Prerequisites¶

• Docker with /var/run/docker.sock accessible
• SSH access to your Git repository
• A known_hosts file for your Git provider

ssh-keyscan github.com > known_hosts

Configuration¶

Watcher reads from a config.yaml file:

repoURL: git@github.com:your-org/your-repo.git
deploymentDir: /app/deployment
composeFile: docker-compose.yaml
targetBranch: main
checkInterval: 30
stateLocation: /etc/watcher
dockerAPIVersion: "1.48"

# Optional — only if not using SSH Agent
sshKeyPath: /home/appuser/.ssh/id_rsa

Parameters¶

Authentication¶

Watcher authenticates over SSH and verifies the server's host key using known_hosts.

SSH Agent (Recommended)¶

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

Then wire it into the Compose file:

environment:
  - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
volumes:
  - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}

Private Key File¶

Mount the key and set sshKeyPath in config.yaml:

volumes:
  - /path/to/id_rsa:/home/appuser/.ssh/id_rsa:ro

sshKeyPath: /home/appuser/.ssh/id_rsa

Docker Compose¶

services:
  watcher:
    image: sithukyaw666/watcher:0.1.1
    container_name: watcher
    restart: unless-stopped
    environment:
      - SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
      - SSH_KNOWN_HOSTS=/home/appuser/.ssh/known_hosts
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config.yaml:/home/appuser/config.yaml:ro
      - ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}
      - ./known_hosts:/home/appuser/.ssh/known_hosts:ro
      - watcher_data:/etc/watcher/
      - ./deployment:/app/deployment
    ports:
      - "8080:8080"

volumes:
  watcher_data:

docker compose up -d

Dashboard available at http://localhost:8080.

Build from Source¶

git clone https://github.com/Sithukyaw666/Watcher.git
cd Watcher
go build -o watcher .
./watcher