Why not Watchtower, Duin, or Harbormaster?
While tools like Watchtower, Duin, and Harbormaster offer convenient container update functionalities, they require access to the Docker socket. Providing access to the Docker socket is generally considered a security risk as it grants significant control over the host system.
If you have ever had watchtower break something you know the annoyance. Also what if the update fails? How are you gonna know if there's breaking changes? After or before breaking a database?
Harbormaster almost pulls this off, however it requires changing path mappings in order to work, which is a no-go for me.
Duin just notifies you if there's an update, which you then manually update it. Again this is a no-go.
This homelab prioritizes security and adopts a more controlled approach to updates by leveraging Drone CI and Renovate bot. This combination allows for automated dependency updates and controlled deployments through a dedicated CI/CD pipeline, ensuring both security and stability.
Why not just Kubernetes and Flux?
Personally I don't think Kubernetes is needed in a Homelab, especially if you follow KISS like I do. I have spun up a few clusters and played around trying to switch all my services from Docker to Kubernetes, but I just always seem to migrate back to native Docker. Maybe one day, but I like my custom automation for CD now.
Why get release notes for Linuxserver images?
Linuxserver doesn't follow SemVer versioning which essentially breaks Renovate. I have so many of their packages that instead of writing custom Regex for each release title for Renovate to pull release notes, I just use the latest digest which Renovate detects no problem, then I have a n8n automation that grabs release notes from Github API and sends to PR for that specific release.