// the find
containrrr/watchtower
A process for automating Docker container base image updates.
Watchtower watches your running Docker containers and automatically restarts them when a newer image is available in the registry. It's aimed at homelabs and local dev setups where you want zero-touch updates without managing a full orchestrator. The project is now unmaintained as of late 2024.
Dead-simple setup: mount the Docker socket, run one container, done. Supports most registries out of the box including private ones with credential helpers. Notification system via shoutrrr covers Slack, email, Teams, Gotify, and a dozen others without custom integrations. Label-based container opt-in/opt-out gives you fine-grained control without touching watchtower's config.
The project is officially unmaintained — the maintainers posted a notice in the README and a pinned discussion explaining the EOL. For anything you care about, this is a hard stop. Requires mounting /var/run/docker.sock which gives the container full root-equivalent access to the host; there's no rootless or scoped alternative. No rollback mechanism — if the new image breaks your app, watchtower doesn't know and won't revert. Update timing is poll-based with a fixed interval, so it hammers your registry on every cycle regardless of whether anything changed.