Set secret/config uid:gid to match container's USER #13288
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nicolas De Loof <[email protected]>
320ad9f to
3dee52f
Compare
Signed-off-by: Nicolas De Loof <[email protected]>
3dee52f to
581674e
Compare
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
glours
approved these changes
Oct 16, 2025
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Oct 20, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [docker/compose](https://github.com/docker/compose) | patch | `v2.40.0` -> `v2.40.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>docker/compose (docker/compose)</summary> ### [`v2.40.1`](https://github.com/docker/compose/releases/tag/v2.40.1) [Compare Source](docker/compose@v2.40.0...v2.40.1) #### What's Changed ##### ✨ Improvements ##### 🐛 Fixes - Write error to watcher error channel if Start() fails by [@​Trolldemorted](https://github.com/Trolldemorted) in [#​13263](docker/compose#13263) - Fix: set PWD only if not set by [@​kianelbo](https://github.com/kianelbo) in [#​13268](docker/compose#13268) - bake only interpolates ${\*} by [@​ndeloof](https://github.com/ndeloof) in [#​13270](docker/compose#13270) - Fix: make "publish" push all compose files addressed in "extends" statements when using "profiles". by [@​ogoulpeau-ledger](https://github.com/ogoulpeau-ledger) in [#​13277](docker/compose#13277) - Support Ctrl+Z to run compose in background by [@​ndeloof](https://github.com/ndeloof) in [#​13289](docker/compose#13289) - Fix race-condition bug in publish command by [@​paul-kinexon](https://github.com/paul-kinexon) in [#​13291](docker/compose#13291) - Set secret/config uid:gid to match container's USER by [@​ndeloof](https://github.com/ndeloof) in [#​13288](docker/compose#13288) - Fix failure to delegate build with bake by [@​ndeloof](https://github.com/ndeloof) in [#​13275](docker/compose#13275) - Make CTRL+Z a no-op operation on Windows by [@​glours](https://github.com/glours) in [#​13293](docker/compose#13293) ##### 🔧 Internal - pkg/compose: align classic builder implementation with docker/cli by [@​thaJeztah](https://github.com/thaJeztah) in [#​13278](docker/compose#13278) - pkg/compose: build with bake: drop support for buildx v0.16 and lower by [@​thaJeztah](https://github.com/thaJeztah) in [#​13280](docker/compose#13280) - Use fixed version of compose bridge transformer images by [@​glours](https://github.com/glours) in [#​13284](docker/compose#13284) ##### ⚙️ Dependencies - Build(deps): bump github.com/docker/docker from 28.5.0+incompatible to 28.5.1+incompatible by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13274](docker/compose#13274) - Build(deps): bump github.com/docker/cli from 28.5.0+incompatible to 28.5.1+incompatible by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13273](docker/compose#13273) - Build(deps): bump golang.org/x/sys from 0.36.0 to 0.37.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13272](docker/compose#13272) - Build(deps): bump docker/buildx v0.29.1, moby/buildkit v0.25.1 by [@​thaJeztah](https://github.com/thaJeztah) in [#​13279](docker/compose#13279) - Bump golang to version 1.24.9 by [@​glours](https://github.com/glours) in [#​13285](docker/compose#13285) #### New Contributors - [@​Trolldemorted](https://github.com/Trolldemorted) made their first contribution in [#​13263](docker/compose#13263) - [@​ogoulpeau-ledger](https://github.com/ogoulpeau-ledger) made their first contribution in [#​13277](docker/compose#13277) - [@​paul-kinexon](https://github.com/paul-kinexon) made their first contribution in [#​13291](docker/compose#13291) **Full Changelog**: <docker/compose@v2.40.0...v2.40.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTEuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1MS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
ndeloof
added a commit
to ndeloof/compose
that referenced
this pull request
Oct 20, 2025
as we can't get container UID/GID as int by ContainerInspect revert docker#13288 Signed-off-by: Nicolas De Loof <[email protected]>
ndeloof
added a commit
to ndeloof/compose
that referenced
this pull request
Oct 20, 2025
as we can't get container UID/GID as int by ContainerInspect revert docker#13288 Signed-off-by: Nicolas De Loof <[email protected]>
ndeloof
added a commit
to ndeloof/compose
that referenced
this pull request
Oct 20, 2025
as we can't get container UID/GID as int by ContainerInspect revert docker#13288 Signed-off-by: Nicolas De Loof <[email protected]>
ndeloof
added a commit
that referenced
this pull request
Oct 20, 2025
as we can't get container UID/GID as int by ContainerInspect revert #13288 Signed-off-by: Nicolas De Loof <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What I did
if no explicit uid/gid is set for secret/config mount, use container's USER to enforce secret is accessible by container's process
Related issue
fixes #13287
(not mandatory) A picture of a cute animal, if possible in relation to what you did