ShipLog

ShipLog

Docker app from junkerderprovinz's Repository

Overview

ShipLog is a read-only update advisor for your Docker host. Unraid already tells you THAT an update is available and lets you apply it - ShipLog tells you WHAT actually changes and HOW risky it is first: the changelog between your running image and the newest one, a deterministic risk verdict (patch / minor / major), and an optional AI summary. It never pulls, recreates, or stops anything. The Docker socket is mounted READ-ONLY. Open the WebUI on port 8484. Variables with fixed options are dropdowns; the Ollama and Matrix fields are optional (leave them empty to disable). The info bubble inside Unraid's own Docker tab arrives via a companion plugin - see the README roadmap.

ShipLog

Build  Lint  Docker Pulls  Image Size  Arch  Unraid  License


ShipLog reads the changelog before you update — right inside Unraid's native Docker tab. Next to each container it shows what actually changes between your running image and the newest: the release notes, a deterministic risk badge (patch / minor / major) and the real version jump (e.g. 1.7 → 1.8).

Read-only — it never pulls, recreates or stops anything. Optional: AI changelog summaries via a local Ollama, and Matrix notifications.


Buy me a coffee


Table of Contents

  1. What is this?
  2. Screenshots
  3. Features
  4. Install on Unraid
  5. Configuration
  6. How it works
  7. Security
  8. License

1. What is this?

A single static Go binary on a distroless image (~tens of MB, low idle RAM) that polls the read-only Docker socket, resolves which images have updates, fetches the changelog for the version span, classifies the risk, and serves it on a small status page + JSON API. The headline experience — a changelog bubble next to each container in Unraid's Docker tab — ships as a companion Unraid plugin; this engine is the brain and works on any Docker host via its status page.

2. Screenshots

ShipLog changelog bubble in Unraid's Docker tab
Click the Changelog chip on any container — the bubble shows the version jump, a risk badge, the release notes, an optional AI summary, and a read-only Update-now button, right in Unraid's Docker tab.


A Changelog chip on every container in the Docker tab
A Changelog chip sits on every container: a coloured dot when an update is waiting, grey when you're up to date.


ShipLog settings page
Settings: poll interval, a live engine-status line, optional GitHub / Docker Hub tokens for more changelogs, Ollama (with autodetect) for AI summaries, and Matrix alerts.


3. Features

  • What changed, not just "update available" — changelog between your running tag and the newest, newest-first, with a link to the full release notes.
  • Deterministic risk badge — digest/patch = low, minor = medium, major = high, non-semver = unknown (with a reason). Colour by default, with a colour ⇄ monochrome toggle.
  • Honest degradation — when no changelog is machine-findable, ShipLog says so and shows what it does know, never pretends.
  • Read-only by construction — never writes to the Docker socket.
  • Registry-friendly by construction — manifest checks are HEAD requests, which do not count against Docker Hub's pull rate limit. Bearer tokens are cached, duplicate images share one lookup per sweep, and a rate-limiting registry is backed off host-wide instead of hammered.
  • Knows what has no upstream — digest-pinned containers (image@sha256:…) and locally built images are labelled as such instead of producing bogus updates or permanent errors.
  • Update all in one click — a counter button next to the Basic/Advanced toggle triggers Unraid's own bulk update for every container with a pending update (ShipLog itself stays read-only).
  • Optional, off by default: AI changelog summaries via a local Ollama; enriched Matrix notifications.
  • Tiny + multi-arch (amd64 + arm64), pure-Go (no cgo), boot-smoke-gated CI.

4. Install on Unraid

The Community Applications template is published in the unraid-apps feed (search ShipLog in the Apps tab once it lands). The only required mount is the Docker socket, read-only:

-v /var/run/docker.sock:/var/run/docker.sock:ro
-v /mnt/user/appdata/shiplog:/config
-p 8484:8484

Open the WebUI on port 8484.

5. Configuration

Variable Default Notes
PORT 8484 engine API + status page
DOCKER_SOCKET /var/run/docker.sock mounted read-only
DATA_DIR /config SQLite database + curated-mapping override
POLL_INTERVAL 6h how often to re-check (e.g. 1h, 12h, 24h)
GITHUB_TOKEN optional; raises the anonymous GitHub API limit for changelog fetching
OLLAMA_URL / OLLAMA_MODEL optional AI summaries
MATRIX_HOMESERVER / MATRIX_TOKEN / MATRIX_ROOM optional enriched notifications

6. How it works

Every POLL_INTERVAL, for each container:

  1. Discover via the read-only Docker socket (image ref, digest, OCI labels). Digest-pinned (image@sha256:…), image-ID-referenced and locally built containers are recognised here and honestly labelled — they have no upstream to check, so no registry call is made for them.
  2. Resolve the newest tag + same-tag digest from the registry (Docker Hub / GHCR / generic OCI v2, anonymous). Manifest checks are HEAD-only and don't consume Docker Hub's pull rate limit; the tags/list call is subject only to generic throttling, which ShipLog meets with per-request retries (honouring Retry-After), a per-host request gate, bearer-token caching, one lookup per distinct image per sweep, and a host-wide backoff after a hard 429.
  3. Changelog via a layered provider chain — first hit wins: the image's org.opencontainers.image.source label → GitHub releases between the tags; otherwise a version-delta fallback with a compare link.
  4. Risk is a pure function of the version delta.
  5. Store in SQLite (status + a small per-container version history) and surface on the API + status page.

7. Security

ShipLog mounts the Docker socket read-only and never issues a write call — it cannot start, stop, recreate, or pull anything. v1 has no authentication and is intended for a trusted LAN; do not expose port 8484 to the internet. It makes outbound HTTPS calls to image registries and (for changelogs) GitHub.

8. License

MIT — see LICENSE. ShipLog talks to upstream registries and GitHub over their public APIs; it bundles no third-party container content.


Part of a family of self-hosted Unraid apps + plugins by junkerderprovinz — see them all at github.com/junkerderprovinz, or install from Community Applications.

Install ShipLog on Unraid in a few clicks.

Find ShipLog in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for ShipLog Review the template variables and paths Click Install

Requirements

The Docker socket, mounted READ-ONLY (/var/run/docker.sock:ro) - ShipLog only ever reads it and never issues a write call. Outbound HTTPS to image registries and GitHub is used to fetch changelogs.

Related apps

Details

Repository
ghcr.io/junkerderprovinz/shiplog:latest
Last Updated2026-06-25
First Seen2026-06-12

Runtime arguments

Web UI
http://[IP]:[PORT:8484]/
Network
bridge
Shell
sh
Privileged
false