DrydockDrydock
ConfigurationTriggersDocker Compose

Docker-Compose

The dockercompose trigger lets you update docker-compose.yml files & replace existing containers with their updated versions.

logo

The dockercompose trigger lets you update docker-compose.yml files & replace existing containers with their updated versions.

The trigger will:

  • Update the related docker-compose.yml file
  • Clone the existing container specification
  • Pull the new image
  • Stop the existing container
  • Remove the existing container
  • Create the new container
  • Start the new container (if the previous one was running)
  • Run post_start hooks declared on the updated service (if any)
  • Remove the previous image (optionally)

Variables

Env varRequiredDescriptionSupported valuesDefault value when missing
DD_TRIGGER_DOCKERCOMPOSE_{trigger_name}_FILE🔴The docker-compose.yml file location
DD_TRIGGER_DOCKERCOMPOSE_{trigger_name}_BACKUPBackup the docker-compose.yml file as .back before updating?true, falsefalse
DD_TRIGGER_DOCKERCOMPOSE_{trigger_name}_PRUNEIf the old image must be pruned after upgradetrue, falsefalse
DD_TRIGGER_DOCKERCOMPOSE_{trigger_name}_DRYRUNWhen enabled, only pull the new image ahead of timetrue, falsefalse
DD_TRIGGER_DOCKERCOMPOSE_{trigger_name}_COMPOSEFILELABELContainer label name used to locate the compose file per containerLabel namedd.compose.file
This trigger also supports the common configuration variables. but only supports the batch mode.
This trigger will only work with locally watched containers.
Do not forget to mount the docker-compose.yml file in the drydock container.

Troubleshooting: permission denied (EACCES)

If logs show an error like:

EACCES: permission denied, access '/drydock/.../docker-compose.yml'

the mounted compose file (or parent directory) is not readable by the Drydock process.

Ways to fix:

  • Grant read access on the mounted path for the user/group used by the Drydock container.
  • Add the host group that owns the compose files with group_add so Drydock can read them.
  • Quick workaround: set DD_RUN_AS_ROOT=true to skip privilege drop (less secure).

Example using group_add:

services:
  drydock:
    image: codeswhat/drydock
    group_add:
      - "${COMPOSE_FILES_GID}"
    volumes:
      - /var/lib/docker/volumes/portainer_data/_data/compose:/drydock:ro
    environment:
      - DD_TRIGGER_DOCKERCOMPOSE_EXAMPLE_FILE=/drydock/5/docker-compose.yml
COMPOSE_FILES_GID should match the GID that owns the mounted compose files on the host.

Examples

services:
  drydock:
    image: codeswhat/drydock
    ...
    volumes:
    - /etc/my-services/docker-compose.yml:/drydock/docker-compose.yml
    environment:
      - DD_TRIGGER_DOCKERCOMPOSE_EXAMPLE_FILE=/drydock/docker-compose.yml
docker run \
  -v /etc/my-services/docker-compose.yml:/drydock/docker-compose.yml
  -e "DD_TRIGGER_DOCKERCOMPOSE_EXAMPLE_FILE=/drydock/docker-compose.yml" \
  ...
  codeswhat/drydock
labels:
  dd.compose.file: "/my/path/docker-compose.yaml

Docker

The docker trigger lets you replace existing containers with their updated versions.

Google Chat

The googlechat trigger posts container update notifications to a Google Chat space via an incoming webhook.

On this page

VariablesTroubleshooting: permission denied (EACCES)Examples