Automatic Updates with Renovate
Renovate is the recommended way to keep our images up to date. It opens pull requests against your Compose, Helm, or Kustomize files when a new tag or digest is published.
Minimal Configuration
Section titled “Minimal Configuration”Add a renovate.json to the repository hosting your Compose files:
{ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:recommended"], "docker-compose": { "fileMatch": ["(^|/)compose\\.ya?ml$", "(^|/)docker-compose\\.ya?ml$"] }}Pinning to Digests
Section titled “Pinning to Digests”Combine Renovate’s pinDigests preset with our tag pinning recommendation:
{ "extends": ["config:recommended", "docker:pinDigests"]}After enabling, your image references are rewritten to include both the tag and the sha256 digest, e.g.:
image: ghcr.io/trueforge-org/home-assistant:2025.5.1@sha256:8053...Renovate will then update the digest whenever the tag is rebuilt.
Limiting Update Scope
Section titled “Limiting Update Scope”To accept only patch and digest updates for a given image:
{ "packageRules": [ { "matchPackagePatterns": ["^ghcr.io/trueforge-org/"], "matchUpdateTypes": ["major", "minor"], "enabled": false } ]}See the Renovate documentation for the full set of options.