feat: add Watchtower for automatic Docker image updates

- Created watch/compose.yaml with Watchtower service configuration
- Added Watchtower environment variables to arty.yml
- Enabled Watchtower monitoring for sexy_frontend container
- Configurable via environment variables (poll interval, cleanup, logging)
- Label-based updates: only containers with watchtower.enable=true

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

arty.yml

@@ -56,6 +56,15 @@ envs:
     # Proxy
     PROXY_COMPOSE_PROJECT_NAME: proxy
     PROXY_DOCKER_IMAGE: traefik:latest
+    # Watchtower
+    WATCHTOWER_POLL_INTERVAL: 300
+    WATCHTOWER_LABEL_ENABLE: true
+    WATCHTOWER_CLEANUP: true
+    WATCHTOWER_INCLUDE_STOPPED: false
+    WATCHTOWER_INCLUDE_RESTARTING: true
+    WATCHTOWER_RUN_ONCE: false
+    WATCHTOWER_LOG_LEVEL: info
+    WATCHTOWER_ROLLING_RESTART: false
 
 scripts:
   config: docker compose config

sexy/compose.yaml

@@ -86,6 +86,7 @@ services:
       - 'traefik.http.routers.${SEXY_COMPOSE_PROJECT_NAME}-frontend-web-secure.middlewares=${SEXY_COMPOSE_PROJECT_NAME}-frontend-web-secure-compress'
       - 'traefik.http.services.${SEXY_COMPOSE_PROJECT_NAME}-frontend-web-secure.loadbalancer.server.port=3000'
       - 'traefik.docker.network=${NETWORK_NAME}'
+      - 'com.centurylinklabs.watchtower.enable=true'
 
 volumes:
   directus_uploads:

watch/compose.yaml

@@ -0,0 +1,30 @@
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    container_name: watchtower
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      # Check for updates every 5 minutes (300 seconds)
+      WATCHTOWER_POLL_INTERVAL: ${WATCHTOWER_POLL_INTERVAL:-300}
+      # Only update containers with the watchtower label
+      WATCHTOWER_LABEL_ENABLE: ${WATCHTOWER_LABEL_ENABLE:-true}
+      # Clean up old images after update
+      WATCHTOWER_CLEANUP: ${WATCHTOWER_CLEANUP:-true}
+      # Include stopped containers
+      WATCHTOWER_INCLUDE_STOPPED: ${WATCHTOWER_INCLUDE_STOPPED:-false}
+      # Include restarting containers
+      WATCHTOWER_INCLUDE_RESTARTING: ${WATCHTOWER_INCLUDE_RESTARTING:-true}
+      # Run once and exit (set to false for continuous monitoring)
+      WATCHTOWER_RUN_ONCE: ${WATCHTOWER_RUN_ONCE:-false}
+      # Notifications via Shoutrrr
+      WATCHTOWER_NOTIFICATIONS: ${WATCHTOWER_NOTIFICATIONS:-}
+      WATCHTOWER_NOTIFICATION_URL: ${WATCHTOWER_NOTIFICATION_URL:-}
+      # Log level (trace, debug, info, warn, error, fatal, panic)
+      WATCHTOWER_LOG_LEVEL: ${WATCHTOWER_LOG_LEVEL:-info}
+      # Rolling restart (update one container at a time)
+      WATCHTOWER_ROLLING_RESTART: ${WATCHTOWER_ROLLING_RESTART:-false}
+    labels:
+      # Allow watchtower to update itself
+      - com.centurylinklabs.watchtower.enable=true