composevalidate checks that all images referenced in a Docker Compose file have images for a given platform and expected architecture.
Using this as a step in a PR workflow can catch issues where something like Renovate might try to update you to a new upstream image that is missing an architecture.
Retrieving the manifests is done using regctl and the docker image for this tool is based on the regctl docker image, which includes authentication helpers for AWS and GCP.
-
Populate a Docker Compose yaml file with services that reference images.
services: service-name-does-not-matter: image: "rabbitmq:3.4"
The example above references an amd64-only image. It will pass if run with the defaults (
--platform linux/amd64,--architecture amd64) but it will fail if you specify--platform linux/arm64 --architecture arm64. -
If any registry authentication configuration is required, you'll need to mount it in to the composevalidate docker image.
The path for a docker config file is
/home/appuser/.docker/config.jsonand the path for a regctl config is/home/appuser/.regctl/config.json. -
Run composesync as a container in a CICD workflow.
docker run -i --rm \ --volume $HOME/.config/gcloud:/home/appuser/.config/gcloud:ro \ --volume `pwd`/compose.yaml:/compose.yaml:ro \ ghcr.io/retailnext/composevalidate \ --platform linux/arm64 \ --architecture arm64 \ /compose.yaml
We use this internally. It may receive some publicly-visible maintenance, but it is not a priority for us.
Contributions considered, but be aware that this is mostly just something we needed. It's public because there's no reason anyone else should have to waste an afternoon (or more) building something similar, and we think the approach is good enough that others would benefit from adopting.
This project is licensed under the Apache License, Version 2.0.
Please include a Signed-off-by in all commits, per
Developer Certificate of Origin version 1.1.