Andreas/dockcheck
1
0
Fork 0
mirror of https://github.com/mag37/dockcheck.git synced 2026-02-14 15:28:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

permission checks, dsm readme, markdown (#171)

Browse source 
* added check for docker socket permissions

* added sudo-check to pkg-manager

* corrected variable typo and some printf colors

* and newline..

* DSM extra readme added

* final tweaks, DSM readme

* added markdown to readme

* added markdown support to telegram template

* removed container specification from compose up -d
This will ensure any dependant containers in the same stack will
restart, others will be untouched.

* Rearranged where the url enrichment happens
This commit is contained in:
mag37 2025-05-02 21:40:24 +02:00 committed by GitHub
parent e393a781cf
commit eb57b63a10
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 74 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -55,6 +55,7 @@ Options:
-I Prints custom releasenote urls alongside each container with updates (requires urls.list). -I Prints custom releasenote urls alongside each container with updates (requires urls.list).
-l Only update if label is set. See readme. -l Only update if label is set. See readme.
-m Monochrome mode, no printf colour codes and hides progress bar. -m Monochrome mode, no printf colour codes and hides progress bar.
-M Prints custom releasenote urls as markdown.
-n No updates, only checking availability. -n No updates, only checking availability.
-p Auto-Prune dangling images after update. -p Auto-Prune dangling images after update.
-r Allow updating images for docker run, wont update the container. -r Allow updating images for docker run, wont update the container.
@ -147,6 +148,7 @@ There's a function to use a lookup-file to add release note URL's to the notific
Copy the notify_templates/`urls.list` file to the script directory, it will be used automatically if it's there. Copy the notify_templates/`urls.list` file to the script directory, it will be used automatically if it's there.
Modify it as necessary, the names of interest in the left column needs to match your container names. Modify it as necessary, the names of interest in the left column needs to match your container names.
To also list the URL's in the CLI output (choose containers list) use the `-I` option or variable config. To also list the URL's in the CLI output (choose containers list) use the `-I` option or variable config.
For Markdown formatting - also add the `-M` option.
The output of the notification will look something like this: The output of the notification will look something like this:
``` ```
@ -165,6 +167,11 @@ Change the default value by editing the `MaxAsync=N` variable in `dockcheck.sh`.
## :chart_with_upwards_trend: Extra plugins and tools: ## :chart_with_upwards_trend: Extra plugins and tools:
### :small_orange_diamond: Using dockcheck.sh with the Synology DSM
If you run your container through the *Container Manager GUI* - only notifications are supported.
While if running manual (vanilla docker compose CLI) will allow you to use the update function too.
Some extra setup to tie together with Synology DSM - check out the [addons/DSM/README.md](./addons/DSM/README.md).
### :small_orange_diamond: Prometheus and node_exporter ### :small_orange_diamond: Prometheus and node_exporter
Dockcheck can be used together with [Prometheus](https://github.com/prometheus/prometheus) and [node_exporter](https://github.com/prometheus/node_exporter) to export metrics via the file collector, scheduled with cron or likely. Dockcheck can be used together with [Prometheus](https://github.com/prometheus/prometheus) and [node_exporter](https://github.com/prometheus/node_exporter) to export metrics via the file collector, scheduled with cron or likely.
This is done with the `-c` option, like this: This is done with the `-c` option, like this:

35
addons/DSM/README.md Normal file
View file

@ -0,0 +1,35 @@
## Using Dockcheck in DSM
Dockcheck cannot directly update containers managed in the Container Manager GUI, but it can still be used to notify you of containers with updates available. There are two ways to be notified, each with their own caveats:
1. Enabling email notifications within the Task Scheduler (_step 6i below_) will send an email that includes the entire script as run. This will not include the `urls.list` links to release notes, but it will show a full list of containers checked, up to date, and needing updates (following the args included in the scheduled task).
2. The [DSM notification template](https://github.com/mag37/dockcheck/blob/main/notify_templates/notify_DSM.sh) will enable Dockcheck to directly send an email when using the `-i` flag. This is most useful when paired with an accurate [urls.list](https://github.com/mag37/dockcheck/blob/next063/notify_templates/urls.list) file, and results in a neat succinct email notification of only containers to be updated.
This is a user preference, and both notifications are not necessary. However, regardless of the notification method, it is necessary to set up a scheduled task to run Dockcheck at a set interval (otherwise it will only run when manually triggered).
## Automate Dockcheck with DSM Task Scheduler:
1. Open Control Panel and navigate to Task Scheduler
2. Create a Scheduled Task > User-defined script
3. Task Name: Dockcheck
4. User: root
5. Schedule: _User Preference_
6. Task Settings:
1. ✔ Send run details by email (include preferred email) _This is the optional step as described above)_
2. User-defined script: `export HOME=/root && cd /path/to/dockcheck && ./dockcheck.sh -n -i -I ` _or other custom args_
8. Click OK, accept warning message
## Set up the DSM Notification template
Copy the [dockcheck/notify_templates/notify_DSM.sh](https://github.com/mag37/dockcheck/blob/main/notify_templates/notify_DSM.sh) to the same directory as where you keep `dockcheck.sh`.
Use as is (uses your default notification email setting) or edit and override manually.
![](./dsm1.png)
![](./dsm2.png)
![](./dsm3.png)
Made with much help and contribution from [@firmlyundecided](https://github.com/firmlyundecided) and [@yoyoma2](https://github.com/yoyoma2).

BIN
addons/DSM/dsm1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
addons/DSM/dsm2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
addons/DSM/dsm3.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 28 KiB

37
dockcheck.sh
View file

@ -229,6 +229,7 @@ progress_bar() {
# Function to add user-provided urls to releasenotes # Function to add user-provided urls to releasenotes
releasenotes() { releasenotes() {
unset Updates
for update in "${GotUpdates[@]}"; do for update in "${GotUpdates[@]}"; do
found=false found=false
while read -r container url; do while read -r container url; do
@ -261,11 +262,18 @@ binary_downloader() {
} }
distro_checker() { distro_checker() {
if [[ -f /etc/arch-release ]]; then PkgInstaller="sudo pacman -S" isRoot=false
elif [[ -f /etc/redhat-release ]]; then PkgInstaller="sudo dnf install" [[ ${EUID:-} == 0 ]] && isRoot=true
elif [[ -f /etc/SuSE-release ]]; then PkgInstaller="sudo zypper install" if [[ -f /etc/alpine-release ]] ; then
elif [[ -f /etc/debian_version ]]; then PkgInstaller="sudo apt-get install" [[ "$isRoot" == true ]] && PkgInstaller="apk add" || PkgInstaller="doas apk add"
elif [[ -f /etc/alpine-release ]] ; then PkgInstaller="doas apk add" elif [[ -f /etc/arch-release ]]; then
[[ "$isRoot" == true ]] && PkgInstaller="pacman -S" || PkgInstaller="sudo pacman -S"
elif [[ -f /etc/debian_version ]]; then
[[ "" == true ]] && PkgInstaller="apt-get install" || PkgInstaller="sudo apt-get install"
elif [[ -f /etc/redhat-release ]]; then
[[ "$isRoot" == true ]] && PkgInstaller="dnf install" || PkgInstaller="sudo dnf install"
elif [[ -f /etc/SuSE-release ]]; then
[[ "$isRoot" == true ]] && PkgInstaller="zypper install" || PkgInstaller="sudo zypper install"
elif [[ $(uname -s) == "Darwin" ]]; then PkgInstaller="brew install" elif [[ $(uname -s) == "Darwin" ]]; then PkgInstaller="brew install"
else PkgInstaller="ERROR"; printf "\n%bNo distribution could be determined%b, falling back to static binary.\n" "$c_yellow" "$c_reset" else PkgInstaller="ERROR"; printf "\n%bNo distribution could be determined%b, falling back to static binary.\n" "$c_yellow" "$c_reset"
fi fi
@ -279,7 +287,7 @@ dependency_check() {
if command -v "$AppName" &>/dev/null; then export "$AppVar"="$AppName"; if command -v "$AppName" &>/dev/null; then export "$AppVar"="$AppName";
elif [[ -f "$ScriptWorkDir/$AppName" ]]; then export "$AppVar"="$ScriptWorkDir/$AppName"; elif [[ -f "$ScriptWorkDir/$AppName" ]]; then export "$AppVar"="$ScriptWorkDir/$AppName";
else else
printf "%s\n" "Required dependency '$AppName' missing, do you want to install it?" printf "%s\n" "Required dependency %b'%s'%b missing, do you want to install it?\n" "$c_teal" "$AppName" "$c_reset"
read -r -p "y: With packagemanager (sudo). / s: Download static binary. y/s/[n] " GetBin read -r -p "y: With packagemanager (sudo). / s: Download static binary. y/s/[n] " GetBin
GetBin=${GetBin:-no} # set default to no if nothing is given GetBin=${GetBin:-no} # set default to no if nothing is given
if [[ "$GetBin" =~ [yYsS] ]]; then if [[ "$GetBin" =~ [yYsS] ]]; then
@ -297,7 +305,7 @@ dependency_check() {
fi fi
if [[ "$GetBin" =~ [sS] ]] || [[ "$PkgInstaller" == "ERROR" ]]; then if [[ "$GetBin" =~ [sS] ]] || [[ "$PkgInstaller" == "ERROR" ]]; then
binary_downloader "$AppName" "$AppUrl" binary_downloader "$AppName" "$AppUrl"
[[ -f "$ScriptWorkDir/$AppName" ]] && { export "$AppVar"="$ScriptWorkDir/$1" && printf "\n%b%b downloaded.%b\n" "$c_green" "$AppName" "$c_reset"; } [[ -f "$ScriptWorkDir/$AppName" ]] && { export "$AppVar"="$ScriptWorkDir/$1" && printf "\n%b%s downloaded.%b\n" "$c_green" "$AppName" "$c_reset"; }
fi fi
else printf "\n%bDependency missing, exiting.%b\n" "$c_red" "$c_reset"; exit 1; else printf "\n%bDependency missing, exiting.%b\n" "$c_red" "$c_reset"; exit 1;
fi fi
@ -310,9 +318,8 @@ dependency_check() {
# Numbered List function # Numbered List function
# if urls.list exists add release note url per line # if urls.list exists add release note url per line
options() { list_options() {
num=1 num=1
if [[ -s "$ScriptWorkDir/urls.list" ]] && [[ "$PrintReleaseURL" == true ]]; then releasenotes; else Updates=("${GotUpdates[@]}"); fi
for update in "${Updates[@]}"; do for update in "${Updates[@]}"; do
echo "$num) $update" echo "$num) $update"
((num++)) ((num++))
@ -335,6 +342,7 @@ dependency_check "regctl" "regbin" "https://github.com/regclient/regclient/relea
dependency_check "jq" "jqbin" "https://github.com/jqlang/jq/releases/latest/download/jq-linux-TEMP" dependency_check "jq" "jqbin" "https://github.com/jqlang/jq/releases/latest/download/jq-linux-TEMP"
# Check docker compose binary # Check docker compose binary
docker info &>/dev/null || { printf "\n%bYour current user does not have permissions to the docker socket - may require root / docker group. Exiting.%b\n" "$c_red" "$c_reset"; exit 1; }
if docker compose version &>/dev/null; then DockerBin="docker compose" ; if docker compose version &>/dev/null; then DockerBin="docker compose" ;
elif docker-compose -v &>/dev/null; then DockerBin="docker-compose" ; elif docker-compose -v &>/dev/null; then DockerBin="docker-compose" ;
elif docker -v &>/dev/null; then elif docker -v &>/dev/null; then
@ -408,7 +416,7 @@ if (echo "test" | xargs -P 2 >/dev/null 2>&1) && [[ "$MaxAsync" != 0 ]]; then
XargsAsync="-P $MaxAsync" XargsAsync="-P $MaxAsync"
else else
XargsAsync="" XargsAsync=""
[[ "$MaxAsync" != 0 ]] && printf "%bMissing POSIX xargs, consider installing 'findutils' for asynchronous lookups.%b\n" "$c_red" "$c_reset" [[ "$MaxAsync" != 0 ]] && printf "%bMissing POSIX xargs, consider installing 'findutils' for asynchronous lookups.%b\n" "$c_yellow" "$c_reset"
fi fi
# Asynchronously check the image-hash of every running container VS the registry # Asynchronously check the image-hash of every running container VS the registry
@ -460,9 +468,10 @@ if [[ -n ${GotErrors[*]:-} ]]; then
printf "%binfo:%b 'unauthorized' often means not found in a public registry.\n" "$c_blue" "$c_reset" printf "%binfo:%b 'unauthorized' often means not found in a public registry.\n" "$c_blue" "$c_reset"
fi fi
if [[ -n ${GotUpdates[*]:-} ]]; then if [[ -n ${GotUpdates[*]:-} ]]; then
printf "\n%bContainers with updates available:%b\n" "$c_yellow" "$c_reset" printf "\n%bContainers with updates available:%b\n" "$c_yellow" "$c_reset"
[[ "$AutoMode" == false ]] && options || printf "%s\n" "${GotUpdates[@]}" if [[ -s "$ScriptWorkDir/urls.list" ]] && [[ "$PrintReleaseURL" == true ]]; then releasenotes; else Updates=("${GotUpdates[@]}"); fi
[[ "$Notify" == true ]] && { type -t send_notification &>/dev/null && send_notification "${GotUpdates[@]}" || printf "Could not source notification function.\n"; } [[ "$AutoMode" == false ]] && list_options || printf "%s\n" "${Updates[@]}"
[[ "$Notify" == true ]] && { type -t send_notification &>/dev/null && send_notification "${GotUpdates[@]}" || printf "Could not source notification function.\n"; }
fi fi
# Optionally get updates if there's any # Optionally get updates if there's any
@ -525,7 +534,7 @@ if [[ -n "${GotUpdates:-}" ]]; then
if [[ "$ContRestartStack" == true ]] || [[ "$ForceRestartStacks" == true ]]; then if [[ "$ContRestartStack" == true ]] || [[ "$ForceRestartStacks" == true ]]; then
${DockerBin} ${CompleteConfs} stop; ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d ${DockerBin} ${CompleteConfs} stop; ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d
else else
${DockerBin} ${CompleteConfs} ${ContEnvs} up -d ${ContName} || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; } ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; }
fi fi
done done
if [[ "$AutoPrune" == false ]] && [[ "$AutoMode" == false ]]; then printf "\n"; read -rep "Would you like to prune dangling images? y/[n]: " AutoPrune; fi if [[ "$AutoPrune" == false ]] && [[ "$AutoMode" == false ]]; then printf "\n"; read -rep "Would you like to prune dangling images? y/[n]: " AutoPrune; fi

11
notify_templates/notify_telegram.sh
View file

@ -1,5 +1,5 @@
### DISCLAIMER: This is a third party addition to dockcheck - best effort testing. ### DISCLAIMER: This is a third party addition to dockcheck - best effort testing.
NOTIFY_TELEGRAM_VERSION="v0.1" NOTIFY_TELEGRAM_VERSION="v0.2"
# #
# Copy/rename this file to notify.sh to enable the notification snippet. # Copy/rename this file to notify.sh to enable the notification snippet.
# Required receiving services must already be set up. # Required receiving services must already be set up.
@ -8,12 +8,19 @@ NOTIFY_TELEGRAM_VERSION="v0.1"
FromHost=$(hostname) FromHost=$(hostname)
trigger_notification() { trigger_notification() {
if [[ "$PrintMarkdownURL" == true ]]; then
ParseMode="Markdown"
else
ParseMode="HTML"
fi
# Modify to fit your setup: # Modify to fit your setup:
TelegramToken="Your Telegram token here" TelegramToken="Your Telegram token here"
TelegramChatId="Your Telegram ChatId here" TelegramChatId="Your Telegram ChatId here"
TelegramUrl="https://api.telegram.org/bot$TelegramToken" TelegramUrl="https://api.telegram.org/bot$TelegramToken"
TelegramTopicID=12345678 ## Set to 0 if not using specific topic within chat TelegramTopicID=12345678 ## Set to 0 if not using specific topic within chat
TelegramData="{\"chat_id\":\"$TelegramChatId\",\"text\":\"$MessageBody\",\"message_thread_id\":\"$TelegramTopicID\",\"disable_notification\": false}" TelegramData="{\"chat_id\":\"$TelegramChatId\",\"text\":\"$MessageBody\",\"message_thread_id\":\"$TelegramTopicID\",\"disable_notification\": false,\"parse_mode\": \"$ParseMode\",\"disable_web_page_preview\": true}"
curl -sS -o /dev/null --fail -X POST "$TelegramUrl/sendMessage" -H 'Content-Type: application/json' -d "$TelegramData" curl -sS -o /dev/null --fail -X POST "$TelegramUrl/sendMessage" -H 'Content-Type: application/json' -d "$TelegramData"
} }