tyler.durden
/
compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,424 Commits 25 Branches 264 Tags 67 MiB
Commit Graph

4424 Commits

Author SHA1 Message Date
Guillaume Lours 034458dac7
Merge pull request #11105 from docker/dependabot/go_modules/google.golang.org/grpc-1.59.0 
build(deps): bump google.golang.org/grpc from 1.58.2 to 1.59.0
 2023-10-18 11:00:43 +02:00
dependabot[bot] ae16bbbf05
build(deps): bump google.golang.org/grpc from 1.58.2 to 1.59.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.59.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.2...v1.59.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-18 08:45:06 +00:00
Guillaume Lours eb5f01baf4
Merge pull request #11068 from docker/dependabot/go_modules/golang.org/x/sync-0.4.0 
build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0
 2023-10-18 10:44:00 +02:00
dependabot[bot] d13ad1f997 build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.3.0 to 0.4.0.
- [Commits](https://github.com/golang/sync/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-18 10:27:48 +02:00
Guillaume Lours 9b4d577c65 remove refrecence docs generation 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-10-11 14:19:56 +02:00
Guillaume Lours b30978fb40
Merge pull request #11076 from glours/remove-cucumber 
remove cucumber tests as we haven't added new ones for a while
 2023-10-10 23:16:33 +02:00
Guillaume Lours 14b43c1a93
remove cucumber tests as we haven't added new ones for a while 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-10-10 09:57:25 +02:00
Guillaume Lours 9dd081b92e add support of COMPOSE_ENV_FILES env variable to pass a list of env files 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-10-05 21:55:43 +02:00
Guillaume Lours 2c0b023273 add dry-run support for publish command 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-10-05 21:55:00 +02:00
Matthew Walowski a345515f91 Don't delete dependent services 
Signed-off-by: Matthew Walowski <mattwalowski@gmail.com>
 2023-09-29 06:43:16 +02:00
Matthew Walowski 8967df7a91 Apply platform before hashing 
Signed-off-by: Matthew Walowski <mattwalowski@gmail.com>
 2023-09-29 06:43:16 +02:00
Matthieu MOREL 4f694919ff deps: remove deprecated github.com/pkg/errors 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-09-29 06:28:58 +02:00
Matthew Walowski 6ecab95775 Include image name in error message 
Signed-off-by: Matthew Walowski <mattwalowski@gmail.com>
 2023-09-29 06:25:10 +02:00
Bjorn Neergaard 12e0ac898a pkg/compose/publish: use empty config descriptor mediaType 
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
 2023-09-29 05:27:14 +02:00
Bjorn Neergaard a6b7d78575 pkg/remote/oci: check artifactType instead of config.mediaType 
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
 2023-09-29 05:27:14 +02:00
Bjorn Neergaard 991901f2ef pkg/remote/oci: refer to the manifest as manifest 
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
 2023-09-29 05:27:14 +02:00
Guillaume Lours bd74a9260d
Merge pull request #11047 from glours/update-watch-warning-section 
update the watch warning message when no services with a develop section
 2023-09-27 23:41:53 +02:00
Guillaume Lours 2d971fc97d
update the watch warning message when no services with a develop section 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-09-27 23:28:45 +02:00
Djordje Lukic 78f3361921
ci: enable verbose output for e2e tests (#11045) 
It's easier to see that something is happening.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
 2023-09-27 16:29:54 +00:00
Nicolas De Loof 44d21280e7 truncate command by default, introduce --no-trunc flag to get the full command 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-23 06:34:26 +02:00
Guillaume Lours cd743d17ba
Merge pull request #11036 from docker/dependabot/go_modules/google.golang.org/grpc-1.58.2 
build(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2
 2023-09-22 11:23:05 +02:00
dependabot[bot] ff2ff18cdc
build(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.1 to 1.58.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.1...v1.58.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-22 09:10:26 +00:00
Guillaume Lours bd32ed1454
Merge pull request #11025 from ndeloof/SkipResolveEnvironment 
config --xx don't need `env_file` being parsed
 2023-09-21 12:28:25 +02:00
Nicolas De Loof ab81db5bdb
config --xx don't need `env_file` being parsed 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-21 10:47:38 +02:00
Guillaume Lours 52a641bf6d
Merge pull request #11021 from glours/move-watch-to-main-cmd 
move watch from alpha to main command
 2023-09-21 10:08:23 +02:00
Guillaume Lours 75f5c07d3d
Merge pull request #11023 from glours/fix-watch-e2e-test-cleanup 
remove --timeout=0 flag to cleanup function of watch e2e test
 2023-09-20 21:43:51 +02:00
Guillaume Lours 61c8be11c0 remove --timeout=0 flag to cleanup function of watch e2e test 
compose down command need the watch process to be killed to succeed

Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-09-20 21:32:03 +02:00
Guillaume Lours 6be5f3003a move watch from alpha to main command 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-09-20 18:55:08 +02:00
Guillaume Lours 421a6b0506
Merge pull request #11031 from ndeloof/TestWatch 
TestWatch to use new  `develop` section
 2023-09-20 18:54:20 +02:00
Nicolas De Loof c34c306cb9
TestWatch to use new `develop` section 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-20 18:39:32 +02:00
Nicolas De Loof 5ca35c88be implement publish 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-20 18:14:58 +02:00
Nicolas De loof 805541be9d
watch: use official `develop` section (#11026) 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-20 11:51:53 -04:00
Guillaume Lours d322ad91e8
Merge pull request #11027 from docker/dependabot/go_modules/github.com/opencontainers/image-spec-1.1.0-rc5 
build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5
 2023-09-20 12:03:40 +02:00
dependabot[bot] 8f489d6d61 build(deps): bump github.com/opencontainers/image-spec 
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc4 to 1.1.0-rc5.
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-20 11:50:03 +02:00
Guillaume Lours a214a715a0
Merge pull request #11017 from docker/dependabot/go_modules/github.com/moby/buildkit-0.12.2 
build(deps): bump github.com/moby/buildkit from 0.12.1 to 0.12.2
 2023-09-20 11:39:08 +02:00
dependabot[bot] 9ea8fbc69b build(deps): bump github.com/moby/buildkit from 0.12.1 to 0.12.2 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.12.1 to 0.12.2.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.12.1...v0.12.2)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-20 11:26:04 +02:00
Guillaume Lours 062fa75534
Merge pull request #11020 from docker/dependabot/go_modules/gotest.tools/v3-3.5.1 
build(deps): bump gotest.tools/v3 from 3.5.0 to 3.5.1
 2023-09-20 10:53:36 +02:00
dependabot[bot] 76f150e49d
build(deps): bump gotest.tools/v3 from 3.5.0 to 3.5.1 
Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/gotestyourself/gotest.tools/releases)
- [Commits](https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: gotest.tools/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-20 08:21:25 +00:00
Guillaume Lours d45d943e91
Merge pull request #11019 from docker/dependabot/go_modules/google.golang.org/grpc-1.58.1 
build(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1
 2023-09-20 10:19:32 +02:00
dependabot[bot] f447c8096f build(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.0 to 1.58.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.0...v1.58.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-20 10:05:44 +02:00
Guillaume Lours 722796ca28
Merge pull request #11016 from docker/dependabot/go_modules/github.com/containerd/containerd-1.7.6 
build(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.6
 2023-09-19 21:31:46 +02:00
dependabot[bot] 4587d4bad5
build(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.6 
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.3 to 1.7.6.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.3...v1.7.6)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-19 09:41:32 +00:00
Nicolas De Loof a697a0690a introduce pull --missing flag to only pull images not present in cache 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-15 08:41:27 +02:00
Nicolas De Loof 8af49ff369 resolve service reference into container based on observed state 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-14 15:29:50 +02:00
Nicolas De Loof f6e31dbc6a don't rely on depends_on to resolve volume_from, better use observed state 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2023-09-14 15:29:50 +02:00
Guillaume Lours e19232e8a3
Merge pull request #11000 from thaJeztah/update_golang_1.21.1 
update to go1.21.1
 2023-09-14 09:50:50 +02:00
Sebastiaan van Stijn 6d5eb6fde6
update to go1.21.1 
go1.21.1 (released 2023-09-06) includes four security fixes to the cmd/go,
crypto/tls, and html/template packages, as well as bug fixes to the compiler,
the go command, the linker, the runtime, and the context, crypto/tls,
encoding/gob, encoding/xml, go/types, net/http, os, and path/filepath packages.
See the Go 1.21.1 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.21.1+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.21.0...go1.21.1

From the security mailing:

[security] Go 1.21.1 and Go 1.20.8 are released

Hello gophers,

We have just released Go versions 1.21.1 and 1.20.8, minor point releases.

These minor releases include 4 security fixes following the security policy:

- cmd/go: go.mod toolchain directive allows arbitrary execution
  The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to
  execute scripts and binaries relative to the root of the module when the "go"
  command was executed within the module. This applies to modules downloaded using
  the "go" command from the module proxy, as well as modules downloaded directly
  using VCS software.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-39320 and Go issue https://go.dev/issue/62198.

- html/template: improper handling of HTML-like comments within script contexts
  The html/template package did not properly handle HMTL-like "<!--" and "-->"
  comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
  cause the template parser to improperly interpret the contents of <script>
  contexts, causing actions to be improperly escaped. This could be leveraged to
  perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.

- html/template: improper handling of special tags within script contexts
  The html/template package did not apply the proper rules for handling occurrences
  of "<script", "<!--", and "</script" within JS literals in <script> contexts.
  This may cause the template parser to improperly consider script contexts to be
  terminated early, causing actions to be improperly escaped. This could be
  leveraged to perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.

- crypto/tls: panic when processing post-handshake message on QUIC connections
  Processing an incomplete post-handshake message for a QUIC connection caused a panic.

  Thanks to Marten Seemann for reporting this issue.

  This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-09-14 09:29:39 +02:00
Guillaume Lours 9d7e0ad6cb correct scale error messages formatting 
Co-authored-by: Milas Bowman <devnull@milas.dev>
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-09-13 11:15:14 +02:00
Guillaume Lours 1a98a70b8a add scale command 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2023-09-13 11:15:14 +02:00
Milas Bowman 19bbb12fac
ci: tweak restricted imports in linter (#10992) 
* Eliminate direct dependency on gopkg.in/yaml.v2
* Add gopkg.in/yaml.v2 as a restricted import
* Add github.com/distribution/distribution as a restricted dependency in favor of distribution/reference which is the subset of functionality that Compose needs
* Remove an unused exclusion

NOTE: This does change the `compose config` output slightly but does NOT  change the semantics:
* YAML indentation is slightly different for lists (this is a `v2` / `v3` thing)
* JSON is now "minified" instead of pretty-printed (I think this generally desirable and more consistent with other JSON command outputs)

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
 2023-09-11 15:53:19 +00:00