Skip to main content

EXTENSIONS

User-built models, drivers, vaults, and reports — the parts that plug into swamp.

Filter by what you need and pull what fits.

Selection
12 results
label:docker

Base Images

@hivemq/base-images · v2026.06.29.159

A declared fleet of base OCI images we keep security-patched. The whole job — what to patch (`source` = registry/repository/tag), how (`patch`, default: apply all pending security updates), where to publish (`destination` = repository/tag under a run-time `registry`), and what to assert (`expect`, optional version floor) — lives in the model instance's `globalArguments.images`, so a single `swamp model method run <instance> patch --input registry=<registry[/namespace]>` builds, verifies, and pushes every image. The destination registry is the `registry` arg (or `globalArguments.registry`), so one instance retargets to a different registry per run. No workflow. Verify is foreknowledge-free (asserts no security updates remain pending on every platform), which fits a scheduled cadence; an optional per-image `expect` adds a version floor. Composes the pure logic of @hivemq/oci/image/patch and the buildx wrapper of @hivemq/docker; it is the only one of the three that drives buildx. Motivated by PLT-941 (openssl CVE-2026-45447): own the patch cadence instead of waiting on upstream base rebuilds.

upd Jun 2925 pullsD50/100

Docker Compose Refresher

@shelson/docker-compose-refresher · v2026.06.28.4

Keep :latest-tagged (and untagged) services in local or SSH-reachable docker compose projects up to date. Compares each running container's image digest against the registry (docker buildx imagetools) so already-current services are left untouched, then pulls and recreates only stale ones with a health-gate. Dry-run by default. Supports sudo-prefixed docker and per-host SSH config.

upd Jun 281 pullsA100/100

Oci/image/patch

@hivemq/oci/image/patch · v2026.06.26.156

Take a single base OCI image identifier and emit its security-patched counterpart under the HiveMQ naming convention (<registry>/<namespace>/<flattened>:<tag>-hivemq-patched-<date>). A pure logic model (`plan` generates the security-upgrade Dockerfile + derives the re-homed target; `verify` asserts the expected fixed package versions) plus a bundled workflow that orchestrates a container CLI wrapper around it: plan, build the multi-arch image, verify the expected versions on every platform of it, then push. Two workflow variants ship: the Apple @hivemq/container engine (self-hosted macOS) and @hivemq/docker (standard Linux/GitHub-hosted runners). Motivated by PLT-941 (openssl CVE-2026-45447): own the patch cadence instead of waiting on upstream base rebuilds. Registry credentials are injected from a swamp vault at run time and never persisted in a committed instance.

upd Jun 2612 pullsD50/100

Docker

@hivemq/docker · v2026.06.26.156

Thin swamp wrapper around the `docker` CLI. Image-lifecycle subset: `build` (single-platform, locally runnable), `run`, `buildInspectPlatforms` (build each arch single-arch with `buildx --load` + run an inspection command, capturing all output in one `inspected` resource — the verify-before-push primitive), `login`, and `buildx build --push` (multi-arch build + push). Each method mirrors a `docker` subcommand so workflows can drive the build/run/publish lifecycle without bespoke shell steps.

upd Jun 264 pullsD50/100

Container Image

@webframp/container-image · v2026.06.23.1

Build, push, and inspect OCI container images. Registry-agnostic — works with ECR, GHCR, DockerHub, or any OCI-compliant registry. Supports docker, podman, nerdctl, and buildah. Produces typed, versioned build metadata.

upd Jun 242 pullsA100/100

Arcane

@thomas/arcane · v2026.06.24.1

Management of an Arcane Docker instance via its REST API — GitOps sync setup, compose project lifecycle with validated mode-aware deploy, swarm stack deploy (render-validated, convergence-polled) + secret/config rotation, and volume/prune cleanup.

upd Jun 242 pullsA100/100

Image Updater

@lint/image-updater · v2026.06.09.1

Auto-applier for docker image updates — pulls + restarts compose stacks with deny lists, cooling periods, and a per-run cap.

upd Jun 910 pullsA100/100

Docker

@keeb/docker · v2026.05.31.2

Manage Docker Engine and Docker Compose lifecycle on remote hosts over SSH, including install, build, run, inspect, exec, and compose service operations.

upd Jun 166 pullsA100/100

Portainer

@lint/portainer · v2026.05.21.2

Portainer API wrapper — snapshot endpoints/containers/stacks across every docker host, and drive container actions (start/stop/restart/kill/pause/unpause) plus image pulls from swamp workflows.

upd May 215 pullsA100/100

Image Updates

@lint/image-updates · v2026.05.21.1

Docker image update tracker — compares local image digests against the registry to surface available updates per container.

upd May 2115 pullsA100/100

Docker Host

@lint/docker-host · v2026.05.21.1

Docker container discovery across a Proxmox cluster — SSHes to each PVE node, runs `pct exec <vmid> docker ps` on every docker-tagged LXC.

upd May 217 pullsA100/100

Docker Image Test

@alvagante/docker-image-test · v2026.05.20.7

Local Docker image smoke testing for swamp: build image matrices, run containers, poll health checks, capture logs, and clean up.

upd May 2022 pullsB83/100