first PoC for writing old+new image digests to log, more work needed!

Sanitize message for Matrix notifications (#243 )
* Sanitize message for Matrix notifications * Use variable for jq and increment version of Matrix script --------- Co-authored-by: martin <martin@meissnitzer.dev>
2026-04-18 10:27:54 +00:00 · 2025-12-14 12:27:18 +01:00 · 2025-12-14 11:49:56 +01:00 · 2025-12-12 11:12:57 +01:00 · 2025-12-12 11:00:42 +01:00 · 2025-11-13 06:17:25 +01:00
6 changed files with 248 additions and 122 deletions
--- a/README.md
+++ b/README.md
@@ -13,16 +13,30 @@
 </p>

 <h2 align="center">CLI tool to automate docker image updates or notifying when updates are available.</h2>
-<h3 align="center">selective updates, exclude containers, custom labels, notification plugins, prune when done etc.</h3>
+<h3 align="center">selective updates, include/exclude containers, image backups, custom labels, notification plugins, prune when done etc.</h3>

-<h4 align="center">:whale: Docker Hub pull limit :chart_with_downwards_trend: not an issue for checks but for actual pulls - <a href="#whale-docker-hub-pull-limit-chart_with_downwards_trend-not-an-issue-for-checks-but-for-actual-pulls">read more</a></h4>
+<h4 align="center">:whale: Docker Hub pull limit :chart_with_downwards_trend: not an issue for checks only for actual pulls - <a href="#whale-docker-hub-pull-limit-chart_with_downwards_trend-not-an-issue-for-checks-but-for-actual-pulls">read more</a></h4>

 <h5 align="center">For Podman - see the fork <a href="https://github.com/sudo-kraken/podcheck">sudo-kraken/podcheck</a>!</h4>

 ___
 ## Changelog

-
+- **v0.7.5**:
+    - Added new option **BackupForDays**; `-b N` and `-B`:
+      - Backup an image before pulling a new version for easy rollback in case of breakage.
+      - Removes backed up images older than *N* days.
+      - List currently backed up images with `-B`.
+    - Fixes:
+      - Bugfix for `-s` *Stopped* to not recreate stopped containers after update.
+- **v0.7.4**:
+    - Added new option `-R`:
+      - Will skip container recreation after pulling images.
+      - Allows for more control and possible pipeline integration.
+    - Fixes:
+      - Bugfix for *value too great* error due to leading zeroes - solved with base10 conversion.
+      - Clean up of some legacy readme sections.
+- **v0.7.3**: Bugfix - unquoted variable in printf list caused occasional issues.
 - **v0.7.2**:
    - Label rework:
      - Moved up label logic to work globally on the current run.
@@ -31,20 +45,6 @@ ___
    - List reformatting for "available updates" numbering to easier highlight and copy:
      - Padded with zero, changed `)` to `-`, example: `02 - homer`
      - Can be selected by writing `2,3,4` or `02,03,04`.
- **v0.7.1**:
-    - Added support for multiple notifications using the same template
-    - Added support for notification output format
-    - Added support for file output
-    - Added optional configuration variables per channel to (replace `<channel>` with any channel name):
-      - `<channel>_TEMPLATE` : Specify a template
-      - `<channel>_SKIPSNOOZE` : Skip snooze
-      - `<channel>_CONTAINERSONLY` : Only notify for docker container related updates
-      - `<channel>_ALLOWEMPTY` : Always send notifications, even when empty
-      - `<channel>_OUTPUT` : Define output format
- **v0.7.0**:
-    - Bugfix: snooze dockcheck.sh-self-notification and some config clarification.
-    - Added authentication support to Ntfy.sh.
-    - Added suport for sendmail in the SMTP-template.
 ___


@@ -58,6 +58,8 @@ Example:    dockcheck.sh -y -x 10 -d 10 -e nextcloud,heimdall

 Options:
 -a|y   Automatic updates, without interaction.
+-b N   Enable image backups and sets number of days to keep from pruning.
+-B     List currently backed up images, then exit.
 -c D   Exports metrics as prom file for the prometheus node_exporter. Provide the collector textfile directory.
 -d N   Only update to new images that are N+ days old. Lists too recent with +prefix and age. 2xSlower.
 -e X   Exclude containers, separated by comma.
@@ -72,6 +74,7 @@ Options:
 -n     No updates, only checking availability.
 -p     Auto-Prune dangling images after update.
 -r     Allow checking for updates/updating images for docker run containers. Won't update the container.
+-R     Skip container recreation after pulling images.
 -s     Include stopped containers in the check. (Logic: docker ps -a).
 -t N   Set a timeout (in seconds) per container for registry checkups, 10 is default.
 -u     Allow automatic self updates - caution as this will pull new code and autorun it.
@@ -82,18 +85,19 @@ Options:
 ### Basic example:
 ```
 $ ./dockcheck.sh
-. . .
+[##################################################] 5/5
+
 Containers on latest version:
 glances
 homer

 Containers with updates available:
-1) adguardhome
-2) syncthing
-3) whoogle-search
+01) adguardhome
+02) syncthing
+03) whoogle-search

 Choose what containers to update:
-Enter number(s) separated by comma, [a] for all - [q] to quit:
+Enter number(s) separated by comma, [a] for all - [q] to quit: 1,2
 ```
 Then it proceeds to run `pull` and `up -d` on every container with updates.  
 After the updates are complete, you'll get prompted if you'd like to prune dangling images.
@@ -101,7 +105,7 @@ After the updates are complete, you'll get prompted if you'd like to prune dangl
 ___

 ## Dependencies
- Running docker (duh) and compose, either standalone or plugin. (see [Podman fork](https://github.com/sudo-kraken/podcheck)  
+- Running docker (duh) and compose, either standalone or plugin. (see [Podman fork](https://github.com/sudo-kraken/podcheck))
 - Bash shell or compatible shell of at least v4.3
  - POSIX `xargs`, usually default but can be installed with the `findutils` package - to enable async.
 - [jq](https://github.com/jqlang/jq)
@@ -241,6 +245,23 @@ The `urls.list` file is just an example and I'd gladly see that people contribut
 Pass `-x N` where N is number of subprocesses allowed, experiment in your environment to find a suitable max!  
 Change the default value by editing the `MaxAsync=N` variable in `dockcheck.sh`. To disable the subprocess function set `MaxAsync=0`.

+## Image Backups; `-b N` to backup previous images as custom (retagged) images for easy rollback
+When the option `BackupForDays` is set **dockcheck** will store the image being updated as a backup, retagged with a different name and removed due to age configured (*BackupForDays*) in a future run.  
+Let's say we're updating `b4bz/homer:latest` - then before replacing the current image it will be retagged with the name `dockcheck/homer:2025-10-26_1132_latest`
+- `dockcheck` as repo name to not interfere with others.
+- `homer` is the image.
+- `2025-10-26_1132` is the time when running the script.
+- `latest` is the tag of the image.
+
+Then if an update breaks, you could restore the image by stopping the container, delete the new image, eg. `docker rmi b4bz/homer:latest`, then retag the backup as latest `docker tag dockcheck/homer:<date>_latest b4bz/homer:latest`.  
+After that, start the container again (now with the backup image active) and it will be updated as usual next time you run dockcheck or other updates.
+
+The backed up images will be removed if they're older than *BackupForDays* value (passed as `-b N` or set in the `dockcheck.config` with `BackupForDays=N`) and then pruned.  
+If configured for eg. 7 days, force earlier cleaning by just passing a lower number of days, eg. `-b 2` to clean everything older than 2 days.  
+Backed up images will not be removed if neither `-b` flag nor `BackupForDays` config variable is set.
+
+Use the capital option `-B` to list currently backed up images. Or list all images with `docker images`.  
+To manually remove any backed up images, do `docker rmi dockcheck/homer:2025-10-26_1132_latest`.  

 ## Extra plugins and tools:

@@ -344,11 +365,17 @@ dockcheck is created and released under the [GNU GPL v3.0](https://www.gnu.org/l

 ## Sponsorlist

- [avegy](https://github.com/avegy)
- [eichhorn](https://github.com/eichhorn)
- [stepdg](https://github.com/stepdg)
- [acer2220](https://github.com/acer2220)
- [shgew](https://github.com/shgew)
+:small_orange_diamond: [avegy](https://github.com/avegy)
+:small_orange_diamond: [eichhorn](https://github.com/eichhorn)
+:small_orange_diamond: [stepdg](https://github.com/stepdg)
+:small_orange_diamond: [acer2220](https://github.com/acer2220)
+:small_orange_diamond: [shgew](https://github.com/shgew)
+:small_orange_diamond: [jonas3456](https://github.com/jonas3456)
+:small_orange_diamond: [4ndreasH](https://github.com/4ndreasH)
+:small_orange_diamond: [markoe01](https://github.com/markoe01)
+:small_orange_diamond: [mushrowan](https://github.com/mushrowan)
+:small_orange_diamond:
+
 ___

 ### The [story](https://mag37.org/posts/project_dockcheck/) behind it. 1 year in retrospect.
--- a/default.config
+++ b/default.config
@@ -19,6 +19,7 @@
 #OnlyLabel=true    # Only update if label is set. See readme.
 #ForceRestartStacks=true    # Force stop+start stack after update. Caution: restarts once for every updated container within stack.
 #DRunUp=true    # Allow updating images for docker run, wont update the container.
+#SkipRecreate    # Skip container recreation after pulling images.
 #MonoMode=true    # Monochrome mode, no printf colour codes and hides progress bar.
 #PrintReleaseURL=true   # Prints custom releasenote urls alongside each container with updates (requires urls.list)`
 #PrintMarkdownURL=true    # Prints custom releasenote urls as markdown
@@ -27,6 +28,7 @@
 #CurlRetryCount=3    # Max number of curl retries
 #CurlConnectTimeout=5    # Time to wait for curl to establish a connection before failing
 #DisplaySourcedFiles=false    # Display what files are being sourced/used
+#BackupForDays=7    # Enable backups of images and removes backups older than N days.

 ### Notify settings
 ## All commented values are examples only. Modify as needed.
@@ -89,4 +91,3 @@
 # TELEGRAM_TOPIC_ID="0"
 #
 # FILE_PATH="${ScriptWorkDir}/updates_available.txt"
-
--- a/dockcheck.sh
+++ b/dockcheck.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-VERSION="v0.7.2"
-# ChangeNotes: Reformatted updates list, rewrote label logic to work globally when used with `-l`.
+VERSION="v0.7.5"
+# ChangeNotes: New option -b N to backup image before pulling for easy rollback.
 Github="https://github.com/mag37/dockcheck"
 RawUrl="https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh"

@@ -34,6 +34,8 @@ Help() {
  echo
  echo "Options:"
  echo "-a|y   Automatic updates, without interaction."
+  echo "-b N   Enable image backups and sets number of days to keep from pruning."
+  echo "-B     List currently backed up images, then exit."
  echo "-c     Exports metrics as prom file for the prometheus node_exporter. Provide the collector textfile directory."
  echo "-d N   Only update to new images that are N+ days old. Lists too recent with +prefix and age. 2xSlower."
  echo "-e X   Exclude containers, separated by comma."
@@ -47,6 +49,7 @@ Help() {
  echo "-M     Prints custom releasenote urls as markdown (requires template support)."
  echo "-n     No updates; only checking availability without interaction."
  echo "-p     Auto-prune dangling images after update."
+  echo "-R     Skip container recreation after pulling images."
  echo "-r     Allow checking for updates/updating images for docker run containers. Won't update the container."
  echo "-s     Include stopped containers in the check. (Logic: docker ps -a)."
  echo "-t     Set a timeout (in seconds) per container for registry checkups, 10 is default."
@@ -57,6 +60,12 @@ Help() {
  echo "Project source: $Github"
 }

+# Print current backups function
+print_backups() {
+  printf "\n%b---%b Currently backed up images %b---%b\n\n" "$c_teal" "$c_blue" "$c_teal" "$c_reset"
+  docker images | sed -ne '/^REPOSITORY/p' -ne '/^dockcheck/p'
+}
+
 # Initialise variables
 Timeout=${Timeout:-10}
 MaxAsync=${MaxAsync:-1}
@@ -76,8 +85,10 @@ Stopped=${Stopped:-""}
 CollectorTextFileDirectory=${CollectorTextFileDirectory:-}
 Exclude=${Exclude:-}
 DaysOld=${DaysOld:-}
+BackupForDays=${BackupForDays:-}
 OnlySpecific=${OnlySpecific:-false}
 SpecificContainer=${SpecificContainer:-""}
+SkipRecreate=${SkipRecreate:-false}
 Excludes=()
 GotUpdates=()
 NoUpdates=()
@@ -95,9 +106,15 @@ c_blue="\033[0;34m"
 c_teal="\033[0;36m"
 c_reset="\033[0m"

-while getopts "ayfFhiIlmMnprsuvc:e:d:t:x:" options; do
+# Timestamps
+RunTimestamp=$(date +'%Y-%m-%d_%H%M')
+RunEpoch=$(date +'%s')
+
+while getopts "ayb:BfFhiIlmMnprsuvc:e:d:t:x:R" options; do
  case "${options}" in
    a|y) AutoMode=true ;;
+    b)   BackupForDays="${OPTARG}" ;;
+    B)   print_backups; exit 0 ;;
    c)   CollectorTextFileDirectory="${OPTARG}" ;;
    d)   DaysOld=${OPTARG} ;;
    e)   Exclude=${OPTARG} ;;
@@ -110,6 +127,7 @@ while getopts "ayfFhiIlmMnprsuvc:e:d:t:x:" options; do
    M)   PrintMarkdownURL=true ;;
    n)   DontUpdate=true; AutoMode=true;;
    p)   AutoPrune=true ;;
+    R)   SkipRecreate=true ;;
    r)   DRunUp=true ;;
    s)   Stopped="-a" ;;
    t)   Timeout="${OPTARG}" ;;
@@ -153,6 +171,13 @@ if [[ -n "$DaysOld" ]]; then
    exit 2
  fi
 fi
+if [[ -n "$BackupForDays" ]]; then
+  if ! [[ $BackupForDays =~ ^[0-9]+$ ]]; then
+    printf "-b argument given (%s) is not a number.\n" "$BackupForDays"
+    exit 2
+  fi
+  [[ "$AutoPrune" == true ]] && printf "%bWARNING: When -b option is used, -p has no function.%b\n" "$c_yellow" "$c_reset"
+fi
 if [[ -n "$CollectorTextFileDirectory" ]]; then
  if ! [[ -d  $CollectorTextFileDirectory ]]; then
    printf "The directory (%s) does not exist.\n" "$CollectorTextFileDirectory"
@@ -193,11 +218,11 @@ self_update() {
    printf "\n%s\n" "Pulling the latest version."
    git pull --force || { printf "%bGit error,%b manually pull/clone.\n" "$c_red" "$c_reset"; return; }
    printf "\n%s\n" "--- starting over with the updated version ---"
-    cd - || { printf "%bPath error.%b\n" "$c_red"; return; }
+    cd - || { printf "%bPath error.%b\n" "$c_red" "$c_reset"; return; }
    exec "$ScriptPath" "${ScriptArgs[@]}" # run the new script with old arguments
    exit 0 # exit the old instance
  else
-    cd - || { printf "%bPath error.%b\n" "$c_red"; return; }
+    cd - || { printf "%bPath error.%b\n" "$c_red" "$c_reset"; return; }
    self_update_curl
  fi
 }
@@ -206,6 +231,7 @@ choosecontainers() {
  while [[ -z "${ChoiceClean:-}" ]]; do
    read -r -p "Enter number(s) separated by comma, [a] for all - [q] to quit: " Choice
    if [[ "$Choice" =~ [qQnN] ]]; then
+      [[ -n "${BackupForDays:-}" ]] && remove_backups
      exit 0
    elif [[ "$Choice" =~ [aAyY] ]]; then
      SelectedUpdates=( "${GotUpdates[@]}" )
@@ -213,6 +239,7 @@ choosecontainers() {
    else
      ChoiceClean=${Choice//[,.:;]/ }
      for CC in $ChoiceClean; do
+        CC=$((10#$CC)) # Base 10 interpretation to strip leading zeroes
        if [[ "$CC" -lt 1 || "$CC" -gt $UpdCount ]]; then # Reset choice if out of bounds
          echo "Number not in list: $CC"; unset ChoiceClean; break 1
        else
@@ -224,16 +251,39 @@ choosecontainers() {
 }

 datecheck() {
-  ImageDate=$("$regbin" -v error image inspect "$RepoUrl" --format='{{.Created}}' | cut -d" " -f1)
+  ImageDate="$1"
+  DaysMax="$2"
  ImageEpoch=$(date -d "$ImageDate" +%s 2>/dev/null) || ImageEpoch=$(date -f "%Y-%m-%d" -j "$ImageDate" +%s)
-  ImageAge=$(( ( $(date +%s) - ImageEpoch )/86400 ))
-  if [[ "$ImageAge" -gt "$DaysOld" ]]; then
+  ImageAge=$(( ( RunEpoch - ImageEpoch )/86400 ))
+  if [[ "$ImageAge" -gt "$DaysMax" ]]; then
    return 0
  else
    return 1
  fi
 }

+remove_backups() {
+  IFS=$'\n'
+  CleanupCount=0
+  for backup_img in $(docker images --format "{{.Repository}} {{.Tag}}" | sed -n '/^dockcheck/p'); do
+    repo_name=${backup_img% *}
+    backup_tag=${backup_img#* }
+    backup_date=${backup_tag%%_*}
+    # UNTAGGING HERE
+    if datecheck "$backup_date" "$BackupForDays"; then
+      [[ "$CleanupCount" == 0 ]] && printf "\n%bRemoving backed up images older then %s days.%b\n" "$c_blue" "$BackupForDays" "$c_reset"
+      docker rmi "${repo_name}:${backup_tag}" && ((CleanupCount+=1))
+    fi
+  done
+  unset IFS
+  if [[ "$CleanupCount" == 0 ]]; then
+    printf "\nNo backup images to remove.\n"
+  else
+    [[ "$CleanupCount" -gt 1 ]] && b_phrase="backups" || b_phrase="backup"
+    printf "\n%b%s%b %s removed.%b\n" "$c_green" "$CleanupCount" "$c_teal" "$b_phrase" "$c_reset"
+  fi
+}
+
 progress_bar() {
  QueCurrent="$1"
  QueTotal="$2"
@@ -348,13 +398,13 @@ list_options() {
  [[ ${#total} < 2 ]] && local pads=2 || local pads="${#total}"
  local num=1
  for update in "${Updates[@]}"; do
-    printf "%0*d - %s\n" $pads $num $update
+    printf "%0*d - %s\n" "$pads" "$num" "$update"
    ((num++))
  done
 }

 # Version check & initiate self update
-if [[ "$LatestRelease" != "undefined" ]]; then
+if [[ "$LatestSnippet" != "undefined" ]]; then
  if [[ "$VERSION" != "$LatestRelease" ]]; then
    printf "New version available! %b%s%b ⇒ %b%s%b \n Change Notes: %s \n" "$c_yellow" "$VERSION" "$c_reset" "$c_green" "$LatestRelease" "$c_reset" "$LatestChanges"
    if [[ "$AutoMode" == false ]]; then
@@ -439,7 +489,7 @@ check_image() {
    if [[ "$LocalHash" == *"$RegHash"* ]]; then
      printf "%s\n" "NoUpdates $i"
    else
-      if [[ -n "${DaysOld:-}" ]] && ! datecheck; then
+      if [[ -n "${DaysOld:-}" ]] && ! datecheck $("$regbin" -v error image inspect "$RepoUrl" --format='{{.Created}}' | cut -d" " -f1) "$DaysOld" ; then
        printf "%s\n" "NoUpdates +$i ${ImageAge}d"
      else
        printf "%s\n" "GotUpdates $i"
@@ -453,7 +503,7 @@ check_image() {
 # Make required functions and variables available to subprocesses
 export -f check_image datecheck
 export Excludes_string="${Excludes[*]:-}" # Can only export scalar variables
-export t_out regbin RepoUrl DaysOld DRunUp jqbin OnlyLabel
+export t_out regbin RepoUrl DaysOld DRunUp jqbin OnlyLabel RunTimestamp RunEpoch

 # Check for POSIX xargs with -P option, fallback without async
 if (echo "test" | xargs -P 2 >/dev/null 2>&1) && [[ "$MaxAsync" != 0 ]]; then
@@ -532,15 +582,46 @@ if [[ -n "${GotUpdates:-}" ]]; then

    NumberofUpdates="${#SelectedUpdates[@]}"

+    # TODO: move this to proper place + setup optarg etc.
+    # Digest log setup
+    LogDigestChanges="true"
+    LogPath="$ScriptWorkDir/updatelog"
+    if [[ -n "${LogDigestChanges}" ]]; then
+      LogStore=()
+      LogStore+=("$(printf "%-30s %s > %s\n" "IMAGE:TAG" "OLD DIGEST" "NEW DIGEST")")
+    fi
+
+    # TODO: move this to proper place
+    get_image_facts(){
+      ImageConfig=$(docker image inspect "$ImageId" --format '{{ json . }}')
+      ContRepoDigests=$($jqbin -r '.RepoDigests[0]' <<< "$ImageConfig")
+      [[ "$ContRepoDigests" == "null" ]] && ContRepoDigests=""
+      ContRepo=${ContImage%:*}
+      ContApp=${ContRepo#*/}
+      [[ "$ContImage" =~ ":" ]] && ContTag=${ContImage#*:} || ContTag="latest"
+    }
+
    CurrentQue=0
    for i in "${SelectedUpdates[@]}"; do
      ((CurrentQue+=1))
      printf "\n%bNow updating (%s/%s): %b%s%b\n" "$c_teal" "$CurrentQue" "$NumberofUpdates" "$c_blue" "$i" "$c_reset"
-      ContLabels=$(docker inspect "$i" --format '{{json .Config.Labels}}')
-      ContImage=$(docker inspect "$i" --format='{{.Config.Image}}')
-      ContPath=$($jqbin -r '."com.docker.compose.project.working_dir"' <<< "$ContLabels")
+      ContConfig=$(docker inspect "$i" --format '{{json .}}')
+      ContImage=$($jqbin -r '."Config"."Image"' <<< "$ContConfig")
+      ImageId=$($jqbin -r '."Image"' <<< "$ContConfig")
+      ContPath=$($jqbin -r '."Config"."Labels"."com.docker.compose.project.working_dir"' <<< "$ContConfig")
      [[ "$ContPath" == "null" ]] && ContPath=""

+
+      # Add new backup tag prior to pulling if option is set
+      if [[ -n "${BackupForDays:-}" ]]; then
+        get_image_facts
+        BackupName="dockcheck/${ContApp}:${RunTimestamp}_${ContTag}"
+        docker tag "$ImageId" "$BackupName"
+        printf "%b%s backed up as %s%b\n" "$c_teal" "$i" "$BackupName" "$c_reset"
+      fi
+
+      [[ -n "${LogDigestChanges}" ]] && get_image_facts
+
      # Checking if compose-values are empty - hence started with docker run
      if [[ -z "$ContPath" ]]; then
        if [[ "$DRunUp" == true ]]; then
@@ -552,63 +633,95 @@ if [[ -n "${GotUpdates:-}" ]]; then
        continue
      fi

-      docker pull "$ContImage" || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; }
-    done
-    printf "\n%bDone pulling updates. %bRecreating updated containers.%b\n" "$c_green" "$c_blue" "$c_reset"
-
-    CurrentQue=0
-    for i in "${SelectedUpdates[@]}"; do
-      ((CurrentQue+=1))
-      unset CompleteConfs
-      # Extract labels and metadata
-      ContLabels=$(docker inspect "$i" --format '{{json .Config.Labels}}')
-      ContImage=$(docker inspect "$i" --format='{{.Config.Image}}')
-      ContPath=$($jqbin -r '."com.docker.compose.project.working_dir"' <<< "$ContLabels")
-      [[ "$ContPath" == "null" ]] && ContPath=""
-      ContConfigFile=$($jqbin -r '."com.docker.compose.project.config_files"' <<< "$ContLabels")
-      [[ "$ContConfigFile" == "null" ]] && ContConfigFile=""
-      ContName=$($jqbin -r '."com.docker.compose.service"' <<< "$ContLabels")
-      [[ "$ContName" == "null" ]] && ContName=""
-      ContEnv=$($jqbin -r '."com.docker.compose.project.environment_file"' <<< "$ContLabels")
-      [[ "$ContEnv" == "null" ]] && ContEnv=""
-      ContRestartStack=$($jqbin -r '."mag37.dockcheck.restart-stack"' <<< "$ContLabels")
-      [[ "$ContRestartStack" == "null" ]] && ContRestartStack=""
-      ContOnlySpecific=$($jqbin -r '."mag37.dockcheck.only-specific-container"' <<< "$ContLabels")
-      [[ "$ContOnlySpecific" == "null" ]] && ContRestartStack=""
-
-      printf "\n%bNow recreating (%s/%s): %b%s%b\n" "$c_teal" "$CurrentQue" "$NumberofUpdates" "$c_blue" "$i" "$c_reset"
-      # Checking if compose-values are empty - hence started with docker run
-      [[ -z "$ContPath" ]] && { echo "Not a compose container, skipping."; continue; }
-
-      # cd to the compose-file directory to account for people who use relative volumes
-      cd "$ContPath" || { printf "\n%bPath error - skipping%b %s" "$c_red" "$c_reset" "$i"; continue; }
-      ## Reformatting path + multi compose
-      if [[ $ContConfigFile == '/'* ]]; then
-        CompleteConfs=$(for conf in ${ContConfigFile//,/ }; do printf -- "-f %s " "$conf"; done)
+      if docker pull "$ContImage"; then
+        # Removal of the <none>-tag image left behind from backup
+        if [[ ! -z "${ContRepoDigests:-}" ]] && [[ -n "${BackupForDays:-}" ]]; then docker rmi "$ContRepoDigests"; fi
+        if [[ -n "${LogDigestChanges}" ]]; then
+          NewDigest=$(docker image inspect "$ContImage" --format '{{index .RepoDigests 0 }}')
+          LogStore+=("$(printf "%-30s %s > %s\n" "$i:$ContTag" "$ContRepoDigests" "$NewDigest")")
+        fi
      else
-        CompleteConfs=$(for conf in ${ContConfigFile//,/ }; do printf -- "-f %s/%s " "$ContPath" "$conf"; done)
+        printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1
      fi
-      # Check if the container got an environment file set and reformat it
-      ContEnvs=""
-      if [[ -n "$ContEnv" ]]; then ContEnvs=$(for env in ${ContEnv//,/ }; do printf -- "--env-file %s " "$env"; done); fi
-      # Set variable when compose up should only target the specific container, not the stack
-      if [[ $OnlySpecific == true ]] || [[ $ContOnlySpecific == true ]]; then SpecificContainer="$ContName"; fi

-      # Check if the whole stack should be restarted
-      if [[ "$ContRestartStack" == true ]] || [[ "$ForceRestartStacks" == true ]]; then
-        ${DockerBin} ${CompleteConfs} stop; ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; }
-      else
-        ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d ${SpecificContainer} || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; }
-      fi
    done
-    if [[ "$AutoPrune" == false ]] && [[ "$AutoMode" == false ]]; then printf "\n"; read -rep "Would you like to prune all dangling images? y/[n]: " AutoPrune; fi
-    if [[ "$AutoPrune" == true ]] || [[ "$AutoPrune" =~ [yY] ]]; then printf "\nAuto pruning.."; docker image prune -f; fi
-    printf "\n%bAll done!%b\n" "$c_green" "$c_reset"
+    printf "\n%bDone pulling updates.%b\n" "$c_green" "$c_reset"
+    [[ -n "${LogDigestChanges}" ]] && { printf "%s\n" "${LogStore[@]}" > "${LogPath}_$(date +'%Y-%m-%d_%H%M')"; }
+
+    if [[ "$SkipRecreate" == true ]]; then
+      printf "%bSkipping container recreation due to -R.%b\n" "$c_yellow" "$c_reset"
+    else
+      printf "%bRecreating updated containers.%b\n" "$c_blue" "$c_reset"
+      CurrentQue=0
+      for i in "${SelectedUpdates[@]}"; do
+        ((CurrentQue+=1))
+        unset CompleteConfs
+        # Extract labels and metadata
+        ContConfig=$(docker inspect "$i" --format '{{json .}}')
+        ContLabels=$($jqbin -r '."Config"."Labels"' <<< "$ContConfig")
+        ContPath=$($jqbin -r '."com.docker.compose.project.working_dir"' <<< "$ContLabels")
+        [[ "$ContPath" == "null" ]] && ContPath=""
+        ContConfigFile=$($jqbin -r '."com.docker.compose.project.config_files"' <<< "$ContLabels")
+        [[ "$ContConfigFile" == "null" ]] && ContConfigFile=""
+        ContName=$($jqbin -r '."com.docker.compose.service"' <<< "$ContLabels")
+        [[ "$ContName" == "null" ]] && ContName=""
+        ContEnv=$($jqbin -r '."com.docker.compose.project.environment_file"' <<< "$ContLabels")
+        [[ "$ContEnv" == "null" ]] && ContEnv=""
+        ContRestartStack=$($jqbin -r '."mag37.dockcheck.restart-stack"' <<< "$ContLabels")
+        [[ "$ContRestartStack" == "null" ]] && ContRestartStack=""
+        ContOnlySpecific=$($jqbin -r '."mag37.dockcheck.only-specific-container"' <<< "$ContLabels")
+        [[ "$ContOnlySpecific" == "null" ]] && ContRestartStack=""
+        ContStateRunning=$($jqbin -r '."State"."Running"' <<< "$ContConfig")
+        [[ "$ContStateRunning" == "null" ]] && ContStateRunning=""
+
+        if [[ "$ContStateRunning" == "true" ]]; then
+          printf "\n%bNow recreating (%s/%s): %b%s%b\n" "$c_teal" "$CurrentQue" "$NumberofUpdates" "$c_blue" "$i" "$c_reset"
+        else
+          printf  "\n%bSkipping recreation of %b%s%b as it's not running.%b\n" "$c_yellow" "$c_blue" "$i" "$c_yellow" "$c_reset"
+          continue
+        fi
+
+        # Checking if compose-values are empty - hence started with docker run
+        [[ -z "$ContPath" ]] && { echo "Not a compose container, skipping."; continue; }
+
+        # cd to the compose-file directory to account for people who use relative volumes
+        cd "$ContPath" || { printf "\n%bPath error - skipping%b %s" "$c_red" "$c_reset" "$i"; continue; }
+        # Reformatting path + multi compose
+        if [[ $ContConfigFile == '/'* ]]; then
+          CompleteConfs=$(for conf in ${ContConfigFile//,/ }; do printf -- "-f %s " "$conf"; done)
+        else
+          CompleteConfs=$(for conf in ${ContConfigFile//,/ }; do printf -- "-f %s/%s " "$ContPath" "$conf"; done)
+        fi
+        # Check if the container got an environment file set and reformat it
+        ContEnvs=""
+        if [[ -n "$ContEnv" ]]; then ContEnvs=$(for env in ${ContEnv//,/ }; do printf -- "--env-file %s " "$env"; done); fi
+        # Set variable when compose up should only target the specific container, not the stack
+        if [[ $OnlySpecific == true ]] || [[ $ContOnlySpecific == true ]]; then SpecificContainer="$ContName"; fi
+
+        # Check if the whole stack should be restarted
+        if [[ "$ContRestartStack" == true ]] || [[ "$ForceRestartStacks" == true ]]; then
+          ${DockerBin} ${CompleteConfs} stop; ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; }
+        else
+          ${DockerBin} ${CompleteConfs} ${ContEnvs} up -d ${SpecificContainer} || { printf "\n%bDocker error, exiting!%b\n" "$c_red" "$c_reset" ; exit 1; }
+        fi
+      done
+    fi
+    printf "\n%bAll updates done!%b\n" "$c_green" "$c_reset"
+
+    # Trigger pruning only when backup-function is not used
+    if [[ -z "${BackupForDays:-}" ]]; then
+      if [[ "$AutoPrune" == false ]] && [[ "$AutoMode" == false ]]; then printf "\n"; read -rep "Would you like to prune all dangling images? y/[n]: " AutoPrune; fi
+      if [[ "$AutoPrune" == true ]] || [[ "$AutoPrune" =~ [yY] ]]; then printf "\nAuto pruning.."; docker image prune -f; fi
+    fi
+
  else
-    printf "\nNo updates installed, exiting.\n"
+    printf "\nNo updates installed.\n"
  fi
 else
-  printf "\nNo updates available, exiting.\n"
+  printf "\nNo updates available.\n"
 fi

+# Clean up old backup image tags if -b is used
+[[ -n "${BackupForDays:-}" ]] && remove_backups
+
 exit 0
--- a/extras/apprise_quickstart.md
+++ b/extras/apprise_quickstart.md
@@ -38,35 +38,15 @@ You can also use the [caronc/apprise-api](https://github.com/caronc/apprise-api)


 ### Customize the **notify.sh** file.
-After you're done with the setup of the container and tried your notifications, you can copy the `notify_apprise.sh` file to `notify.sh` and start editing it.
+After you're done with the setup of the container and tried your notifications, you need to follow the configuration setup (explained in detail in the README).
+Briefly: Copy `default.config` to `dockcheck.config` then edit it to change the following, `APPRISE_URL` matching your environment:

-Comment out/remove the bare metal apprise-command (starting with `apprise -vv -t...`).
-Uncomment and edit the `AppriseURL` variable and *curl* line
-It should look something like this when curling the API:
 ```bash
-send_notification() {
-Updates=("$@")
-UpdToString=$( printf "%s\n" "${Updates[@]}" )
-FromHost=$(hostname)
-
-printf "\nSending Apprise notification\n"
-
-MessageTitle="$FromHost - updates available."
-# Setting the MessageBody variable here.
-read -d '\n' MessageBody << __EOF
-Containers on $FromHost with updates available:
-
-$UpdToString
-
-__EOF
-
-AppriseURL="http://IP.or.mydomain.tld:8000/notify/apprise"
-curl -X POST -F "title=$MessageTitle" -F "body=$MessageBody" -F "tags=all" $AppriseURL
-
-}
+NOTIFY_CHANNELS="apprise"
+APPRISE_URL="http://apprise.mydomain.tld:1234/notify/apprise"
 ```

-That's all!
+That's it!
 ___
 ___

--- a/notify_templates/notify_matrix.sh
+++ b/notify_templates/notify_matrix.sh
@@ -1,5 +1,5 @@
 ### DISCLAIMER: This is a third party addition to dockcheck - best effort testing.
-NOTIFY_MATRIX_VERSION="v0.4"
+NOTIFY_MATRIX_VERSION="v0.5"
 #
 # Required receiving services must already be set up.
 # Leave (or place) this file in the "notify_templates" subdirectory within the same directory as the main dockcheck.sh script.
@@ -29,7 +29,7 @@ trigger_matrix_notification() {
  AccessToken="${!AccessTokenVar}" # e.g. MATRIX_ACCESS_TOKEN=token-value
  RoomId="${!RoomIdVar}" # e.g. MATRIX_ROOM_ID=myroom
  MatrixServer="${!MatrixServerVar}" # e.g. MATRIX_SERVER_URL=http://matrix.yourdomain.tld
-  MsgBody="{\"msgtype\":\"m.text\",\"body\":\"$MessageBody\"}"
+  MsgBody=$($jqbin -Rn --arg body "$MessageBody" '{msgtype:"m.text", body:$body}')

  # URL Example:  https://matrix.org/_matrix/client/r0/rooms/!xxxxxx:example.com/send/m.room.message?access_token=xxxxxxxx
  curl -S -o /dev/null ${CurlArgs} -X POST "$MatrixServer/_matrix/client/r0/rooms/$RoomId/send/m.room.message?access_token=$AccessToken" -H 'Content-Type: application/json' -d "$MsgBody"
@@ -37,4 +37,4 @@ trigger_matrix_notification() {
  if [[ $? -gt 0 ]]; then
    NotifyError=true
  fi
-}
+}
--- a/notify_templates/urls.list
+++ b/notify_templates/urls.list
@@ -15,12 +15,14 @@ calibre https://github.com/linuxserver/docker-calibre/releases
 calibre-web https://github.com/linuxserver/docker-calibre-web/releases
 cleanuperr https://github.com/flmorg/cleanuperr/releases
 cross-seed https://github.com/cross-seed/cross-seed/releases
+crowdsec https://github.com/crowdsecurity/crowdsec/releases
 cup https://github.com/sergi0g/cup/releases
 dockge https://github.com/louislam/dockge/releases
 dozzle https://github.com/amir20/dozzle/releases
 flatnotes https://github.com/dullage/flatnotes/releases
 forgejo https://codeberg.org/forgejo/forgejo/releases
 fressrss https://github.com/FreshRSS/FreshRSS/releases
+gerbil https://github.com/fosrl/gerbil/releases
 gluetun https://github.com/qdm12/gluetun/releases
 go2rtc https://github.com/AlexxIT/go2rtc/releases
 gotify https://github.com/gotify/server/releases
@@ -45,9 +47,11 @@ mealie https://github.com/mealie-recipes/mealie/releases
 meilisearch https://github.com/meilisearch/meilisearch/releases
 monica https://github.com/monicahq/monica/releases
 mqtt https://github.com/eclipse/mosquitto/tags
+newt https://github.com/fosrl/newt/releases
 nextcloud-aio-mastercontainer https://github.com/nextcloud/all-in-one/releases
 nginx https://github.com/docker-library/official-images/blob/master/library/nginx
 owncast https://github.com/owncast/owncast/releases
+pangolin https://github.com/fosrl/pangolin/releases
 prowlarr https://github.com/Prowlarr/Prowlarr/releases
 prowlarr-ls https://github.com/linuxserver/docker-prowlarr/releases
 qbittorrent https://www.qbittorrent.org/news
@@ -66,6 +70,7 @@ snappymail https://github.com/the-djmaze/snappymail/releases
 sonarr https://github.com/Sonarr/Sonarr/releases/
 sonarr-ls https://github.com/linuxserver/docker-sonarr/releases
 syncthing https://github.com/syncthing/syncthing/releases
+tailscale https://github.com/tailscale/tailscale/releases
 tautulli https://github.com/Tautulli/Tautulli/releases
 thelounge https://github.com/thelounge/thelounge/releases
 traefik https://github.com/traefik/traefik/releases
Author	SHA1	Message	Date
mag37	37575cad98	first PoC for writing old+new image digests to log, more work needed!	2025-12-14 12:27:18 +01:00
singularity0821	4e0b705b8b	Sanitize message for Matrix notifications (#243 ) * Sanitize message for Matrix notifications * Use variable for jq and increment version of Matrix script --------- Co-authored-by: martin <martin@meissnitzer.dev>	2025-12-14 11:49:56 +01:00
mag37	8ee5575081	Added option -b to enable image backups pre pull. (#242 ) * added new variables, options and setup * datecheck function rewrite * moved the cleanup and prune logic to always run. Changed some wording on messages. * added function to print currently backed up images * Patched bugfix to not recreate stopped containers * changed the RepoDigests grab and logic * Moved the backup - cleanup to always trigger if -b option is used. Added -p&-b warning. * version bump and readme fixes	2025-12-12 11:12:57 +01:00
Andrei Mateescu	f1cc8190f9	Add the Pangolin stack to urls.list (#241 ) Adds a few items from the Pangolin stack (https://github.com/fosrl/) and others that are usually used together.	2025-12-12 11:00:42 +01:00
Oleh Astappiev	c33c9f4387	Fix version check condition (#239 )	2025-11-13 06:17:25 +01:00
mag37	c34d52bde0	the missing )	2025-11-01 09:25:11 +01:00
mag37	7ea97d06ce	New option -R and bugfix + cleanup (#236 ) * Cleaned up legacy structure * Add -R flag to skip container recreation after pulling images (#235) * Added new -R option: Skip Container recreation --------- Co-authored-by: mag37 <robin.ivehult@gmail.com> Co-authored-by: NapalmZ <willy.baessato@gmail.com>	2025-11-01 09:14:49 +01:00
mag37	8970ee3f20	added to the sponsorlist	2025-10-21 20:47:10 +02:00
mag37	12a51d8e83	added new sponsors	2025-10-08 19:00:29 +02:00
mag37	24cae63b61	bugfix - unquoted var in list Versionbump.	2025-10-07 08:25:44 +02:00
mag37	05e5b23e7b	bugfix - unquoted var in list Versionbump.	2025-10-07 08:24:31 +02:00
mag37	be58805824	hot-patch unquoted variable in updates list	2025-10-06 10:18:38 +02:00