Skip to content

[User Story] Replace Renovate Docker image tracking with TryGhost Compose sync workflow #293

New issue
New issue
Closed
Closed
[User Story] Replace Renovate Docker image tracking with TryGhost Compose sync workflow#293
Assignees
noahwhite
Labels
RTBUser Story
@noahwhite

Description

@noahwhite
noahwhite
opened on Mar 14, 2026

Story Summary

As an operator, I want Docker image versions to be synced from TryGhost/ghost-docker's compose.yml instead of Docker Hub, so that image updates match what TryGhost actually ships rather than whatever is latest upstream.

✅ Acceptance Criteria

  • GitHub Actions workflow (sync-tryghost-compose.yml) runs daily at 06:30 UTC and on manual dispatch
  • Workflow fetches compose.yml from TryGhost/ghost-docker main branch
  • Workflow validates all 5 tracked image prefixes exist upstream (fails fast if any missing)
  • Workflow detects new untracked upstream images and warns (does not block)
  • Workflow compares each tracked image and updates compose.yml.tftpl via sed if any differ
  • Workflow creates/reuses a GitHub issue for tracking (deduped by title prefix)
  • Workflow creates/updates a PR via peter-evans/create-pull-request@v8 with a diff table
  • Workflow exits cleanly with no issue/PR when no changes are detected
  • renovate.json no longer contains customManagers or packageRules for Docker images
  • docs/runbooks/renovate.md updated to reflect Renovate only covers non-Docker dependencies
  • CLAUDE.md "Updating Ghost Docker Images" section references the sync workflow

📝 Additional Context

  • Renovate PR chore(deps): update mysql docker tag to v9 #287 proposed MySQL 9.6.0 — a version TryGhost hasn't adopted. Root cause: Renovate tracks Docker Hub latest, not what TryGhost ships.
  • Tracked images: caddy:, mysql:, ghost/traffic-analytics:, ghcr.io/tryghost/activitypub:, ghcr.io/tryghost/activitypub-migrations:
  • peter-evans/create-pull-request@v8 creates commits via GitHub API (auto-signed), handles branch/commit/PR lifecycle
  • MySQL downgrade guard added: skips MySQL update if upstream version <= 8.4.8 (current pinned version)
  • Uses ghost-stack-automation GitHub App token so CI checks trigger on generated PRs
  • Related: PR chore(deps): update mysql docker tag to v9 #287 (closed after merge)

📦 Definition of Ready

  • Acceptance criteria defined
  • No unresolved external dependencies
  • Story is estimated
  • Team has necessary skills and access
  • Priority is clear
  • Business value understood

✅ Definition of Done

  • All acceptance criteria met
  • Unit/integration tests written & passing
  • Peer-reviewed
  • Docs updated (if applicable)
  • Verified in staging (if needed)
  • No critical bugs/regressions

Metadata

Metadata

Assignees

Labels

RTBUser Story

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions