export async function runContainerUpdate(
settingId: number,
containerName: string,
environmentId: number | null | undefined,
triggeredBy: ScheduleTrigger
): Promise<void> {
const log = (message: string) => {
console.log(`[Auto-update] ${message}`);
appendScheduleExecutionLog(execution.id, `[${new Date().toISOString()}] ${message}`);
};
log(`Checking container: ${containerName}`);
// Check registry for updates
const registryCheck = await checkImageUpdateAvailable(imageNameFromConfig, currentImageId, envId);
if (!registryCheck.hasUpdate) {
log(`Already up-to-date: ${containerName}`);
return;
}
log(`Update available! Registry digest: ${registryCheck.registryDigest}`);
// Pull new image
await pullImage(imageNameFromConfig, undefined, envId);
// Scan for vulnerabilities if enabled
if (shouldScan) {
const scanOutcome = await scanAndCheckBlock({
newImageId,
currentImageId,
envId,
vulnerabilityCriteria,
log
});
if (scanOutcome.blocked) {
log(`UPDATE BLOCKED: ${scanOutcome.reason}`);
await sendEventNotification('auto_update_blocked', {
title: 'Auto-update blocked',
message: `Container "${containerName}" update blocked: ${scanOutcome.reason}`,
type: 'warning'
}, envId);
return;
}
}
// Recreate container with new image
log(`Recreating container with full config passthrough...`);
await recreateContainer(containerName, envId, log, imageNameFromConfig);
log(`Successfully updated container: ${containerName}`);
}