled and run with broad control over all Docker containers (and potentially the host). To reduce this risk, document this example using a trusted image reference pinned to a specific version or immutable digest and recommend a safe update process instead of :latest.
docs: Revise
watchtowerpage and adapt to community forkdocs: Use the GHCR registry for
watchtowerchore: Update
CHANGELOG.mdDescription
Fixes #
Type of change
Checklist
docs/)CHANGELOG.md