doco-cd releases

What's Changed

Fixed a bug that caused jobs to always be scheduled with UTC timezone instead of the local/set timezone.

This release also adds two new API endpoints to list and trigger scheduled jobs (introduced in v0.86.0), see also the REST API documentation.

| Endpoint | Method | Description | Query Parameters |
|-----------------------------|--------|-------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| /v1/api/jobs | GET | List all discovered scheduled jobs. | - stack (string, optional): Return scheduled jobs only for one stack/project. |
| /v1/api/job/{jobName}/run | POST | Trigger a configured scheduled job immediately. | - stack (string, optional): Limit matching to a specific stack/project.
- wait (boolean, default: true): Wait for the triggered run to finish before responding. |

What is the jobName for a scheduled job?
jobName is the runtime name of the scheduled target:

• Docker (standalone): the container name (for example my-stack-backup-1)
• Docker Swarm: the service name (for example my-stack_backup)

How do I find the jobName for a scheduled job?
You can get the jobName from the scheduler logs ("job":"...") or from GET /v1/api/jobs.

• If multiple jobs share the same jobName, provide stack to disambiguate for the run endpoint.
• If the matched job is disabled, the run endpoint returns a conflict response.

Common run endpoint outcomes

• 200 OK: run triggered and completed (wait=true).
• 202 Accepted: run accepted and running in background (wait=false).
• 404 Not Found: no scheduled job matched jobName (and optional stack).
• 409 Conflict: matched job is disabled or the selection is ambiguous.

Example Request

Trigger a job by container name

curl --request POST \
  --url 'https://cd.example.com/v1/api/job/my-stack-backup-1/run?wait=true' \
  --header 'x-api-key: your-api-key'

Trigger a job by service name in a specific stack

curl --request POST \
  --url 'https://cd.example.com/v1/api/job/backup/run?stack=my-stack&wait=true' \
  --header 'x-api-key: your-api-key'

List all scheduled jobs for a specific stack

curl --request GET \
  --url 'https://cd.example.com/v1/api/jobs?stack=my-stack' \
  --header 'x-api-key: your-api-key'

✨ Features

• feat(api): add API endpoints for managing scheduled jobs by @kimdre in https://github.com/kimdre/doco-cd/pull/1329

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.86.0...v0.87.0

What's Changed

Scheduled jobs

This release adds a job scheduler that allows you to run containers/services defined in your docker compose files as scheduled jobs based on cron-like schedules or predefined intervals.
This is useful for running periodic tasks such as backups, maintenance scripts, or any recurring workloads without needing an external scheduler.

More details in the documentation.

Domain-scoped Git authentication

You can now specify domain-scoped Git auth credentials to allow Git operations (clone/fetch) for multiple SCMs/domains. If no domains match or domain-scoped authentication is not configured, the GIT_ACCESS_TOKEN / SSH_PRIVATE_KEY values are used.

The domain-scoped authentication configuration is a YAML list where each entry defines credentials for one or more domains.
Each entry in the list has the following structure:

- domains:                          # (Required) List of domain names or patterns
    - domain1.com
    - domain2.com
    - '*.example.com'
  git_access_token: xxx             # (Optional) HTTP token for git access
  ssh_private_key: |                # (Optional) SSH private key content
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----
  ssh_private_key_passphrase: xxx   # (Optional) Passphrase for encrypted SSH key

More details in the documentation.

✨ Features

• feat(scheduler): add support for scheduled jobs/cronjobs by @kimdre in https://github.com/kimdre/doco-cd/pull/1325
• feat(git): add support for domain-scoped Git credentials by @kimdre in https://github.com/kimdre/doco-cd/pull/1326

🌟 Improvements

• feat(metrics): add metrics for scheduled job runs by @kimdre in https://github.com/kimdre/doco-cd/pull/1327
• fix(scheduler): improve handling of scheduled services in deployment by @kimdre in https://github.com/kimdre/doco-cd/pull/1328

📦 Dependencies

• fix(deps): update module github.com/docker/cli to v29.4.3+incompatible by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1320
• chore(deps): update github/codeql-action digest to 68bde55 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1323
• chore(deps): update dependency golang to v1.26.3 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1324

📚 Miscellaneous

• docs: improve code examples by @kimdre in https://github.com/kimdre/doco-cd/pull/1321

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.85.1...v0.86.0

What's Changed

🐛 Bug Fixes

• fix(config): remove 'notEmpty' constraint from OpenBao AccessToken field by @kimdre in https://github.com/kimdre/doco-cd/pull/1319

📦 Dependencies

• chore(deps): update docker/github-builder digest to c2782c5 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1315

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.85.0...v0.85.1

Nested deployment configurations with Auto-Discovery

You can now add additional, nested deployment configurations when use the auto-discovery feature to override the base-deployment configuration for a specifc project/stack. For more info see the documentation for Nested config overrides.

🚨 Breaking Changes to Settings in the Deployment Configuration

This Release introduces a configuration schema cleanup in the deployment settings for consistency with other settings, adds flexible shorthand syntax, and updates auto-discovery label handling in Docker Container.

[!IMPORTANT]
You need to change the following values:

• Replace the following in your .doco-cd.yml files:
  • auto_discover and auto_discover_opts -> auto_discovery (merged together to one object)
  • destroy and destroy_opts -> destroy (merged together to one object)
  • build_opts -> build (Renamed)
• Consider recreating containers that use the legacy cd.doco.deployment.auto_discover Docker label to migrate to cd.doco.deployment.auto_discovery in the next convenient moment.

Changes

Unified Config Objects

• Auto-discovery config is now unified: auto_discover and auto_discover_opts are replaced by a single auto_discovery object:
  • auto_discovery.enabled
  • auto_discovery.depth
  • auto_discovery.delete
• Destroy config is now unified: destroy (boolean) and destroy_opts are replaced by a single destroy object:
  • destroy.enabled
  • destroy.remove_volumes
  • destroy.remove_images
  • destroy.remove_dir

Renamed Fields for Build settings

build_opts has been renamed to build:

build:
  force_image_pull: true
  no_cache: true
  args:
    MY_ARG: value

Boolean Shorthand Support

auto_discovery, destroy, and reconciliation now accept either a boolean or a full object, enabling a concise shorthand:

# Shorthand (uses default options)
auto_discovery: true
destroy: true
reconciliation: false

# Full object (for customization)
auto_discovery:
  enabled: true
  depth: 2
  delete: false

Docker Label Changes

By renaming the auto_discovery deploy setting, I also changed their Container labels. The old labels are deprecated but still supported to prevent unnecessary redeployments/container recreations:

• New labels: cd.doco.deployment.auto_discovery and cd.doco.deployment.auto_discovery.delete
• Deprecation handling: Legacy auto_discover labels are still read as a fallback for existing containers, and a deprecation warning is logged, prompting migration.

What's Changed

🚨 Breaking Changes

• refactor(deploy-config): configuration schema cleanup by @kimdre in https://github.com/kimdre/doco-cd/pull/1306

✨ Features

• feat(deploy-config): add support for nested deployment configuration by @kimdre in https://github.com/kimdre/doco-cd/pull/1305

🌟 Improvements

• refactor(external-secrets): seperate caching logic in 1password provider by @kimdre in https://github.com/kimdre/doco-cd/pull/1304
• refactor(config): reorganize config package by @kimdre in https://github.com/kimdre/doco-cd/pull/1310
• feat(reconciliation): add post-destroy stage and skip logic for reconciliation by @kimdre in https://github.com/kimdre/doco-cd/pull/1312
• refactor(deploy-config): rename 'enable' to 'enabled' for consistency by @kimdre in https://github.com/kimdre/doco-cd/pull/1313

📦 Dependencies

• chore(deps): update actions/add-to-project action to v2 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1302
• chore(deps): update dependency zensical to v0.0.40 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1301
• chore(deps): update module mvdan.cc/gofumpt to v0.10.0 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1308
• chore(deps): update docker/github-builder digest to d4bb88e by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1307

📚 Miscellaneous

• Update 'remove_dir' setting description for clarity by @mikeage in https://github.com/kimdre/doco-cd/pull/1311

New Contributors

• @mikeage made their first contribution in https://github.com/kimdre/doco-cd/pull/1311

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.84.0...v0.85.0

What's Changed

This release was a lot of work. Thank you to everyone who provided contributions and tested the changes! :)

Reconciliation on Docker events

The reconciliation logic has been completely rewritten and now triggers on events from the Docker daemon (like a removed service or unhealthy container) to start the reconciliation process instead of checking on an interval if reconciliation is needed.
Configuration options and further information can be found in the documentation.

Image Digest get fetched with HEAD requests

Doco-CD now fetches image digests from container registries using HEAD requests to avoid rate limits with a fallback to the previous GET request logic.

This is useful for registries like DockerHub, where all GET requests against the registry count as an image pull, even if they don't download any image layers.

New 1Password Connect provider

This release adds support for using a 1Password Connect Server as a external secrets provider.

A 1Password Connect server is a self-hosted proxy that caches vault data locally and serves secrets over a simple HTTP API. This is useful when you are deploying frequently or have multiple instances that would otherwise hit 1Password API rate limits.

See the docs for setup and usage: https://doco.cd/latest/External-Secrets/1Password-Connect/

[!TIP]
For 1Password Users
For improved performance and to avoid API rate limits in high-volume deployments, consider using 1Password Connect instead of service account authentication (The 1Password provider).

1Password provider: Client-Side Caching

The 1Password provider now supports client-side caching to reduce API calls to the 1Password cloud.

Enable and configure caching with the following environment variables:

| Key | Value | Default |
|---------------------------------|-----------------------------------------------------------------------------------------|:--------|
| SECRET_PROVIDER_CACHE_ENABLED | Enables in-memory caching for resolved secrets | false |
| SECRET_PROVIDER_CACHE_TTL | Cache TTL for resolved secrets as a Go duration string (for example: 30s, 5m, 1h) | 5m |
| SECRET_PROVIDER_CACHE_MAX_SIZE | Maximum number of secrets stored in cache before least-recently-used entries are evicted | 100 |

[!WARNING]
If the cache TTL is too long, secrets may become outdated.

✨ Features

• feat(external-secrets): add client-side caching for 1Password secrets by @kimdre in https://github.com/kimdre/doco-cd/pull/1286
• feat(external-secrets): add support for 1Password Connect Server by @kimdre in https://github.com/kimdre/doco-cd/pull/1287
• feat: trigger reconciliation on Docker daemon events by @kimdre in https://github.com/kimdre/doco-cd/pull/1268

🌟 Improvements

• feat: graceful shutdown by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1270
• fix: enhance GitHub release fetching by @kimdre in https://github.com/kimdre/doco-cd/pull/1280
• feat(docker): lookup registry image digest via HEAD by @kimdre in https://github.com/kimdre/doco-cd/pull/1294
• fix(external-secrets): resolve secrets in 1password connect provider concurrently by @kimdre in https://github.com/kimdre/doco-cd/pull/1298
• fix(reconciliation): change default trigger events for reconciliation by @kimdre in https://github.com/kimdre/doco-cd/pull/1300

📦 Dependencies

• chore(deps): update dependency zensical to v0.0.37 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1273
• chore(deps): update dependency zensical to v0.0.38 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1277
• fix(deps): update aws-sdk-go-v2 monorepo by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1279
• fix(deps): update module github.com/docker/cli to v29.4.2+incompatible by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1281
• chore(deps): update github/codeql-action digest to e46ed2c by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1289
• chore(deps): pin dependencies by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1288
• fix(deps): update module github.com/caarlos0/env/v11 to v11.4.1 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1291
• chore(deps): update dependency zensical to v0.0.39 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1290
• chore(deps): update module github.com/bombsimon/wsl/v5 to v5.8.0 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1292
• chore(deps): pin actions/add-to-project action to 244f685 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1299

📚 Miscellaneous

• docs: fix sitemap for latest symlink by @kimdre in https://github.com/kimdre/doco-cd/pull/1272
• fix: docs CI pipeline by @kimdre in https://github.com/kimdre/doco-cd/pull/1274
• docs: update Apprise documentation links by @kimdre in https://github.com/kimdre/doco-cd/pull/1276
• docs: fix broken links and improve formatting by @kimdre in https://github.com/kimdre/doco-cd/pull/1278

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.83.0...v0.84.0

What's Changed

🌟 Improvements

• feat(docker): remember deploy status by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1264

🐛 Bug Fixes

• fix(git): fix gitlab repoName with namespace by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1265
• fix(docker): stop false-positive "service not deployed" loop for containers missing cd.doco.* labels by @JojoMee in https://github.com/kimdre/doco-cd/pull/1269

📦 Dependencies

• chore(deps): update module github.com/bombsimon/wsl/v5 to v5.7.0 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1266
• chore(deps): update golang:1.26.2 docker digest to b54cbf5 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1271

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.82.2...v0.83.0

In the Media

For german users: Doco-CD was featured by Heise in a heise+ article, which will also be printed in the next issue of c't magazine, c't 10/2026.

What's Changed

When force_image_pull is set to true, the check for a changed image digest against the container image registry now returns correct results for mutable tags like latest.

🌟 Improvements

• refactor(docker): improve image digest comparison logic by @kimdre in https://github.com/kimdre/doco-cd/pull/1263

📦 Dependencies

• chore(deps): update dependency zensical to v0.0.36 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1261

📚 Miscellaneous

• docs: update media link for heise+ article by @kimdre in https://github.com/kimdre/doco-cd/pull/1257

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.82.1...v0.82.2

What's Changed

There was a typo in the Reconciliation settings documentation that has been fixed: reconciliation.enable -> reconciliation.enabled.
If you have reconciliation.enable configured, you will need to adjust it. Sorry for that!

Reconciliation now handles one-time services correctly according to their restart policy:

• Services with restart: always or restart: unless-stopped are expected to stay running.
• Services with no explicit restart policy are treated as restart: "no".
• Services with restart: on-failure may remain exited after success, and restart: "no" is treated as one-time behavior and is not reconciled back to running.
• Swarm handling is separate and uses Swarm service modes and deploy.restart_policy behavior.

More information on the restart policies can be found in the Docker Compose specification.

🌟 Improvements

• fix(docker): improve reconciliation for one time service by @kimdre in https://github.com/kimdre/doco-cd/pull/1255

📚 Miscellaneous

• docs: add annotations in code blocks by @kimdre in https://github.com/kimdre/doco-cd/pull/1253

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.82.0...v0.82.1

What's Changed

Periodic reconciliation

doco-cd now runs automatic reconciliation of deployed services to restore their desired state.

You can find more information on the Deploy Config wiki page:

• Deploy config
• Reconciliation settings

[!Tip]
To keep a service/container stopped, you need to scale it down in you docker compose config, see Removing a container service.

[!Note]
Currently this is done in a fixed interval. In the future it is planned to trigger this by listening on specific events from the Docker daemon.

Shallow cloning

Shallow cloning is now supported to

• speed up syncs
• reduce network usage and the size of cloned repositories on the filesystem

You can enable shallow cloning in two ways:

• Globally in the App Config with the GIT_CLONE_DEPTH env var
• Per deployment in the Deploy Config with the git_depth setting (overrides the global config)

Setting these settings to 0 means "no depth limit" for global, and "use global value" for deploy config.

[!Note]

• If a requested tag/SHA is not reachable in current shallow history, doco-cd deepens automatically before trying a full fetch.
• Changing depth on an existing local repo triggers an automatic re-clone to keep repository state consistent.

Usage overview

• Set global default:
  • GIT_CLONE_DEPTH=1 for shallow clone behavior across deployments.
  • GIT_CLONE_DEPTH=0 for full clone behavior.
• Override per deployment with git_depth:
  • git_depth: 1 to force shallow for that deployment.
  • git_depth: 0 to use global GIT_CLONE_DEPTH.

✨ Features

• feat: periodic reconciliation for webhook and poll by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1208
• feat(git): add support for shallow clones with configurable depth by @kimdre in https://github.com/kimdre/doco-cd/pull/1251

🌟 Improvements

• fix(swarm): implement retry logic for service update to handle "update out of sequence" errors by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1242
• fix: normalize error messages in no such image checks by @kimdre in https://github.com/kimdre/doco-cd/pull/1250

🐛 Bug Fixes

• fix(external-secrets): prevent webhook body corruption during template rendering in newRequest by @kimdre in https://github.com/kimdre/doco-cd/pull/1247

📦 Dependencies

• fix(deps): update module github.com/docker/cli to v29.4.1+incompatible by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1240
• fix(deps): update module github.com/moby/moby/api to v1.54.2 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1241
• fix(deps): update module github.com/moby/moby/client to v0.4.1 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1244
• fix(deps): update module github.com/go-git/go-git/v5 to v5.18.0 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1245
• chore(deps): update dependency zensical to v0.0.34 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1243
• chore(deps): update golang:1.26.2 docker digest to 1e598ea by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1252

📚 Miscellaneous

• docs: fix links in README.md by @andriibratanin in https://github.com/kimdre/doco-cd/pull/1246

New Contributors

• @andriibratanin made their first contribution in https://github.com/kimdre/doco-cd/pull/1246

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.81.0...v0.82.0

What's Changed

New Documentation

The doco-cd documentation has a new home at doco.cd. The old Github repository wiki was fine for the beginning but it was showing its limitations more and more and with the new documentation, users can now finally also contribute to the wiki.
The wiki source code can be found at the /wiki/ directory if you are interested.

Version Check

The version check, that runs when doco-cd is starting, now also sends a notification when Apprise is configured.

🌟 Improvements

• feat(notification): add notification for new version availability by @kimdre in https://github.com/kimdre/doco-cd/pull/1219
• fix(swarm): add lock by service name for runSwarmJob by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1220
• refactor: apply code fixes suggested by Go fix by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1221

📦 Dependencies

• chore(deps): update github/codeql-action digest to 95e58e9 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1226
• chore(deps): update docker/github-builder digest to 7d2a024 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1225
• fix(deps): update module github.com/docker/compose/v5 to v5.1.3 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1230
• fix(deps): update aws-sdk-go-v2 monorepo by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1229
• fix(deps): update module github.com/infisical/go-sdk to v0.7.1 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1238
• chore(deps): pin dependencies by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/1237

📚 Miscellaneous

• docs(wiki): migrate Github Wiki to Github Pages by @kimdre in https://github.com/kimdre/doco-cd/pull/1223
• fix(test): change tag to new tag without docs repo by @qianlongzt in https://github.com/kimdre/doco-cd/pull/1232
• docs: improve wiki by @kimdre in https://github.com/kimdre/doco-cd/pull/1233
• chore(docs): reference correct paths in publish docs action by @kimdre in https://github.com/kimdre/doco-cd/pull/1234
• ci(docs): update docs publish workflow by @kimdre in https://github.com/kimdre/doco-cd/pull/1236

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.80.1...v0.81.0

What's Changed

This release adds the ability to write environment variables for variable interpolation directly in the deployment configuration.

For example

# .doco-cd.yml
name: demo
environment:
  KEY: value

# docker-compose.yml
services:
  test:
    image: nginx:latest
    labels:
      - test=$KEY

✨ Features

• feat(deploy): add ability to define environment variables in deploy settings by @kimdre in https://github.com/kimdre/doco-cd/pull/1204

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.78.0...v0.79.0

What's Changed

• Webhooks now trigger deployments asynchronously. Adding the wait=true query paramater to the webhook url brings back the old, synchronous behaviour which keeps the request open until the deployment is finished or the request times out.

  E.g. /v1/webhook?wait=true
  See https://github.com/kimdre/doco-cd/wiki/Endpoints#query-parameters

• The API endpoints for Swarm stacks have been improved:

  • Swarm Jobs are now handled correctly.
  • Added new API endpoint to (re-)trigger jobs in Swarm stacks: /v1/api/stack/{stackName}/run

✨ Features

• feat: add wait query parameter for sync and async deployments by @kimdre in https://github.com/kimdre/doco-cd/pull/974

🌟 Improvements

• fix: handle job-mode services in service restart logic by @kimdre in https://github.com/kimdre/doco-cd/pull/973

📚 Miscellaneous

• test: make tests more dynamic by @kimdre in https://github.com/kimdre/doco-cd/pull/971

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.61.1...v0.62.0

What's Changed

This release adds support for Azure Devops repositories. Note, that the ADO-native webhooks (called Service Hooks) are not working. See the wiki for more information and a workaround using a CI pipeline.

✨ Features

• feat(git): add support for Azure DevOps by @kimdre in https://github.com/kimdre/doco-cd/pull/950

📦 Dependencies

• chore(deps): update gcr.io/distroless/base-debian13 docker digest to 8c8b7cf by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/948
• fix(deps): update module github.com/infisical/go-sdk to v0.6.8 by @renovate[bot] in https://github.com/kimdre/doco-cd/pull/949

Full Changelog: https://github.com/kimdre/doco-cd/compare/v0.59.0...v0.60.0