{"id":41020166,"url":"https://github.com/codestation/swarm-updater","last_synced_at":"2026-01-22T09:32:40.117Z","repository":{"id":41880878,"uuid":"152463852","full_name":"codestation/swarm-updater","owner":"codestation","description":"Automatically update Docker services whenever their image is updated","archived":false,"fork":false,"pushed_at":"2025-04-18T03:35:12.000Z","size":4850,"stargazers_count":16,"open_issues_count":1,"forks_count":6,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-18T14:27:23.942Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codestation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-10-10T17:35:46.000Z","updated_at":"2025-04-18T03:35:16.000Z","dependencies_parsed_at":"2025-04-18T02:28:59.003Z","dependency_job_id":"dad31089-1ce2-453f-9a50-17b3f96dd5fd","html_url":"https://github.com/codestation/swarm-updater","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/codestation/swarm-updater","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codestation%2Fswarm-updater","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codestation%2Fswarm-updater/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codestation%2Fswarm-updater/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codestation%2Fswarm-updater/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codestation","download_url":"https://codeload.github.com/codestation/swarm-updater/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codestation%2Fswarm-updater/sbom","scorecard":{"id":297770,"data":{"date":"2025-08-11","repo":{"name":"github.com/codestation/swarm-updater","commit":"f0d580afb338586463b324579d5c87d734f5ce0d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker-publish.yml:16","Warn: no topLevel permission defined: .github/workflows/docker-publish.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/codestation/swarm-updater/docker-publish.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/codestation/swarm-updater/docker-publish.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/codestation/swarm-updater/docker-publish.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/codestation/swarm-updater/docker-publish.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/codestation/swarm-updater/docker-publish.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/codestation/swarm-updater/docker-publish.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:20: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:b6a6be0ff92ab6db8acd94f5d1b7a6c2f0f5d10ce3c24af348d333ac6da80685","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-publish.yml:13"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3829"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T19:57:30.070Z","repository_id":41880878,"created_at":"2025-08-17T19:57:30.070Z","updated_at":"2025-08-17T19:57:30.070Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28660770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-22T09:32:39.471Z","updated_at":"2026-01-22T09:32:40.112Z","avatar_url":"https://github.com/codestation.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Swarm Updater\n\nAutomatically update Docker services whenever their image is updated. Inspired\non [v2tec/watchtower](https://github.com/v2tec/watchtower)\n\n## Update services on demand\n\nThe endpoint `/apis/swarm/v1/update` can be called with a list of images that should be updated on matching services on\nthe swarm. The tag is optional and will be set to `latest` if not provided.\n\n```json\n{\n  \"images\": [\n    \"mycompany/myapp\"\n  ]\n}\n```\n\n## Options\n\nEvery command-line option has their corresponding environment variable to configure the updater.\n\n* `--host, -H` Docker daemon socket to connect to. Defaults to \"unix:///var/run/docker.sock\" but can be pointed at a\n  remote Docker host by specifying a TCP or SSH endpoint, for example \"ssh://user@hostname:port\". The host value can\n  also be provided by setting the `DOCKER_HOST` environment variable.\n* `--config, -c` Docker client configuration path. In this directory goes a `config.json` file with the credentials of\n  the private registries. Defaults to `~/.docker`.The path value can also be provided by setting the `DOCKER_CONFIG`\n  environment variable.\n* `--schedule, -s` [Cron expression](https://godoc.org/github.com/robfig/cron#hdr-CRON_Expression_Format) in 6 fields\n  (rather than the traditional 5) which defines when and how often to check for new images.\n  An example: `--schedule \"0 0 4 * * *\" `. The schedule can also be provided by setting the `SCHEDULE` environment\n  variable.\n  Defaults to 1 hour. Use `none` to run the process one time and exit afterward.\n* `--label-enable, -l` Watch services where the `xyz.megpoid.swarm-updater.enable` label is set to true. The flag can\n  also be provided by setting the `LABEL_ENABLE` environment variable to `1`.\n* `--blacklist, -b` Service that is excluded from updates. Can be defined multiple times and can be a regular\n  expression.\n  Either `--label-enable` or `--blacklist` can be defined, but not both. The comma separated list can also be\n  provided by setting the `BLACKLIST` environment variable.\n* `--debug, -d` Enables debug logging. Can also be enabled by setting the `DEBUG=1` environment variable.\n* `--listen, -a` Address to listen for upcoming swarm update requests. Can also be enabled by setting the `LISTEN`\n  environment variable.\n* `--apikey, -k` Key to protect the update endpoint. Can also be enabled by setting the `APIKEY` environment variable.\n* `--max-threads, m` Max number of services that should be updating in parallel. Defaults to 1. Can also be enabled by\n  setting the `MAX_THREADS` environment variable.\n* `--help, -h` Show documentation about the supported flags.\n\n## Other environment variables\n\n* `DOCKER_API_VERSION`to set the version of the API to reach, do not set to use the automatic negotiation.\n* `DOCKER_CERT_PATH` is the directory to load the certificates from. Used when `--host` is a TCP endpoint.\n* `DOCKER_TLS_VERIFY` is used to verify the server's certificate.\n\n## Private registry auth\n\nA file must be placed on `~/.docker/config.json` with the registry credentials (can be overridden with `--config`\nor `DOCKER_CONFIG`). The file can be created by using `docker login \u003cregistry\u003e` and saving the credentials.\n\n## Delay swarm-updater to be the last updated service\n\nYou must add the `xyz.megpoid.swarm-updater=true` label to your service so the updater can delay the update of itself as\nthe last one.\n\n## Only update the image but don't run the container\n\nYou must add the `xyz.megpoid.swarm-updater.update-only=true` label to your service so only the image will be updated (\nuseful for cron tasks where the container isn't running most of the time). Note: the service will be reconfigured\nwith `replicas: 0` so this does nothing with global replication.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodestation%2Fswarm-updater","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodestation%2Fswarm-updater","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodestation%2Fswarm-updater/lists"}