diff --git a/update_semaphore.yml b/update_semaphore.yml
index 32d2437..886bef3 100644
--- a/update_semaphore.yml
+++ b/update_semaphore.yml
@@ -21,18 +21,10 @@
     semaphore_project: "semaphore"
     semaphore_compose_file: "/data/compose/semaphore/docker-compose.yml"
     semaphore_service: "semaphore"
-    semaphore_image: "semaphoreui/semaphore:latest"
 
     # Docker command prefix (consistent behavior and quiet hints)
     docker_prefix: "unalias docker 2>/dev/null || true; DOCKER_CLI_HINTS=0; command docker"
 
-    # Commands to run on the target VM (quiet outputs)
-    # NOTE: This will likely kill the current Semaphore job when the container restarts.
-    semaphore_commands:
-      - "{{ docker_prefix }} pull -q {{ semaphore_image }} >/dev/null"
-      - "{{ docker_prefix }} compose -p {{ semaphore_project }} -f {{ semaphore_compose_file }} pull {{ semaphore_service }} >/dev/null"
-      - "{{ docker_prefix }} compose -p {{ semaphore_project }} -f {{ semaphore_compose_file }} up -d --no-deps --force-recreate {{ semaphore_service }} >/dev/null"
-
   tasks:
     - name: Ensure sshpass is installed (for password-based SSH)  # English comments
       ansible.builtin.apt:
@@ -40,7 +32,7 @@
         state: present
         update_cache: yes
 
-    - name: Run Semaphore update commands on VM (via SSH)  # use SSHPASS env, hide item value
+    - name: Run Semaphore self-update on VM (single compose command)  # last thing this job does
       ansible.builtin.command:
         argv:
           - sshpass
@@ -53,35 +45,22 @@
           - "{{ vm_user }}@{{ vm_ip }}"
           - bash
           - -lc
-          - "{{ ('sudo ' if use_sudo else '') + item }}"
+          - >
+            {{ ('sudo ' if use_sudo else '') }}
+            {{ docker_prefix }}
+            compose -p {{ semaphore_project }}
+            -f {{ semaphore_compose_file }}
+            up -d --no-deps --force-recreate --pull always {{ semaphore_service }} >/dev/null
       environment:
         SSHPASS: "{{ vm_pass }}"    # supply password via environment
-      loop: "{{ semaphore_commands }}"
-      loop_control:
-        index_var: idx              # capture loop index
-        label: "cmd-{{ idx }}"      # avoid printing full command in (item=...) line
-      register: semaphore_cmds
+      register: semaphore_update
       changed_when: false
-      no_log: "{{ DEBUG == 0 }}"    # hide outputs and env when not debugging
+      no_log: "{{ DEBUG == 0 }}"
 
-    - name: Show outputs for each Semaphore command
+    - name: Show result of Semaphore self-update (debug)
       ansible.builtin.debug:
         msg: |
-          CMD: {{ item.item }}
-          RC:  {{ item.rc }}
-          STDOUT:
-          {{ (item.stdout | default('')).strip() }}
-          STDERR:
-          {{ (item.stderr | default('')).strip() }}
-      loop: "{{ semaphore_cmds.results }}"
+          RC:      {{ semaphore_update.rc }}
+          STDOUT:  {{ (semaphore_update.stdout | default('')).strip() }}
+          STDERR:  {{ (semaphore_update.stderr | default('')).strip() }}
       when: DEBUG == 1
-
-    - name: Fail play if any Semaphore command failed  # also hide item label
-      ansible.builtin.assert:
-        that: "item.rc == 0"
-        fail_msg: "Semaphore update failed on VM: {{ item.item }} (rc={{ item.rc }})"
-        success_msg: "All Semaphore update commands (pull/compose) succeeded."
-      loop: "{{ semaphore_cmds.results }}"
-      loop_control:
-        index_var: idx
-        label: "cmd-{{ idx }}"