# Example: Annotated Container Definitions for Renovate # # This file demonstrates how to annotate Docker container definitions # in Terraform so that Renovate can detect and update image versions. # # Add the comment "# renovate: datasource=docker" above the image line # to enable automatic version detection and updates. # ============================================================================= # Basic Pattern: Combined image:tag format # ============================================================================= # This is the most common pattern where image name and tag are in one string. locals { services = { # Basic Redis container redis = { # renovate: datasource=docker image = "redis:8.0.0" container_ports = ["6379"] networks = ["backend-network"] } # Container with full registry path postgres = { # renovate: datasource=docker image = "docker.io/library/postgres:16.4-alpine" container_ports = ["5432"] networks = ["backend-network"] volumes = { "postgres-data" = "/var/lib/postgresql/data" } } # Third-party image from Docker Hub grafana = { # renovate: datasource=docker image = "grafana/grafana:11.2.0" container_ports = ["3000"] networks = ["traefik_network", "monitoring-network"] use_traefik = true } # Image from GitHub Container Registry paperless = { # renovate: datasource=docker image = "ghcr.io/paperless-ngx/paperless-ngx:2.12.1" container_ports = ["8000"] networks = ["traefik_network"] use_traefik = true } } } # ============================================================================= # Advanced Pattern: With explicit versioning scheme # ============================================================================= # Use this when the image has a non-standard version format. locals { advanced_services = { # HashiCorp images use semver vault = { # renovate: datasource=docker versioning=semver image = "hashicorp/vault:1.17.3" container_ports = ["8200"] networks = ["traefik_network"] } # MinIO uses date-based releases minio = { # renovate: datasource=docker versioning=regex:^RELEASE\.(?\d{4})-(?\d{2})-(?\d{2})T\d{2}-\d{2}-\d{2}Z$ image = "minio/minio:RELEASE.2024-08-29T01-40-52Z" container_ports = ["9000", "9001"] networks = ["traefik_network"] } } } # ============================================================================= # Alternative Pattern: Separate version variable # ============================================================================= # Use this when you prefer to define versions as separate variables. # renovate: datasource=docker depName=traefik variable "traefik_version" { description = "Version of Traefik to deploy" type = string default = "3.1.2" } # renovate: datasource=docker depName=redis variable "redis_version" { description = "Version of Redis to deploy" type = string default = "8.0.0" } # renovate: datasource=docker depName=grafana/grafana variable "grafana_version" { description = "Version of Grafana to deploy" type = string default = "11.2.0" } # Usage example with separate variables locals { versioned_services = { traefik = { image = "traefik:${var.traefik_version}" container_ports = ["80", "443", "8080"] networks = ["traefik_network"] } } } # ============================================================================= # Complete Example: Production-like container object # ============================================================================= # This shows a realistic container definition with all common settings. locals { production_services = { # Paperless-NGX Document Management System paperless-webserver = { # renovate: datasource=docker image = "ghcr.io/paperless-ngx/paperless-ngx:2.12.1" healthcheck = { test = ["CMD", "curl", "-f", "http://localhost:8000"] interval = "30s" timeout = "10s" retries = 5 start_period = "60s" } vault_env_path = "secret/paperless-ngx" environment = "prod" replicas = 1 volumes = { "paperless-data" = "/usr/src/paperless/data" "paperless-media" = "/usr/src/paperless/media" "paperless-export" = "/usr/src/paperless/export" "paperless-consume" = "/usr/src/paperless/consume" } host_ports = [] container_ports = ["8000"] networks = ["paperless-backend-network", "traefik_network"] use_traefik = true is_swarm_service = false consul_service = true access_docker_sock = false create_cname_record = true } # Redis broker for Paperless paperless-broker = { # renovate: datasource=docker image = "docker.io/library/redis:8" healthcheck = { test = ["CMD", "redis-cli", "ping"] interval = "30s" timeout = "5s" retries = 3 start_period = "10s" } vault_env_path = "secret/paperless-ngx" environment = "prod" replicas = 1 volumes = { "paperless-redisdata" = "/data" } host_ports = [] container_ports = ["6379"] networks = ["paperless-backend-network"] use_traefik = false is_swarm_service = false consul_service = false access_docker_sock = false create_cname_record = false } # PostgreSQL database for Paperless paperless-db = { # renovate: datasource=docker image = "docker.io/library/postgres:16.4-alpine" healthcheck = { test = ["CMD-SHELL", "pg_isready -U paperless"] interval = "30s" timeout = "5s" retries = 3 start_period = "30s" } vault_env_path = "secret/paperless-ngx" environment = "prod" replicas = 1 volumes = { "paperless-pgdata" = "/var/lib/postgresql/data" } host_ports = [] container_ports = ["5432"] networks = ["paperless-backend-network"] use_traefik = false is_swarm_service = false consul_service = false access_docker_sock = false create_cname_record = false } } }