ConfigurationTriggers
Triggers
Triggers are responsible for performing actions when a new container version is found.
Triggers are responsible for performing actions when a new container version is found.
Triggers are enabled using environment variables.
DD_ACTION_{{ trigger_type }}_{{ trigger_name }}_{{ trigger_configuration_item }}=XXX
DD_NOTIFICATION_{{ trigger_type }}_{{ trigger_name }}_{{ trigger_configuration_item }}=XXXMultiple triggers of the same type can be configured (for example multiple Smtp addresses).
You just need to give them different names.
Environment variable prefixes
Three prefixes are supported for trigger configuration:
| Prefix | Status | Example |
|---|---|---|
DD_ACTION_* | Current | DD_ACTION_SLACK_MYSLACK_URL=https://... |
DD_NOTIFICATION_* | Current | DD_NOTIFICATION_SMTP_GMAIL_HOST=smtp.gmail.com |
DD_TRIGGER_* | Deprecated (removal in v1.7.0) | DD_TRIGGER_SLACK_MYSLACK_URL=https://... |
All three prefixes are interchangeable -- they configure the same triggers. Use whichever reads best for your use case: DD_ACTION_* for update-action triggers (Docker, Docker Compose) and DD_NOTIFICATION_* for messaging triggers (Slack, SMTP, Discord, etc.), or use either for any trigger type.
When the same trigger property is set under multiple prefixes, the merge priority is DD_NOTIFICATION_* > DD_ACTION_* > DD_TRIGGER_* (highest wins).
A built-in migration CLI can rewrite your config files from
DD_TRIGGER_* to DD_ACTION_* automatically: drydock config migrate --source trigger. Use --dry-run to preview changes before applying.Available triggers
Update actions:
- Docker -- Update containers via the Docker Engine API
- Docker Compose -- Update containers managed by Docker Compose
Messaging & notifications:
- Apprise -- Multi-provider notification relay
- Command -- Execute a shell command
- Discord -- Discord webhook
- Google Chat -- Google Chat webhook
- Gotify -- Gotify push notification
- HTTP -- Generic HTTP request
- IFTTT -- IFTTT webhook
- Kafka -- Apache Kafka topic
- Matrix -- Matrix room message
- Mattermost -- Mattermost webhook
- MQTT -- MQTT topic
- ntfy -- ntfy push notification
- Pushover -- Pushover notification
- Rocket.Chat -- Rocket.Chat webhook
- Slack -- Slack webhook
- SMTP -- Email notification
- Teams -- Microsoft Teams webhook
- Telegram -- Telegram bot message
Common trigger configuration
All implemented triggers, in addition to their specific configuration, also support the following common configuration variables. The table uses the DD_TRIGGER_* prefix for brevity, but DD_ACTION_* and DD_NOTIFICATION_* work identically (see Environment variable prefixes above).
| Env var | Required | Description | Supported values | Default value when missing |
|---|---|---|---|---|
DD_TRIGGER_{trigger_type}_{trigger_name}_AUTO | ⚪ | Controls automatic execution. true — auto-execute for all watched containers. oninclude — auto-execute only for containers with an explicit dd.action.include or dd.notification.include label. false — manual only (from UI, API...) | true, false, oninclude | oninclude for action triggers (docker, dockercompose, command); true for notification triggers |
DD_TRIGGER_{trigger_type}_{trigger_name}_BATCHTITLE | ⚪ | The template to use to render the title of the notification (batch mode) | String template with placeholders ${count} | ${containers.length} updates available |
DD_TRIGGER_{trigger_type}_{trigger_name}_MODE | ⚪ | Trigger for each container update, trigger once with all available updates as a list, or accumulate updates and send on a schedule | simple, batch, digest | simple |
DD_TRIGGER_{trigger_type}_{trigger_name}_DIGESTCRON | ⚪ | Cron schedule for digest mode flush (only used when MODE=digest) | Cron expression | 0 8 * * * |
DD_TRIGGER_{trigger_type}_{trigger_name}_ONCE | ⚪ | Run trigger once (do not repeat previous results) | true, false | true |
DD_TRIGGER_{trigger_type}_{trigger_name}_ORDER | ⚪ | Trigger execution order (lower runs first) | Number | 100 |
DD_TRIGGER_{trigger_type}_{trigger_name}_SIMPLEBODY | ⚪ | The template to use to render the body of the notification | JS string template with vars container | Container ${container.name} running with ${container.updateKind.kind} ${container.updateKind.localValue} can be updated to ${container.updateKind.kind} ${container.updateKind.remoteValue}${container.result && container.result.link ? "\\n" + container.result.link : ""} |
DD_TRIGGER_{trigger_type}_{trigger_name}_SIMPLETITLE | ⚪ | The template to use to render the title of the notification (simple mode) | JS string template with vars ${containers} | New ${container.updateKind.kind} found for container ${container.name} |
DD_TRIGGER_{trigger_type}_{trigger_name}_THRESHOLD | ⚪ | The threshold to reach to run the trigger | all, major, major-only, minor, minor-only, patch, digest, and *-no-digest variants (major-no-digest, major-only-no-digest, minor-no-digest, minor-only-no-digest, patch-no-digest) | all |
DD_TRIGGER_{trigger_type}_{trigger_name}_RESOLVENOTIFICATIONS | ⚪ | Auto-dismiss the notification after the container is successfully updated | true, false | false |
Threshold reference
| Threshold | Fires on |
|---|---|
all | Any change (default) |
major | Major, minor, or patch semver change |
major-only | Major only |
minor | Any semver change that is not major (minor, patch, prerelease) |
minor-only | Minor only |
patch | Any semver change that is not major or minor (patch, prerelease) |
digest | Digest changes only |
Any threshold can be suffixed with -no-digest to exclude digest-only updates (e.g. major-no-digest, minor-only-no-digest). Updates with an unknown update kind are always filtered out regardless of the threshold setting.
Notes
RESOLVENOTIFICATIONSis currently implemented for Gotify (auto-deletes the notification message after a successful update). Other providers can be extended to support it.- Some messaging triggers (Slack, Telegram, Teams, Matrix, Mattermost, Rocket.Chat, Google Chat) also support
DISABLETITLE(defaultfalse) to send only the body without a title line. - You can set
DD_TRIGGER_{trigger_type}_THRESHOLDto define a default threshold for all triggers of the same type, e.g.DD_TRIGGER_NTFY_THRESHOLD=minor. - Triggers are executed by ascending
ORDER; when two triggers have the sameORDER, they are sorted by trigger id. - Triggers sharing the same trigger name (e.g.
docker.updateanddiscord.update) can shareTHRESHOLD; if exactly one threshold value is defined among them, that value is used for the others unless they override it explicitly. - Setting
ONCE=falsewithMODE=batchgives a report with all pending updates on every run. MODE=digestaccumulates update events in an in-memory buffer and flushes them as a single batch notification on theDIGESTCRONschedule. If the same container has multiple updates within the window, only the latest is included. Containers that are updated before the digest fires are automatically evicted from the buffer. Useful for daily email digests:DD_TRIGGER_SMTP_GMAIL_MODE=digest+DD_TRIGGER_SMTP_GMAIL_DIGESTCRON=0 8 * * *.
Notification Rules
Notification rules control which events fire which triggers. Each rule corresponds to an event type and has an enabled flag and an optional list of trigger IDs.
| Rule ID | Default enabled | Description |
|---|---|---|
update-available | Yes | A container has a newer version available |
update-applied | Yes | A container was successfully updated |
update-failed | Yes | An update failed or was rolled back |
security-alert | Yes | Critical/high vulnerability detected during pre-update scan |
agent-disconnect | No | A remote agent lost its connection |
Dispatch behavior:
update-available-- for backward compatibility, when its trigger list is empty all triggers fire (existing behavior is preserved). Once you assign specific triggers, only those fire.update-applied,update-failed,security-alert-- these require explicit trigger assignments. They are enabled by default but will not fire any trigger until you add trigger IDs to their rules.agent-disconnect-- disabled by default. Enable it and assign triggers to receive disconnect alerts. This event always fires regardless of the threshold setting.
Rules are managed via GET /api/v1/notifications and PATCH /api/v1/notifications/:id (update enabled and/or triggers fields), or through the Notifications view in the UI.
Docker and Docker Compose triggers cannot be assigned to notification rules. These are update-action triggers (they perform container updates), not notification triggers. Only messaging/alerting triggers (Slack, SMTP, Discord, ntfy, etc.) can be assigned to rules.
Event Types
Beyond the classic update-available event, triggers can fire on additional events:
update-applied-- fires after a container is successfully updated by a Docker or Docker Compose trigger. Useful for audit or confirmation notifications.update-failed-- fires when an update fails or is rolled back. Carries the container name and error message.security-alert-- fires when the Update Bouncer detects critical or high vulnerabilities during a pre-update scan. Includes a vulnerability summary.agent-disconnect-- fires when a remote agent loses its connection. This event skips threshold checks (always fires).
To receive notifications for these events, add the desired trigger IDs to the corresponding notification rule via the API or UI.
Template Variable Reference
Template strings use ${expression} placeholders. Drydock provides two sets of variables depending on the trigger mode.
Simple mode variables
| Variable | Description | Example value |
|---|---|---|
container | The full container object | (object) |
container.id | Container ID | sha256:abc123... |
container.name | Container name | my-app |
container.displayName | Display name (from dd.display.name label, defaults to name) | My App |
container.displayIcon | Display icon (from dd.display.icon label) | mdi:docker |
container.status | Container runtime status | running |
container.watcher | Watcher name | local |
container.agent | Agent name (when using distributed agents) | remote-1 |
container.image.name | Image name | library/nginx |
container.image.registry.name | Registry provider name | hub |
container.image.registry.url | Registry URL | https://registry-1.docker.io |
container.image.tag.value | Current image tag | 1.24.0 |
container.image.tag.semver | Whether the tag is valid semver | true |
container.image.digest.value | Current image digest | sha256:abc123... |
container.image.digest.watch | Whether digest watching is enabled | true |
container.image.architecture | Image architecture | amd64 |
container.image.os | Image OS | linux |
container.image.created | Image creation date | 2024-01-15T10:30:00Z |
container.updateKind.kind | Update type: tag, digest, or unknown | tag |
container.updateKind.localValue | Current version (tag or digest) | 1.24.0 |
container.updateKind.remoteValue | New version (tag or digest) | 1.25.0 |
container.updateKind.semverDiff | Semver diff level: major, minor, patch, prerelease, or unknown | minor |
container.result.tag | New tag value from the registry | 1.25.0 |
container.result.digest | New digest value from the registry | sha256:def456... |
container.result.created | Creation date of the new image | 2024-02-01T08:00:00Z |
container.result.link | Link to the release (when a link template is configured) | https://github.com/org/repo/releases/tag/v1.25.0 |
container.error.message | Error message (when an error occurred) | 401 Unauthorized |
Legacy aliases (deprecated)
These aliases resolve to a single container property and will be removed in v1.6.0. Use the container.* equivalents instead.
| Legacy variable | Equivalent | Description |
|---|---|---|
id | container.id | Container ID |
name | container.name | Container name |
watcher | container.watcher | Watcher name |
kind | container.updateKind.kind | Update type |
semver | container.updateKind.semverDiff | Semver diff level |
local | container.updateKind.localValue | Current version |
remote | container.updateKind.remoteValue | New version |
link | container.result.link | Release link |
Batch mode variables
| Variable | Description | Example value |
|---|---|---|
containers | Array of container objects (each with the same properties as above) | (array) |
containers.length | Number of containers in the batch | 3 |
Legacy alias (deprecated)
| Legacy variable | Equivalent | Description |
|---|---|---|
count | containers.length | Number of containers in the batch |
Expression syntax
Inside ${...} you can use:
- Property paths --
container.updateKind.kind - Method calls --
local.substring(0, 15)(see allowed methods below) - Ternary --
container.result.link ? container.result.link : "no link" - Logical AND --
container.result && container.result.link - String concatenation --
"Version: " + container.updateKind.remoteValue - String and number literals --
"hello",42
Allowed string methods: substring, slice, toLowerCase, toUpperCase, trim, trimStart, trimEnd, replace, split, indexOf, lastIndexOf, startsWith, endsWith, includes, charAt, padStart, padEnd, repeat, toString.
Examples
services:
drydock:
image: codeswhat/drydock
...
environment:
- DD_TRIGGER_SMTP_GMAIL_SIMPLETITLE=Container $${container.name} can be updated
- DD_TRIGGER_SMTP_GMAIL_SIMPLEBODY=Container $${name} can be updated from $${local.substring(0, 15)} to $${remote.substring(0, 15)}docker run \
-e 'DD_TRIGGER_SMTP_GMAIL_SIMPLETITLE=Container ${container.name} can be updated' \
-e 'DD_TRIGGER_SMTP_GMAIL_SIMPLEBODY=Container ${name} can be updated from ${local.substring(0, 15)} to ${remote.substring(0, 15)}'
...
codeswhat/drydock