All apps · 0 apps
ShipLog
Docker app from junkerderprovinz's Repository
Overview
Readme
View on GitHub
⚓ ShipLog reads the changelog before you update — right inside Unraid's native Docker tab. Next to each container it shows what actually changes between your running image and the newest: the release notes, a deterministic risk badge (patch / minor / major) and the real version jump (e.g. 1.7 → 1.8).
Read-only — it never pulls, recreates or stops anything. Optional: AI changelog summaries via a local Ollama, and Matrix notifications.
Table of Contents
1. What is this?
A single static Go binary on a distroless image (~tens of MB, low idle RAM) that polls the read-only Docker socket, resolves which images have updates, fetches the changelog for the version span, classifies the risk, and serves it on a small status page + JSON API. The headline experience — a changelog bubble next to each container in Unraid's Docker tab — ships as a companion Unraid plugin; this engine is the brain and works on any Docker host via its status page.
2. Screenshots
Click the Changelog chip on any container — the bubble shows the version jump, a risk badge, the release notes, an optional AI summary, and a read-only Update-now button, right in Unraid's Docker tab.
A Changelog chip sits on every container: a coloured dot when an update is waiting, grey when you're up to date.
Settings: poll interval, a live engine-status line, optional GitHub / Docker Hub tokens for more changelogs, Ollama (with autodetect) for AI summaries, and Matrix alerts.
3. Features
- What changed, not just "update available" — changelog between your running tag and the newest, newest-first, with a link to the full release notes.
- Deterministic risk badge — digest/patch = low, minor = medium, major = high, non-semver = unknown (with a reason). Colour by default, with a colour ⇄ monochrome toggle.
- Honest degradation — when no changelog is machine-findable, ShipLog says so and shows what it does know, never pretends.
- Read-only by construction — never writes to the Docker socket.
- Registry-friendly by construction — manifest checks are
HEADrequests, which do not count against Docker Hub's pull rate limit. Bearer tokens are cached, duplicate images share one lookup per sweep, and a rate-limiting registry is backed off host-wide instead of hammered. - Knows what has no upstream — digest-pinned containers (
image@sha256:…) and locally built images are labelled as such instead of producing bogus updates or permanent errors. - Update all in one click — a counter button next to the Basic/Advanced toggle triggers Unraid's own bulk update for every container with a pending update (ShipLog itself stays read-only).
- Optional, off by default: AI changelog summaries via a local Ollama; enriched Matrix notifications.
- Tiny + multi-arch (amd64 + arm64), pure-Go (no cgo), boot-smoke-gated CI.
4. Install on Unraid
The Community Applications template is published in the unraid-apps feed (search ShipLog in the Apps tab once it lands). The only required mount is the Docker socket, read-only:
-v /var/run/docker.sock:/var/run/docker.sock:ro
-v /mnt/user/appdata/shiplog:/config
-p 8484:8484
Open the WebUI on port 8484.
5. Configuration
| Variable | Default | Notes |
|---|---|---|
PORT |
8484 |
engine API + status page |
DOCKER_SOCKET |
/var/run/docker.sock |
mounted read-only |
DATA_DIR |
/config |
SQLite database + curated-mapping override |
POLL_INTERVAL |
6h |
how often to re-check (e.g. 1h, 12h, 24h) |
GITHUB_TOKEN |
— | optional; raises the anonymous GitHub API limit for changelog fetching |
OLLAMA_URL / OLLAMA_MODEL |
— | optional AI summaries |
MATRIX_HOMESERVER / MATRIX_TOKEN / MATRIX_ROOM |
— | optional enriched notifications |
6. How it works
Every POLL_INTERVAL, for each container:
- Discover via the read-only Docker socket (image ref, digest, OCI labels). Digest-pinned (
image@sha256:…), image-ID-referenced and locally built containers are recognised here and honestly labelled — they have no upstream to check, so no registry call is made for them. - Resolve the newest tag + same-tag digest from the registry (Docker Hub / GHCR / generic OCI v2, anonymous). Manifest checks are
HEAD-only and don't consume Docker Hub's pull rate limit; thetags/listcall is subject only to generic throttling, which ShipLog meets with per-request retries (honouringRetry-After), a per-host request gate, bearer-token caching, one lookup per distinct image per sweep, and a host-wide backoff after a hard 429. - Changelog via a layered provider chain — first hit wins: the image's
org.opencontainers.image.sourcelabel → GitHub releases between the tags; otherwise a version-delta fallback with a compare link. - Risk is a pure function of the version delta.
- Store in SQLite (status + a small per-container version history) and surface on the API + status page.
7. Security
ShipLog mounts the Docker socket read-only and never issues a write call — it cannot start, stop, recreate, or pull anything. v1 has no authentication and is intended for a trusted LAN; do not expose port 8484 to the internet. It makes outbound HTTPS calls to image registries and (for changelogs) GitHub.
8. License
MIT — see LICENSE. ShipLog talks to upstream registries and GitHub over their public APIs; it bundles no third-party container content.
Part of a family of self-hosted Unraid apps + plugins by junkerderprovinz — see them all at github.com/junkerderprovinz, or install from Community Applications.
Install ShipLog on Unraid in a few clicks.
Find ShipLog in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Requirements
Categories
Related apps
Explore more like this
Explore allDetails
ghcr.io/junkerderprovinz/shiplog:latestRuntime arguments
- Web UI
http://[IP]:[PORT:8484]/- Network
bridge- Shell
sh- Privileged
- false