ConfigurationTriggers
Triggers
Triggers are responsible for performing actions when a new container version is found.
Triggers are responsible for performing actions when a new container version is found.
Triggers are enabled using environment variables.
DD_TRIGGER_{{ trigger_type }}_{{trigger_name }}_{{ trigger_configuration_item }}=XXXMultiple triggers of the same type can be configured (for example multiple Smtp addresses).
You just need to give them different names.
See the Triggers subsection to discover which triggers are implemented and how to use them.
Common trigger configuration
All implemented triggers, in addition to their specific configuration, also support the following common configuration variables.
| Env var | Required | Description | Supported values | Default value when missing |
|---|---|---|---|---|
DD_TRIGGER_{trigger_type}_{trigger_name}_AUTO | ⚪ | true to automatically execute the trigger. false to manually execute it (from UI, API...) | true, false | true |
DD_TRIGGER_{trigger_type}_{trigger_name}_BATCHTITLE | ⚪ | The template to use to render the title of the notification (batch mode) | String template with placeholders ${count} | ${containers.length} updates available |
DD_TRIGGER_{trigger_type}_{trigger_name}_MODE | ⚪ | Trigger for each container update or trigger once with all available updates as a list | simple, batch | simple |
DD_TRIGGER_{trigger_type}_{trigger_name}_ONCE | ⚪ | Run trigger once (do not repeat previous results) | true, false | true |
DD_TRIGGER_{trigger_type}_{trigger_name}_ORDER | ⚪ | Trigger execution order (lower runs first) | Number | 100 |
DD_TRIGGER_{trigger_type}_{trigger_name}_SIMPLEBODY | ⚪ | The template to use to render the body of the notification | JS string template with vars container | Container ${container.name} running with ${container.updateKind.kind} ${container.updateKind.localValue} can be updated to ${container.updateKind.kind} ${container.updateKind.remoteValue}${container.result && container.result.link ? "\\n" + container.result.link : ""} |
DD_TRIGGER_{trigger_type}_{trigger_name}_SIMPLETITLE | ⚪ | The template to use to render the title of the notification (simple mode) | JS string template with vars ${containers} | New ${container.updateKind.kind} found for container ${container.name} |
DD_TRIGGER_{trigger_type}_{trigger_name}_THRESHOLD | ⚪ | The threshold to reach to run the trigger | all, major, major-only, minor, minor-only, patch, digest, and *-no-digest variants (major-no-digest, major-only-no-digest, minor-no-digest, minor-only-no-digest, patch-no-digest) | all |
DD_TRIGGER_{trigger_type}_{trigger_name}_RESOLVENOTIFICATIONS | ⚪ | Auto-dismiss the notification after the container is successfully updated | true, false | false |
RESOLVENOTIFICATIONS is currently implemented for Gotify (auto-deletes the notification message after a successful update). Other providers can be extended to support it.Some messaging triggers (Slack, Telegram, Teams, Matrix, Mattermost, Rocket.Chat, Google Chat) also support
DD_TRIGGER_{trigger_type}_{trigger_name}_DISABLETITLE (default false) to send only the body without a title line.You can set
DD_TRIGGER_{trigger_type}_THRESHOLD to define a default threshold for all triggers of the same type, for example DD_TRIGGER_NTFY_THRESHOLD=minor.Threshold
all means that the trigger will run regardless of the nature of the changeTriggers are executed by ascending
ORDER; when two triggers have the same ORDER, they are sorted by trigger id.Triggers sharing the same trigger name (for example
docker.update and discord.update) can share THRESHOLD; if exactly one threshold value is defined among them, that value is used for the others unless they override it explicitly.Threshold
major means that the trigger will run only if this is a major, minor or patch semver changeThreshold
major-only means that the trigger will run only if this is a major semver changeThreshold
minor means that the trigger will run for any semver change that is not major (includes minor, patch, and prerelease)Threshold
minor-only means that the trigger will run only if this is a minor semver changeThreshold
patch means that the trigger will run for any semver change that is not major or minor (includes patch and prerelease)Threshold
digest means that the trigger will run only on digest updatesAny threshold ending with
-no-digest excludes digest updates for that thresholdUpdates with an
unknown update kind are always filtered out regardless of the threshold setting.DD_TRIGGER_{trigger_type}_{trigger_name}_ONCE=false can be useful when DD_TRIGGER_{trigger_type}_{trigger_name}_MODE=batch to get a report with all pending updates.Notification Rules
Notification rules control which events fire which triggers. Each rule corresponds to an event type and has an enabled flag and an optional list of trigger IDs.
| Rule ID | Default enabled | Description |
|---|---|---|
update-available | Yes | A container has a newer version available |
update-applied | Yes | A container was successfully updated |
update-failed | Yes | An update failed or was rolled back |
security-alert | Yes | Critical/high vulnerability detected during pre-update scan |
agent-disconnect | No | A remote agent lost its connection |
Dispatch behavior:
update-available-- for backward compatibility, when its trigger list is empty all triggers fire (existing behavior is preserved). Once you assign specific triggers, only those fire.update-applied,update-failed,security-alert-- these require explicit trigger assignments. They are enabled by default but will not fire any trigger until you add trigger IDs to their rules.agent-disconnect-- disabled by default. Enable it and assign triggers to receive disconnect alerts. This event always fires regardless of the threshold setting.
Rules are managed via GET /api/notifications and PATCH /api/notifications/:id (update enabled and/or triggers fields), or through the Notifications view in the UI.
Docker and Docker Compose triggers cannot be assigned to notification rules. These are update-action triggers (they perform container updates), not notification triggers. Only messaging/alerting triggers (Slack, SMTP, Discord, ntfy, etc.) can be assigned to rules.
Event Types
Beyond the classic update-available event, triggers can fire on additional events:
update-applied-- fires after a container is successfully updated by a Docker or Docker Compose trigger. Useful for audit or confirmation notifications.update-failed-- fires when an update fails or is rolled back. Carries the container name and error message.security-alert-- fires when the Update Bouncer detects critical or high vulnerabilities during a pre-update scan. Includes a vulnerability summary.agent-disconnect-- fires when a remote agent loses its connection. This event skips threshold checks (always fires).
To receive notifications for these events, add the desired trigger IDs to the corresponding notification rule via the API or UI.
Template Variable Reference
Template strings use ${expression} placeholders. Drydock provides two sets of variables depending on the trigger mode.
Simple mode variables
| Variable | Description |
|---|---|
container | The full container object |
container.name | Container name |
container.displayName | Display name |
container.displayIcon | Display icon |
container.watcher | Watcher name |
container.image.registry.name | Registry provider name |
container.image.tag.value | Current image tag |
container.updateKind.kind | tag, digest, or unknown |
container.updateKind.localValue | Current version |
container.updateKind.remoteValue | New version |
container.updateKind.semverDiff | major, minor, patch, prerelease, or unknown |
container.result.link | Link to the release (when a link template is configured) |
Legacy aliases (deprecated): id, name, watcher, kind, semver, local, remote, link.
Batch mode variables
| Variable | Description |
|---|---|
containers | Array of container objects |
containers.length | Number of containers in the batch |
Legacy alias (deprecated): count (same as containers.length).
Expression syntax
Inside ${...} you can use:
- Property paths --
container.updateKind.kind - Method calls --
local.substring(0, 15)(see allowed methods below) - Ternary --
container.result.link ? container.result.link : "no link" - Logical AND --
container.result && container.result.link - String concatenation --
"Version: " + container.updateKind.remoteValue - String and number literals --
"hello",42
Allowed string methods: substring, slice, toLowerCase, toUpperCase, trim, trimStart, trimEnd, replace, split, indexOf, lastIndexOf, startsWith, endsWith, includes, charAt, padStart, padEnd, repeat, toString.
Examples
services:
drydock:
image: codeswhat/drydock
...
environment:
- DD_TRIGGER_SMTP_GMAIL_SIMPLETITLE=Container $${container.name} can be updated
- DD_TRIGGER_SMTP_GMAIL_SIMPLEBODY=Container $${name} can be updated from $${local.substring(0, 15)} to $${remote.substring(0, 15)}docker run \
-e 'DD_TRIGGER_SMTP_GMAIL_SIMPLETITLE=Container ${container.name} can be updated' \
-e 'DD_TRIGGER_SMTP_GMAIL_SIMPLEBODY=Container ${name} can be updated from ${local.substring(0, 15)} to ${remote.substring(0, 15)}'
...
codeswhat/drydock