--- services: {{ service_name }}: image: ghcr.io/mend/renovate-ce:13.1.0-full {# If not in swarm mode, apply container name and restart policy #} {% if not swarm_enabled %} container_name: {{ container_name }} restart: {{ restart_policy }} {% endif %} {# Set container hostname for identification #} hostname: {{ container_hostname }} {# When traefik is enabled, add traefik network for reverse proxy access #} {% if traefik_enabled %} networks: {{ traefik_network }}: {% endif %} {# Port mappings for web interface (only when Traefik is disabled) #} {% if not traefik_enabled %} ports: - "{{ ports_http }}:8080" {% endif %} {# Environment file containing Renovate configuration #} env_file: - ./.env {# When swarm_enabled is set, use Docker secrets for sensitive data #} {% if swarm_enabled %} secrets: - source: {{ service_name }}_license_key target: /run/secrets/{{ service_name }}_license_key mode: 0400 - source: {{ service_name }}_git_token target: /run/secrets/{{ service_name }}_git_token mode: 0400 {% if webhook_secret %} - source: {{ service_name }}_webhook_secret target: /run/secrets/{{ service_name }}_webhook_secret mode: 0400 {% endif %} {# Deploy configuration for Swarm mode: - Configure replicas, placement constraints - Traefik: Labels for reverse proxy integration (Swarm mode) #} deploy: mode: {{ swarm_placement_mode }} {% if swarm_placement_mode == 'replicated' %} replicas: {{ swarm_replicas }} {% endif %} {% if swarm_placement_host %} placement: constraints: - node.hostname == {{ swarm_placement_host }} {% endif %} {# When traefik_enabled is set in swarm mode, add traefik labels (optionally enable TLS if traefik_tls_enabled is set) #} {% if traefik_enabled %} labels: - traefik.enable=true - traefik.http.services.{{ service_name }}.loadbalancer.server.port=8080 - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }} {% if traefik_tls_enabled %} - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }} - traefik.http.routers.{{ service_name }}-https.tls=true - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }} {% endif %} {% endif %} {% else %} {# When traefik_enabled is set, and not running in swarm mode, add traefik labels (optionally enable TLS if traefik_tls_enabled is set) #} {% if traefik_enabled %} labels: - traefik.enable=true - traefik.http.services.{{ service_name }}.loadbalancer.server.port=8080 - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }} {% if traefik_tls_enabled %} - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }} - traefik.http.routers.{{ service_name }}-https.tls=true - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }} {% endif %} {% endif %} {% endif %} {# Health check: Verify Renovate service is responding #} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s {# Docker Swarm secrets (only when swarm_enabled is set): - License key, Git token, and webhook secret #} {% if swarm_enabled %} secrets: {{ service_name }}_license_key: file: ./.env.secret.license {{ service_name }}_git_token: file: ./.env.secret.token {% if webhook_secret %} {{ service_name }}_webhook_secret: file: ./.env.secret.webhook {% endif %} {% endif %} {# Network definitions (only when Traefik is enabled): - Traefik network: always external (managed by Traefik) #} {% if traefik_enabled %} networks: {{ traefik_network }}: external: true {% endif %}