Release 1.3.0

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>

.codespellignore

@@ -0,0 +1 @@
+assertIn

.codespellrc

@@ -0,0 +1,4 @@
+[codespell]
+skip = .git,*.pdf,*.svg,requirements.txt,test-requirements.txt
+# poped - loved variable name
+ignore-words-list = poped

.coveragerc

@@ -0,0 +1,2 @@
+[run] 
+parallel=True

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = tab
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 100
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+
+[*.py]
+indent_style = space
+

.github/ISSUE_TEMPLATE/bug_report.md

@@ -13,8 +13,6 @@ A clear and concise description of what the bug is.
 Please make sure it's not a bug in podman (in that case report it to podman)
 or your understanding of docker-compose or how rootless containers work (for example, it's normal for rootless container not to be able to listen for port less than 1024 like 80)
 
-please try to reproduce the bug in latest devel branch
-
 **To Reproduce**
 Steps to reproduce the behavior:
 1. what is the content of the current working directory (ex. `docker-compose.yml`, `.env`, `Dockerfile`, ...etc.)

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,10 @@
+
+## Contributor Checklist:
+
+If this PR adds a new feature that improves compatibility with docker-compose, please add a link
+to the exact part of compose spec that the PR touches.
+
+For any user-visible change please add a release note to newsfragments directory, e.g.
+newsfragments/my_feature.feature. See newsfragments/README.md for more details.
+
+All changes require additional unit tests.

.github/workflows/codespell.yml

@@ -0,0 +1,22 @@
+---
+name: Codespell
+
+on:
+  push:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Codespell
+        uses: codespell-project/actions-codespell@v2
+        with:
+            ignore_words_file: .codespellignore

.github/workflows/pylint.yml

@@ -1,41 +0,0 @@
-name: Pylint
-
-on:
-- push
-- pull_request
-
-jobs:
-  lint-black:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Install psf/black requirements
-      run: |
-        apt-get update
-        apt-get install -y python3 python3-venv
-    - uses: psf/black@stable
-      with:
-        options: "--check --verbose"
-        version: "~= 23.3"
-
-  lint-pylint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: ["3.8", "3.9", "3.10"]
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
-      with:
-        python-version: ${{ matrix.python-version }}
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
-        pip install pylint
-    - name: Analysing the code with pylint
-      run: |
-        python -m compileall podman_compose.py
-        pylint podman_compose.py
-        # pylint $(git ls-files '*.py')

.github/workflows/pytest.yml

@@ -1,36 +0,0 @@
-# This workflow will install Python dependencies, run tests and lint with a single version of Python
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
-
-name: PyTest
-
-on:
-  push:
-    branches: [ devel ]
-  pull_request:
-    branches: [ devel ]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python 3.10
-      uses: actions/setup-python@v4
-      with:
-        python-version: "3.10"
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install flake8 pytest
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
-    - name: Lint with flake8
-      run: |
-        # stop the build if there are Python syntax errors or undefined names
-        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
-    - name: Test with pytest
-      run: |
-        python -m pytest ./pytests
-

.github/workflows/release.yml

@@ -0,0 +1,27 @@
+name: Build and Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build binary
+        run: |
+          mkdir -p release/
+          docker build -t podman-compose-bin -v "$PWD/release:/result" .
+          mv "$PWD/release/podman-compose" "$PWD/release/podman-compose-linux-x86"
+
+      - name: Upload release asset
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ./release/podman-compose-linux-x86
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/static-checks.yml

@@ -0,0 +1,25 @@
+name: Static checks
+
+on:
+- push
+- pull_request
+
+jobs:
+  static-checks:
+    runs-on: ubuntu-latest
+    container:
+      image: docker.io/library/python:3.11-bookworm
+      # cgroupns needed to address the following error:
+      # write /sys/fs/cgroup/cgroup.subtree_control: operation not supported
+      options: --privileged --cgroupns=host
+    steps:
+    - uses: actions/checkout@v4
+    - name: Analysing the code with ruff
+      run: |
+        set -e
+        pip install -r test-requirements.txt
+        ruff format --check
+        ruff check
+    - name: Analysing the code with pylint
+      run: |
+        pylint podman_compose.py

.github/workflows/test.yml

@@ -0,0 +1,40 @@
+name: Tests
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [ '3.9', '3.10', '3.11', '3.12', '3.13' ]
+
+    runs-on: ubuntu-latest
+    container:
+      image: "docker.io/library/python:${{ matrix.python-version }}-bookworm"
+      # cgroupns needed to address the following error:
+      # write /sys/fs/cgroup/cgroup.subtree_control: operation not supported
+      options: --privileged --cgroupns=host
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install dependencies
+      run: |
+        set -e
+        apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y podman
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install -r test-requirements.txt
+    - name: Run integration tests
+      run: |
+        python -m unittest discover -v tests/integration
+      env:
+        TESTS_DEBUG: 1
+    - name: Run unit tests
+      run: |
+        coverage run --source podman_compose -m unittest discover tests/unit
+    - name: Report coverage
+      run: |
+        coverage combine
+        coverage report --format=markdown | tee -a $GITHUB_STEP_SUMMARY

.gitignore

@@ -47,6 +47,8 @@ coverage.xml
 *.cover
 .hypothesis/
 .pytest_cache/
+test-compose.yaml
+test-compose-?.yaml
 
 # Translations
 *.mo
@@ -103,3 +105,6 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+
+
+.vscode

.pre-commit-config.yaml

@@ -9,6 +9,9 @@ repos:
         # https://pre-commit.com/#top_level-default_language_version
         language_version: python3.10
         types: [python]
+        args: [
+          "--check",  # Don't apply changes automatically
+        ]
   - repo: https://github.com/pycqa/flake8
     rev: 6.0.0
     hooks:
@@ -27,3 +30,7 @@ repos:
             "-sn", # Don't display the score
             "--rcfile=.pylintrc", # Link to your config file
           ]
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.2.5
+    hooks:
+    - id: codespell

CONTRIBUTING.md

@@ -1,114 +1,135 @@
 # Contributing to podman-compose
 
-## Who can contribute? 
+## Who can contribute?
 
-- Users that found a bug
-- Users that wants to propose new functionalities or enhancements
-- Users that want to help other users to troubleshoot their environments
-- Developers that want to fix bugs
-- Developers that want to implement new functionalities or enhancements
-
-## Branches
-
-Please request your PR to be merged into the `devel` branch. 
-Changes to the `stable` branch are managed by the repository maintainers.
+- Users that found a bug,
+- Users that want to propose new functionalities or enhancements,
+- Users that want to help other users to troubleshoot their environments,
+- Developers that want to fix bugs,
+- Developers that want to implement new functionalities or enhancements.
 
 ## Development environment setup
 
 Note: Some steps are OPTIONAL but all are RECOMMENDED.
 
-1. Fork the project repo and clone it
-```shell
-$ git clone https://github.com/USERNAME/podman-compose.git
-$ cd podman-compose
-```
-1. (OPTIONAL) Create a python virtual environment. Example using [virtualenv wrapper](https://virtualenvwrapper.readthedocs.io/en/latest/): 
-```shell
-mkvirtualenv podman-compose
-```
-2. Install the project runtime and development requirements   
-```shell
-$ pip install '.[devel]'
-```
-3. (OPTIONAL) Install `pre-commit` git hook scripts (https://pre-commit.com/#3-install-the-git-hook-scripts)
-```shell
-$ pre-commit install
-```
-4. Create a new branch, develop and add tests when possible
-5. Run linting & testing before commiting code. Ensure all the hooks are passing.
-```shell
-$ pre-commit run --all-files
-```
-6. Commit your code to your fork's branch. 
-   - Make sure you include a `Signed-off-by` message in your commits. Read [this guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) to learn how to sign your commits 
-   - In the commit message reference the Issue ID that your code fixes and a brief description of the changes. Example: `Fixes #516: allow empty network`
-7. Open a PR to `containers/podman-compose:devel` and wait for a maintainer to review your work.
+1. Fork the project repository and clone it:
+
+   ```shell
+   $ git clone https://github.com/USERNAME/podman-compose.git
+   $ cd podman-compose
+   ```
+
+2. (OPTIONAL) Create a Python virtual environment. Example using
+   [virtualenv wrapper](https://virtualenvwrapper.readthedocs.io/en/latest/):
+
+    ```shell
+    $ mkvirtualenv podman-compose
+    ```
+
+3. Install the project runtime and development requirements:
+
+   ```shell
+   $ pip install '.[devel]'
+   ```
+
+4. (OPTIONAL) Install `pre-commit` git hook scripts
+   (https://pre-commit.com/#3-install-the-git-hook-scripts):
+
+   ```shell
+   $ pre-commit install
+   ```
+
+5. Create a new branch, develop and add tests when possible.
+6. Run linting and testing before committing code. Ensure all the hooks are passing.
+
+   ```shell
+   $ pre-commit run --all-files
+   ```
+
+7. Run code coverage:
+
+    ```shell
+    $ coverage run --source podman_compose -m unittest discover tests/unit
+    $ python3 -m unittest discover tests/integration
+    $ coverage combine
+    $ coverage report
+    $ coverage html
+    ```
+
+8. Commit your code to your fork's branch.
+   - Make sure you include a `Signed-off-by` message in your commits.
+     Read [this guide](https://github.com/containers/common/blob/main/CONTRIBUTING.md#sign-your-prs)
+     to learn how to sign your commits.
+   - In the commit message, reference the Issue ID that your code fixes and a brief description of
+     the changes.
+     Example: `Fixes #516: Allow empty network`
+9. Open a pull request to `containers/podman-compose` and wait for a maintainer to review your work.
 
 ## Adding new commands
 
-To add a command you need to add a function that is decorated
-with `@cmd_run` passing the compose instance, command name and
-description. the wrapped function should accept two arguments
-the compose instance and the command-specific arguments (resulted
-from python's `argparse` package) inside that command you can
-run PodMan like this `compose.podman.run(['inspect', 'something'])`
-and inside that function you can access `compose.pods`
-and `compose.containers` ...etc.
-Here is an example
+To add a command, you need to add a function that is decorated with `@cmd_run`.
 
-```
+The decorated function must be declared `async` and should accept two arguments: The compose
+instance and the command-specific arguments (resulted from the Python's `argparse` package).
+
+In this function, you can run Podman (e.g. `await compose.podman.run(['inspect', 'something'])`),
+access `compose.pods`, `compose.containers` etc.
+
+Here is an example:
+
+```python
 @cmd_run(podman_compose, 'build', 'build images defined in the stack')
-def compose_build(compose, args):
-    compose.podman.run(['build', 'something'])
+async def compose_build(compose, args):
+    await compose.podman.run(['build', 'something'])
 ```
 
 ## Command arguments parsing
 
-Add a function that accept `parser` which is an instance from `argparse`.
-In side that function you can call `parser.add_argument()`.
-The function decorated with `@cmd_parse` accepting the compose instance,
-and command names (as a list or as a string).
-You can do this multiple times. 
+To add arguments to be parsed by a command, you need to add a function that is decorated with
+`@cmd_parse` which accepts the compose instance and the command's name (as a string list or as a
+single string).
 
-Here is an example
+The decorated function should accept a single argument: An instance of `argparse`.
 
-```
+In this function, you can call `parser.add_argument()` to add a new argument to the command.
+
+Note you can add such a function multiple times.
+
+Here is an example:
+
+```python
 @cmd_parse(podman_compose, 'build')
 def compose_build_parse(parser):
     parser.add_argument("--pull",
         help="attempt to pull a newer version of the image", action='store_true')
     parser.add_argument("--pull-always",
-        help="attempt to pull a newer version of the image, Raise an error even if the image is present locally.", action='store_true')
+        help="Attempt to pull a newer version of the image, "
+             "raise an error even if the image is present locally.",
+        action='store_true')
 ```
 
-NOTE: `@cmd_parse` should be after `@cmd_run`
+NOTE: `@cmd_parse` should be after `@cmd_run`.
 
-## Calling a command from inside another
+## Calling a command from another one
 
-If you need to call `podman-compose down` from inside `podman-compose up`
-do something like:
+If you need to call `podman-compose down` from `podman-compose up`, do something like:
 
-```
+```python
 @cmd_run(podman_compose, 'up', 'up desc')
-def compose_up(compose, args):
-    compose.commands['down'](compose, args)
+async def compose_up(compose, args):
+    await compose.commands['down'](compose, args)
     # or
-    compose.commands['down'](argparse.Namespace(foo=123))
+    await compose.commands['down'](argparse.Namespace(foo=123))
 ```
 
-
 ## Missing Commands (help needed)
+
 ```
   bundle             Generate a Docker bundle from the Compose file
-  config             Validate and view the Compose file
   create             Create services
   events             Receive real time events from containers
   images             List images
-  logs               View output from containers
-  port               Print the public port for a port binding
-  ps                 List containers
   rm                 Remove stopped containers
-  run                Run a one-off command
   scale              Set number of containers for a service
   top                Display the running processes
 ```

Dockerfile

@@ -0,0 +1,30 @@
+# Use a base image with necessary build tools
+FROM python:3.11-slim AS builder
+
+# Install required packages for building
+RUN apt-get update && apt-get install -y \
+    gcc \
+    musl-dev \
+    build-essential \
+    python3-dev \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the application code
+COPY . .
+
+# Install PyInstaller
+RUN pip install pyinstaller
+RUN pip install -r requirements.txt
+
+# Create a binary with PyInstaller
+RUN pyinstaller --onefile --clean podman_compose.py
+
+# Create /result dir in case it is not mounted
+RUN mkdir -p /result
+
+# Export binary
+RUN cp /app/dist/podman_compose /result/podman-compose

README.md

@@ -1,6 +1,5 @@
 # Podman Compose
-## [![Pylint Test: ](https://github.com/containers/podman-compose/actions/workflows/pylint.yml/badge.svg)](https://github.com/containers/podman-compose/actions/workflows/pylint.yml) [![Unit tests  PyTest](https://github.com/containers/podman-compose/actions/workflows/pytest.yml/badge.svg)](https://github.com/containers/podman-compose/actions/workflows/pytest.yml)
-
+## [![Tests](https://github.com/containers/podman-compose/actions/workflows/test.yml/badge.svg)](https://github.com/containers/podman-compose/actions/workflows/test.yml)
 
 An implementation of [Compose Spec](https://compose-spec.io/) with [Podman](https://podman.io/) backend.
 This project focuses on:
@@ -11,7 +10,11 @@ This project focuses on:
 This project only depends on:
 
 * `podman`
-* [podman dnsname plugin](https://github.com/containers/dnsname): It is usually found in the `podman-plugins` or `podman-dnsname` distro packages, those packages are not pulled by default and you need to install them. This allows containers to be able to resolve each other if they are on the same CNI network.
+* [podman dnsname plugin](https://github.com/containers/dnsname): It is usually found in
+  the `podman-plugins` or `podman-dnsname` distro packages, those packages are not pulled
+  by default and you need to install them. This allows containers to be able to resolve
+  each other if they are on the same CNI network. This is not necessary when podman is using
+  netavark as a network backend.
 * Python3
 * [PyYAML](https://pyyaml.org/)
 * [python-dotenv](https://pypi.org/project/python-dotenv/)
@@ -49,9 +52,11 @@ like `hostnet`. If you desire that behavior, pass it the standard way like `netw
 
 ## Installation
 
+### Pip
+
 Install the latest stable version from PyPI:
 
-```
+```bash
 pip3 install podman-compose
 ```
 
@@ -59,14 +64,39 @@ pass `--user` to install inside regular user home without being root.
 
 Or latest development version from GitHub:
 
-```
-pip3 install https://github.com/containers/podman-compose/archive/devel.tar.gz
+```bash
+pip3 install https://github.com/containers/podman-compose/archive/main.tar.gz
 ```
 
+### Homebrew
+
+```bash
+brew install podman-compose
+```
+
+### Generate binary using docker/podman locally
+This script will download the repo, generate the binary using [this Dockerfile](https://github.com/containers/podman-compose/blob/main/Dockerfile), and place the binary in the directory where you called this script.
+```bash
+sh -c "$(curl -sSL https://raw.githubusercontent.com/containers/podman-compose/main/scripts/download_and_build_podman-compose.sh)"
+```
+
+### Manual
+
+```bash
+curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/main/podman_compose.py
+chmod +x /usr/local/bin/podman-compose
+```
+
+or inside your home
+
+```bash
+curl -o ~/.local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/main/podman_compose.py
+chmod +x ~/.local/bin/podman-compose
+```
 
 or install from Fedora (starting from f31) repositories:
 
-```
+```bash
 sudo dnf install podman-compose
 ```
 
@@ -75,10 +105,9 @@ sudo dnf install podman-compose
 We have included fully functional sample stacks inside `examples/` directory.
 You can get more examples from [awesome-compose](https://github.com/docker/awesome-compose).
 
-
 A quick example would be
 
-```
+```bash
 cd examples/busybox
 podman-compose --help
 podman-compose up --help
@@ -103,11 +132,11 @@ There is also AWX 17.1.0
 Inside `tests/` directory we have many useless docker-compose stacks
 that are meant to test as many cases as we can to make sure we are compatible
 
-### Unit tests with pytest
-run a pytest with following command
+### Unit tests with unittest
+run a unittest with following command
 
 ```shell
-python -m pytest pytests
+python3 -m unittest discover tests/unit
 ```
 
 # Contributing guide

RELEASING.md

@@ -0,0 +1,47 @@
+Creating a release
+==================
+
+This file contains instructions for maintainers on how to release new versions of podman-compose.
+
+Step 1: Initialize variables for subsequent steps
+-------------------------------------------------
+
+```
+export VERSION=1.2.3
+```
+
+Step 2: Release notes PR
+------------------------
+
+Open a new branch (e.g. `release`) and run the following:
+
+```
+./scripts/make_release_notes.sh $VERSION
+```
+
+This collects the release notes using the `towncrier` tool and then commits the result.
+This step is done as a PR so that CI can check for spelling errors and similar issues.
+
+Certain file names are not properly supported by the `towncrier` tool and it ignores them.
+Check `newsfragments` directory for any forgotten release notes
+
+Step 3: Merge the release notes PR
+----------------------------------
+
+Step 4: Perform actual release
+------------------------------
+
+Pull the merge commit created on the `main` branch during the step 2.
+Then run:
+
+```
+./scripts/make_release.sh
+```
+
+This will create release commit, tag and push everything.
+
+Step 5: Create a release on Github
+----------------------------------
+
+The release notes must be added manually by drafting a release on the GitHub UI at
+https://github.com/containers/podman-compose/releases.

docs/Changelog-1.1.0.md

@@ -0,0 +1,33 @@
+Version v1.1.0 (2024-04-17)
+===========================
+
+Bug fixes
+---------
+
+- Fixed support for values with equals sign in `-e` argument of `run` and `exec` commands.
+- Fixed duplicate arguments being emitted in `stop` and `restart` commands.
+- Removed extraneous debug output. `--verbose` flag has been added to preserve verbose output.
+- Links aliases are now added to service aliases.
+- Fixed image build process to use defined environmental variables.
+- Empty list is now allowed to be `COMMAND` and `ENTRYPOINT`.
+- Environment files are now resolved relative to current working directory.
+- Exit code of container build is now preserved as return code of `build` command.
+
+New features
+------------
+
+- Added support for `uidmap`, `gidmap`, `http_proxy` and `runtime` service configuration keys.
+- Added support for `enable_ipv6` network configuration key.
+- Added `--parallel` option to support parallel pulling and building of images.
+- Implemented support for maps in `sysctls` container configuration key.
+- Implemented `stats` command.
+- Added `--no-normalize` flag to `config` command.
+- Added support for `include` global configuration key.
+- Added support for `build` command.
+- Added support to start containers with multiple networks.
+- Added support for `profile` argument.
+- Added support for starting podman in existing network namespace.
+- Added IPAM driver support. 
+- Added support for file secrets being passed to `podman build` via `--secret` argument.
+- Added support for multiple networks with separately specified IP and MAC address.
+- Added support for `service.build.ulimits` when building image.

docs/Changelog-1.2.0.md

@@ -0,0 +1,40 @@
+Version v1.2.0 (2024-06-26)
+===========================
+
+Bug fixes
+---------
+
+- Fixed handling of `--in-pod` argument. Previously it was hard to provide false value to it.
+- podman-compose no longer creates pods when registering systemd unit.
+- Fixed warning `RuntimeWarning: coroutine 'create_pods' was never awaited`
+- Fixed error when setting up IPAM network with default driver.
+- Fixed support for having list and dictionary `depends_on` sections in related compose files.
+- Fixed logging of failed build message.
+- Fixed support for multiple entries in `include` section.
+- Fixed environment variable precedence order.
+
+Changes
+-------
+
+- `x-podman` dictionary in container root has been migrated to `x-podman.*` fields in container root.
+
+New features
+------------
+
+- Added support for `--publish` in `podman-compose run`.
+- Added support for Podman external root filesystem management (`--rootfs` option).
+- Added support for `podman-compose images` command.
+- Added support for `env_file` being configured via dictionaries.
+- Added support for enabling GPU access.
+- Added support for selinux in verbose mount specification.
+- Added support for `additional_contexts` section.
+- Added support for multi-line environment files.
+- Added support for passing contents of `podman-compose.yml` via stdin.
+- Added support for specifying the value for `--in-pod` setting in `podman-compose.yml` file.
+- Added support for environmental secrets.
+
+Documentation
+-------------
+
+- Added instructions on how to install podman-compose on Homebrew.
+- Added explanation that netavark is an alternative to dnsname plugin

docs/Changelog-1.3.0.md

@@ -0,0 +1,38 @@
+Version 1.3.0 (2025-01-07)
+==========================
+
+Bug fixes
+---------
+
+- Fixed support for de-facto alternative `Dockerfile` names (e.g. `Containerfile`)
+- Fixed a bug that caused attempts to create already existing pods multiple times.
+- Fixed compatibility with docker-compose in how symlinks to docker-compose.yml are handled.
+- Fixed freeze caused by too long log lines without a newline.
+- Fixed support for `network_mode: none`.
+- Improved error detection by rejecting service definitions that contain both `network_mode` and
+  `networks` keys, which is not allowed.
+
+
+Features
+--------
+
+- Added support for build labels.
+- Added support for "platform" property in the build command.
+- Added support for "ssh" property in the build command.
+- Added support for cache_from and cache_to fields in build section.
+- Added support for honoring the condition in the depends_on section of the service, if stated.
+- Added `x-podman.no_hosts` setting to pass `--no-hosts` to podman run
+- Added support for compatibility with docker compose for default network behavior when no network
+  defined in service. This is controlled via `default_net_behavior_compat` feature flag.
+- Added a way to get compatibility of default network names with docker compose.
+  This is selected by setting `default_net_name_compat: true` on `x-podman` global dictionary.
+- Added support for the `device_cgroup_rules` property in services.
+- Added support for removing networks in `podman-compose down`.
+- Added support for network scoped service aliases.
+- Added support for network level `mac_address` attribute.
+- Added ability to substitute variables with the environment of the service.
+
+Misc
+----
+
+- Declared compatibility with Python 3.13.

docs/Extensions.md

@@ -0,0 +1,156 @@
+# Podman specific extensions to the docker-compose format
+
+Podman-compose supports the following extension to the docker-compose format. These extensions
+are generally specified under fields with "x-podman" prefix in the compose file.
+
+## Container management
+
+The following extension keys are available under container configuration:
+
+* `x-podman.uidmaps` - Run the container in a new user namespace using the supplied UID mapping.
+
+* `x-podman.gidmaps` - Run the container in a new user namespace using the supplied GID mapping.
+
+* `x-podman.rootfs` - Run the container without requiring any image management; the rootfs of the
+container is assumed to be managed externally.
+
+* `x-podman.no_hosts` - Run the container without creating /etc/hosts file
+
+For example, the following docker-compose.yml allows running a podman container with externally managed rootfs.
+```yml
+version: "3"
+services:
+    my_service:
+        command: ["/bin/busybox"]
+        x-podman.rootfs: "/path/to/rootfs"
+```
+
+For explanations of these extensions, please refer to the [Podman Documentation](https://docs.podman.io/).
+
+
+## Per-network MAC-addresses
+
+Generic docker-compose files support specification of the MAC address on the container level. If the
+container has multiple network interfaces, the specified MAC address is applied to the first
+specified network.
+
+Podman-compose in addition supports the specification of MAC addresses on a per-network basis. This
+is done by adding a `x-podman.mac_address` key to the network configuration in the container. The
+value of the `x-podman.mac_address` key is the MAC address to be used for the network interface.
+
+Note that the [compose spec](https://github.com/compose-spec/compose-spec/blob/main/05-services.md#mac_address)
+now supports `mac_address` on the network level, so we recommend using
+the standard `mac_address` key for setting the MAC address. The
+`x-podman.mac_address` is still supported for backwards compatibility.
+
+
+Specifying a MAC address for the container and for individual networks at the same time is not
+supported.
+
+Example:
+
+```yaml
+---
+version: "3"
+
+networks:
+  net0:
+    driver: "bridge"
+    ipam:
+      config:
+        - subnet: "192.168.0.0/24"
+  net1:
+    driver: "bridge"
+    ipam:
+      config:
+        - subnet: "192.168.1.0/24"
+
+services:
+  webserver
+    image: "busybox"
+    command: ["/bin/busybox", "httpd", "-f", "-h", "/etc", "-p", "8001"]
+    networks:
+      net0:
+        ipv4_address: "192.168.0.10"
+        x-podman.mac_address: "02:aa:aa:aa:aa:aa"
+      net1:
+        ipv4_address: "192.168.1.10"
+        mac_address: "02:bb:bb:bb:bb:bb" # mac_address is supported
+```
+
+## Podman-specific network modes
+
+Generic docker-compose supports the following values for `network-mode` for a container:
+
+- `bridge`
+- `host`
+- `none`
+- `service`
+- `container`
+
+In addition, podman-compose supports the following podman-specific values for `network-mode`:
+
+- `slirp4netns[:<options>,...]`
+- `ns:<options>`
+- `pasta[:<options>,...]`
+- `private`
+
+The options to the network modes are passed to the `--network` option of the `podman create` command
+as-is.
+
+
+## Compatibility of default network names between docker-compose and podman-compose
+
+Current versions of podman-compose may produce different default external network names than
+docker-compose under certain conditions. Specifically, docker-compose removes dashes (`-` character)
+from project name.
+
+To enable compatibility between docker-compose and podman-compose, specify
+`default_net_name_compat: true` under global `x-podman` key:
+
+```
+x-podman:
+    default_net_name_compat: true
+```
+
+By default `default_net_name_compat` is `false`. This will change to `true` at some point and the
+setting will be removed.
+
+## Compatibility of default network behavior between docker-compose and podman-compose
+
+When there is no network defined (neither network-mode nor networks) in service,
+The behavior of default network in docker-compose and podman-compose are different.
+
+| Top-level networks             | podman-compose             | docker-compose |
+| ------------------------------ | -------------------------- | -------------- |
+| No networks                    | default                    | default        |
+| One network named net0         | net0                       | default        |
+| Two networks named net0, net1  | podman(`--network=bridge`) | default        |
+| Contains network named default | default                    | default        |
+
+To enable compatibility between docker-compose and podman-compose, specify
+`default_net_behavior_compat: true` under global `x-podman` key:
+
+```yaml
+x-podman:
+    default_net_behavior_compat: true
+```
+
+## Custom pods management
+
+Podman-compose can have containers in pods. This can be controlled by extension key x-podman in_pod.
+It allows providing custom value for --in-pod and is especially relevant when --userns has to be set.
+
+For example, the following docker-compose.yml allows using userns_mode by overriding the default
+value of --in-pod (unless it was specifically provided by "--in-pod=True" in command line interface).
+```yml
+version: "3"
+services:
+    cont:
+        image: nopush/podman-compose-test
+        userns_mode: keep-id:uid=1000
+        command: ["dumb-init", "/bin/busybox", "httpd", "-f", "-p", "8080"]
+
+x-podman:
+    in_pod: false
+```

examples/awx17/roles/local_docker/tasks/set_image.yml

@@ -1,7 +1,7 @@
 ---
 - name: Manage AWX Container Images
   block:
-    - name: Export Docker awx image if it isnt local and there isnt a registry defined
+    - name: Export Docker awx image if it isn't local and there isn't a registry defined
       docker_image:
         name: "{{ awx_image }}"
         tag: "{{ awx_version }}"

examples/hello-python/Dockerfile

@@ -7,6 +7,6 @@ RUN pip install --no-cache-dir -r requirements.txt
 
 COPY . .
 
-CMD [ "python", "-m", "App.web" ]
+CMD [ "python", "-m", "app.web" ]
 EXPOSE 8080
 

examples/hello-python/app/web.py

@@ -1,5 +1,7 @@
+# pylint: disable=import-error
+# pylint: disable=unused-import
+import asyncio  # noqa: F401
 import os
-import asyncio
 
 import aioredis
 from aiohttp import web
@@ -14,13 +16,13 @@ routes = web.RouteTableDef()
 
 
 @routes.get("/")
-async def hello(request):
+async def hello(request):  # pylint: disable=unused-argument
     counter = await redis.incr("mycounter")
     return web.Response(text=f"counter={counter}")
 
 
 @routes.get("/hello.json")
-async def hello_json(request):
+async def hello_json(request):  # pylint: disable=unused-argument
     counter = await redis.incr("mycounter")
     data = {"counter": counter}
     return web.json_response(data)

examples/nvidia-smi/docker-compose.yaml

@@ -0,0 +1,11 @@
+services:
+  test:
+    image: nvidia/cuda:12.3.1-base-ubuntu20.04
+    command: nvidia-smi
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]

newsfragments/README.txt

@@ -0,0 +1,13 @@
+This is the directory for news fragments used by towncrier: https://github.com/hawkowl/towncrier
+
+You create a news fragment in this directory when you make a change, and the file gets removed from
+this directory when the news is published.
+
+towncrier has a few standard types of news fragments, signified by the file extension. These are:
+
+.feature: Signifying a new feature.
+.bugfix: Signifying a bug fix.
+.doc: Signifying a documentation improvement.
+.removal: Signifying a deprecation or removal of public API.
+.change: Signifying a change of behavior
+.misc: Miscellaneous change

pyproject.toml

@@ -0,0 +1,55 @@
+[tool.ruff]
+line-length = 100
+target-version = "py38"
+
+[tool.ruff.lint]
+select = ["W", "E", "F", "I"]
+ignore = [
+]
+
+[tool.ruff.lint.isort]
+force-single-line = true
+
+[tool.ruff.format]
+preview = true # needed for quote-style
+quote-style = "preserve"
+
+[tool.towncrier]
+    package = "podman_compose"
+    package_dir = "master"
+    directory = "newsfragments"
+    filename = "docs/Changelog-new.md"
+    template = "scripts/Changelog-template.jinja"
+    title_format = "Version {version} ({project_date})"
+    [[tool.towncrier.section]]
+        path = ""
+
+    [[tool.towncrier.type]]
+        directory = "feature"
+        name = "Features"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "change"
+        name = "Changes"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "bugfix"
+        name = "Bug fixes"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "doc"
+        name = "Improved Documentation"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "removal"
+        name = "Deprecations and Removals"
+        showcontent = true
+
+    [[tool.towncrier.type]]
+        directory = "misc"
+        name = "Misc"
+        showcontent = true

pytests/test_volumes.py

@@ -1,20 +0,0 @@
-import pytest
-
-from podman_compose import parse_short_mount
-
-
-@pytest.fixture
-def multi_propagation_mount_str():
-    return "/foo/bar:/baz:U,Z"
-
-
-def test_parse_short_mount_multi_propagation(multi_propagation_mount_str):
-    expected = {
-        "type": "bind",
-        "source": "/foo/bar",
-        "target": "/baz",
-        "bind": {
-            "propagation": "U,Z",
-        },
-    }
-    assert parse_short_mount(multi_propagation_mount_str, "/") == expected

scripts/Changelog-template.jinja

@@ -0,0 +1,33 @@
+{% for section, _ in sections|dictsort(by='key') %}
+{% set underline = "-" %}
+{% if section %}
+{{section}}
+{{ underline * section|length }}{% set underline = "~" %}
+
+{% endif %}
+{% if sections[section] %}
+{% for category, val in definitions|dictsort if category in sections[section]%}
+
+{{ definitions[category]['name'] }}
+{{ underline * definitions[category]['name']|length }}
+
+{% for text, values in sections[section][category]|dictsort(by='value') %}
+- {{ text }}
+{% endfor %}
+
+{% if sections[section][category]|length == 0 %}
+
+No significant changes.
+
+
+{% else %}
+{% endif %}
+{% endfor %}
+{% else %}
+
+No significant changes.
+
+
+{% endif %}
+{% endfor %}
+(venv) p12@exec-desktop:~/cod

scripts/download_and_build_podman-compose.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Delete repository dir
+rm -rf podman-compose-src
+
+# Clone repository
+git clone https://github.com/containers/podman-compose podman-compose-src
+
+# Generate binary
+sh podman-compose-src/scripts/generate_binary_using_dockerfile.sh
+
+# Move binary outside repo's dir
+mv podman-compose-src/podman-compose .
+
+# Delete repository dir
+rm -rf podman-compose-src

scripts/generate_binary_using_dockerfile.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# Find an available container tool (docker or podman)
+find_container_tool() {
+    if command -v docker > /dev/null 2>&1; then
+        echo "sudo docker"
+    elif command -v podman > /dev/null 2>&1; then
+        echo "podman"
+    else
+        echo "Error: Neither docker nor podman is available." >&2
+        exit 1
+    fi
+}
+
+# Determine which container tool to use
+CONTAINER_TOOL=$(find_container_tool)
+
+# Locate the directory containing dockerfile (root)
+PROJECT_ROOT_DIR="$(cd "$(dirname "$0")" && pwd)/.."
+
+# Check SELinux status and set appropriate mount option
+check_selinux() {
+    if command -v getenforce > /dev/null 2>&1; then
+        SELINUX_STATUS=$(getenforce)
+        if [ "$SELINUX_STATUS" = "Enforcing" ] || [ "$SELINUX_STATUS" = "Permissive" ]; then
+            echo ":z"
+        else
+            echo ""
+        fi
+    elif [ -f /sys/fs/selinux/enforce ]; then
+        if [ "$(cat /sys/fs/selinux/enforce)" = "1" ]; then
+            echo ":z"
+        else
+            echo ""
+        fi
+    else
+        echo ""
+    fi
+}
+
+# Get the SELinux option for volume mounts if SELinux is enforcing or permissive
+SELINUX=$(check_selinux)
+
+# Build binary
+$CONTAINER_TOOL image rm build-podman-compose
+
+if expr "$CONTAINER_TOOL" : '.*docker.*' >/dev/null; then
+    $CONTAINER_TOOL build -t build-podman-compose "$PROJECT_ROOT_DIR"
+    $CONTAINER_TOOL run --name build-podman-compose build-podman-compose
+    $CONTAINER_TOOL cp build-podman-compose:/result/podman-compose "$PROJECT_ROOT_DIR/podman-compose"
+    $CONTAINER_TOOL container stop build-podman-compose
+    $CONTAINER_TOOL container rm -f build-podman-compose
+else
+    $CONTAINER_TOOL build -v "$PROJECT_ROOT_DIR:/result$SELINUX" -t build-podman-compose "$PROJECT_ROOT_DIR"
+fi
+$CONTAINER_TOOL image rm python:3.11-slim
+$CONTAINER_TOOL image rm build-podman-compose

scripts/make_release.sh

@@ -1,6 +1,18 @@
-#!/usr/bin/env bash
-./scripts/uninstall.sh
-./scripts/clean_up.sh
-python3 setup.py register
-python3 setup.py sdist bdist_wheel
-twine upload dist/*
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 1 ]; then
+    echo "Usage: make_release.sh VERSION"
+    exit 1
+fi
+
+VERSION=$1
+
+sed "s/__version__ = .*/__version__ = \"$VERSION\"/g" -i podman_compose.py
+git add podman_compose.py
+git commit -m "Release $VERSION"
+
+git tag "v$VERSION" -m "v$VERSION" -s
+
+git push ssh://github.com/containers/podman-compose main "v$VERSION"

scripts/make_release_notes.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 1 ]; then
+    echo "Usage: make_release_notes.sh VERSION"
+    exit 1
+fi
+
+VERSION=$1
+towncrier build --version "$VERSION" --yes
+git mv "docs/Changelog-new.md" "docs/Changelog-$VERSION.md"
+git add "newsfragments/"
+git commit -m "Release notes for $VERSION"

scripts/make_release_upload.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+./scripts/uninstall.sh
+./scripts/clean_up.sh
+python3 setup.py register
+python3 setup.py sdist bdist_wheel
+twine upload dist/*

setup.cfg

@@ -3,3 +3,7 @@ universal = 1
 
 [metadata]
 version = attr: podman_compose.__version__
+
+[flake8]
+# The GitHub editor is 127 chars wide
+max-line-length=127

setup.py

@@ -1,25 +1,27 @@
+# SPDX-License-Identifier: GPL-2.0
+
 import os
+
 from setuptools import setup
 
 try:
-    readme = open(os.path.join(os.path.dirname(__file__), "README.md")).read()
-except:
-    readme = ""
+    README = open(os.path.join(os.path.dirname(__file__), "README.md"), encoding="utf-8").read()
+except:  # noqa: E722 # pylint: disable=bare-except
+    README = ""
 
 setup(
     name="podman-compose",
     description="A script to run docker-compose.yml using podman",
-    long_description=readme,
+    long_description=README,
     long_description_content_type="text/markdown",
     classifiers=[
         "Programming Language :: Python",
         "Programming Language :: Python :: 3",
-        "Programming Language :: Python :: 3.5",
-        "Programming Language :: Python :: 3.6",
-        "Programming Language :: Python :: 3.7",
-        "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
         "Programming Language :: Python :: 3.10",
+        "Programming Language :: Python :: 3.11",
+        "Programming Language :: Python :: 3.12",
+        "Programming Language :: Python :: 3.13",
         "Intended Audience :: Developers",
         "Operating System :: OS Independent",
         "Development Status :: 3 - Alpha",
@@ -38,19 +40,10 @@ setup(
         "pyyaml",
         "python-dotenv",
     ],
-    extras_require={
-        "devel": [
-            "flake8",
-            "black",
-            "pylint",
-            "pre-commit",
-        ]
-    }
+    extras_require={"devel": ["ruff", "pre-commit", "coverage", "parameterized"]},
     # test_suite='tests',
     # tests_require=[
     #     'coverage',
-    #     'pytest-cov',
-    #     'pytest',
     #     'tox',
     # ]
 )

test-requirements.txt

@@ -1,9 +1,34 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
+-e .
+coverage==7.4.3
+parameterized==0.9.0
+pytest==8.0.2
+tox==4.13.0
+ruff==0.3.1
+pylint==3.1.0
 
-coverage
-pytest-cov
-pytest
-tox
-black
+# The packages below are transitive dependencies of the packages above and are included here
+# to make testing reproducible.
+# To refresh, create a new virtualenv and do:
+#  pip install -r requirements.txt -r test-requirements.txt
+#  pip freeze > test-requirements.txt
+# and edit test-requirements.txt to add this comment
+
+astroid==3.1.0
+cachetools==5.3.3
+chardet==5.2.0
+colorama==0.4.6
+dill==0.3.8
+distlib==0.3.8
+filelock==3.13.1
+iniconfig==2.0.0
+isort==5.13.2
+mccabe==0.7.0
+packaging==23.2
+platformdirs==4.2.0
+pluggy==1.4.0
+pyproject-api==1.6.1
+python-dotenv==1.0.1
+PyYAML==6.0.1
+requests
+tomlkit==0.12.4
+virtualenv==20.25.1

tests/build/README.md

@@ -1,25 +0,0 @@
-# Test podman-compose with build
-
-```
-podman-compose build
-podman-compose up -d
-curl http://localhost:8080/index.txt
-curl http://localhost:8000/index.txt
-podman inspect my-busybox-httpd2 
-podman-compose down
-```
-
-expected output would be something like
-
-```
-2019-09-03T15:16:38+0000
-ALT buildno=2 port 8000 2019-09-03T15:16:38+0000
-{
-...
-}
-```
-
-as you can see we were able to override buildno to be 2 instead of 1,
-and httpd_port to 8000.
-
-NOTE: build labels are not passed to `podman build`

tests/deps/README.md

@@ -1,4 +0,0 @@
-
-```
-podman-compose run --rm sleep /bin/sh -c 'wget -O - http://localhost:8000/hosts'
-```

tests/deps/docker-compose.yaml

@@ -1,24 +0,0 @@
-version: "3.7"
-services:
-    web:
-      image: busybox
-      command: ["/bin/busybox", "httpd", "-f", "-h", "/etc/", "-p", "8000"]
-      tmpfs:
-        - /run
-        - /tmp
-    sleep:
-      image: busybox
-      command: ["/bin/busybox", "sh", "-c", "sleep 3600"]
-      depends_on: "web"
-      tmpfs:
-        - /run
-        - /tmp
-    sleep2:
-      image: busybox
-      command: ["/bin/busybox", "sh", "-c", "sleep 3600"]
-      depends_on:
-      - sleep
-      tmpfs:
-        - /run
-        - /tmp
-

tests/env-tests/README.md

@@ -1,5 +0,0 @@
-running the following command should give myval2
-
-```
-podman_compose run -l monkey -e ZZVAR1=myval2 env-test
-```

tests/exit-from/README.md

@@ -1,15 +0,0 @@
-We have service named sh1 that exits with code 1 and sh2 that exists with code 2
-
-```
-podman-compose up --exit-code-from=sh1
-echo $?
-```
-
-the above should give 1.
-
-```
-podman-compose up --exit-code-from=sh2
-echo $?
-```
-
-the above should give 2.

tests/exit-from/docker-compose.yaml

@@ -1,21 +0,0 @@
-version: "3"
-services:
-    too_long:
-      image: busybox
-      command: ["/bin/busybox", "sh", "-c", "sleep 3600; exit 0"]
-      tmpfs:
-        - /run
-        - /tmp
-    sh1:
-      image: busybox
-      command: ["/bin/busybox", "sh", "-c", "sleep 5; exit 1"]
-      tmpfs:
-        - /run
-        - /tmp
-    sh2:
-      image: busybox
-      command: ["/bin/busybox", "sh", "-c", "sleep 5; exit 2"]
-      tmpfs:
-        - /run
-        - /tmp
-

tests/extends_w_file_subdir/sub/docker/example/Dockerfile

@@ -1 +0,0 @@
-FROM busybox as base

tests/integration/__init__.py

@@ -0,0 +1,12 @@
+import os
+import subprocess
+
+
+def create_base_test_image():
+    subprocess.check_call(
+        ['podman', 'build', '-t', 'nopush/podman-compose-test', '.'],
+        cwd=os.path.join(os.path.dirname(__file__), "base_image"),
+    )
+
+
+create_base_test_image()

tests/integration/additional_contexts/README.md

@@ -0,0 +1,14 @@
+# Test podman-compose with build.additional_contexts
+
+```
+podman-compose build
+podman-compose up
+podman-compose down
+```
+
+expected output would be
+
+```
+[dict] | Data for dict
+[list] | Data for list
+```

tests/integration/additional_contexts/data_for_dict/data.txt

@@ -0,0 +1 @@
+Data for dict

tests/integration/additional_contexts/data_for_list/data.txt

@@ -0,0 +1 @@
+Data for list

tests/integration/additional_contexts/project/Dockerfile

@@ -0,0 +1,3 @@
+FROM busybox
+COPY --from=data data.txt /data/data.txt
+CMD ["busybox", "cat", "/data/data.txt"]

tests/integration/additional_contexts/project/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3.7"
+services:
+  dict:
+    build:
+      context: .
+      additional_contexts:
+        data: ../data_for_dict
+  list:
+    build:
+      context: .
+      additional_contexts:
+        - data=../data_for_list

tests/integration/base_image/Dockerfile

@@ -0,0 +1,6 @@
+FROM docker.io/library/debian:bookworm-slim
+RUN apt-get update \
+    && apt-get install -y \
+        dumb-init \
+        busybox \
+        wget

tests/integration/build_fail/context/Dockerfile

@@ -0,0 +1,3 @@
+FROM busybox
+RUN this_command_does_not_exist
+CMD ["sh"]

tests/integration/build_fail/docker-compose.yml

@@ -0,0 +1,5 @@
+version: "3"
+services:
+    test:
+      build: ./context
+      image: build-fail-img

tests/integration/build_labels/context/Dockerfile

@@ -0,0 +1 @@
+FROM busybox

tests/integration/build_labels/docker-compose.yml

@@ -0,0 +1,22 @@
+version: "3"
+services:
+  test_build_labels_map:
+    build:
+      context: ./context
+      dockerfile: Dockerfile
+      labels:
+        com.example.description: "Accounting webapp"
+        com.example.department: "Finance"
+        com.example.label-with-empty-value: ""
+    image: my-busybox-build-labels-map
+    command: env
+  test_build_labels_array:
+    build:
+      context: ./context
+      dockerfile: Dockerfile
+      labels:
+        - "com.example.description=Accounting webapp"
+        - "com.example.department=Finance"
+        - "com.example.label-with-empty-value"
+    image: my-busybox-build-labels-array
+    command: env

tests/integration/build_labels/test_build_labels.py

@@ -0,0 +1,60 @@
+# SPDX-License-Identifier: GPL-2.0
+
+
+import json
+import os
+import unittest
+
+from tests.integration.test_podman_compose import podman_compose_path
+from tests.integration.test_podman_compose import test_path
+from tests.integration.test_utils import RunSubprocessMixin
+
+
+class TestBuildLabels(unittest.TestCase, RunSubprocessMixin):
+    def test_build_labels(self):
+        """The build context can contain labels which should be added to the resulting image. They
+        can be either an array or a map.
+        """
+
+        compose_path = os.path.join(test_path(), "build_labels/docker-compose.yml")
+
+        try:
+            self.run_subprocess_assert_returncode([
+                podman_compose_path(),
+                "-f",
+                compose_path,
+                "build",
+                "test_build_labels_map",
+                "test_build_labels_array",
+            ])
+
+            expected_labels = {
+                "com.example.department": "Finance",
+                "com.example.description": "Accounting webapp",
+                "com.example.label-with-empty-value": "",
+            }
+
+            out, _ = self.run_subprocess_assert_returncode([
+                "podman",
+                "inspect",
+                "my-busybox-build-labels-map",
+                "my-busybox-build-labels-array",
+            ])
+
+            images = json.loads(out)
+            self.assertEqual(len(images), 2)
+            labels_map = images[0].get("Config", {}).get("Labels", {})
+            labels_array = images[1].get("Config", {}).get("Labels", {})
+            for k, v in expected_labels.items():
+                self.assertIn(k, labels_map)
+                self.assertEqual(labels_map[k], v)
+                self.assertIn(k, labels_array)
+                self.assertEqual(labels_array[k], v)
+
+        finally:
+            self.run_subprocess_assert_returncode([
+                "podman",
+                "rmi",
+                "my-busybox-build-labels-map",
+                "my-busybox-build-labels-array",
+            ])

tests/integration/build_secrets/Dockerfile

@@ -0,0 +1,9 @@
+FROM busybox
+
+RUN --mount=type=secret,required=true,id=build_secret \
+    ls -l /run/secrets/ && cat /run/secrets/build_secret
+
+RUN --mount=type=secret,required=true,id=build_secret,target=/tmp/secret \
+    ls -l /run/secrets/ /tmp/ && cat /tmp/secret
+
+CMD [ 'echo', 'nothing here' ]

tests/integration/build_secrets/docker-compose.yaml

@@ -0,0 +1,22 @@
+version: "3.8"
+
+services:
+  test:
+    image: test
+    secrets:
+      - run_secret                  # implicitly mount to /run/secrets/run_secret
+      - source: run_secret
+        target: /tmp/run_secret2    # explicit mount point
+
+    build:
+      context: .
+      secrets:
+        - build_secret              # can be mounted in Dockerfile with "RUN --mount=type=secret,id=build_secret"
+        - source: build_secret
+          target: build_secret2     # rename to build_secret2
+
+secrets:
+  build_secret:
+    file: ./my_secret
+  run_secret:
+    file: ./my_secret

tests/integration/build_secrets/docker-compose.yaml.invalid

@@ -0,0 +1,18 @@
+version: "3.8"
+
+services:
+  test:
+    image: test
+    build:
+      context: .
+      secrets:
+        # invalid target argument
+        #
+        # According to https://github.com/compose-spec/compose-spec/blob/master/build.md, target is
+        # supposed to be the "name of a *file* to be mounted in /run/secrets/". Not a path.
+        - source: build_secret
+          target: /build_secret
+
+secrets:
+  build_secret:
+    file: ./my_secret

tests/integration/build_ssh/context/Dockerfile

@@ -0,0 +1,16 @@
+# Base image
+FROM alpine:latest
+
+# Install OpenSSH client
+RUN apk add openssh
+
+# Test the SSH agents during the build
+
+RUN echo -n "default: " >> /result.log 
+RUN --mount=type=ssh ssh-add -L >> /result.log
+
+RUN echo -n "id1: " >> /result.log 
+RUN --mount=type=ssh,id=id1 ssh-add -L >> /result.log
+
+RUN echo -n "id2: " >> /result.log 
+RUN --mount=type=ssh,id=id2 ssh-add -L >> /result.log

tests/integration/build_ssh/docker-compose.yml

@@ -0,0 +1,26 @@
+version: "3"
+services:
+  test_build_ssh_map:
+    build:
+      context: ./context
+      dockerfile: Dockerfile
+      ssh:
+        default:
+        id1: "./id_ed25519_dummy"
+        id2: "./agent_dummy.sock"
+    image: my-alpine-build-ssh-map
+    command:
+      - cat
+      - /result.log
+  test_build_ssh_array:
+    build:
+      context: ./context
+      dockerfile: Dockerfile
+      ssh:
+        - default
+        - "id1=./id_ed25519_dummy"
+        - "id2=./agent_dummy.sock"
+    image: my-alpine-build-ssh-array
+    command:
+      - cat
+      - /result.log

tests/integration/build_ssh/id_ed25519_dummy

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBWELzfWvraCAeo0rOM2OxTGqWZx7fNBCglK/1oS8FLpgAAAJhzHuERcx7h
+EQAAAAtzc2gtZWQyNTUxOQAAACBWELzfWvraCAeo0rOM2OxTGqWZx7fNBCglK/1oS8FLpg
+AAAEAEIrYvY3jJ2IvAnUa5jIrVe8UG+7G7PzWzZqqBQykZllYQvN9a+toIB6jSs4zY7FMa
+pZnHt80EKCUr/WhLwUumAAAADnJpbmdvQGJuZHRib3gyAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----

tests/integration/build_ssh/test_build_ssh.py

@@ -0,0 +1,246 @@
+# SPDX-License-Identifier: GPL-2.0
+
+import os
+import socket
+import struct
+import threading
+import unittest
+
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+
+from tests.integration.test_podman_compose import podman_compose_path
+from tests.integration.test_podman_compose import test_path
+from tests.integration.test_utils import RunSubprocessMixin
+
+expected_lines = [
+    "default: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYQvN9a+toIB6jSs4zY7FMapZnHt80EKCUr/WhLwUum",
+    "id1: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYQvN9a+toIB6jSs4zY7FMapZnHt80EKCUr/WhLwUum",
+    "id2: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYQvN9a+toIB6jSs4zY7FMapZnHt80EKCUr/WhLwUum",
+]
+
+
+class TestBuildSsh(unittest.TestCase, RunSubprocessMixin):
+    def test_build_ssh(self):
+        """The build context can contain the ssh authentications that the image builder should
+        use during image build. They can be either an array or a map.
+        """
+
+        compose_path = os.path.join(test_path(), "build_ssh/docker-compose.yml")
+        sock_path = os.path.join(test_path(), "build_ssh/agent_dummy.sock")
+        private_key_file = os.path.join(test_path(), "build_ssh/id_ed25519_dummy")
+
+        agent = MockSSHAgent(private_key_file)
+
+        try:
+            # Set SSH_AUTH_SOCK because `default` expects it
+            os.environ['SSH_AUTH_SOCK'] = sock_path
+
+            # Start a mock SSH agent server
+            agent.start_agent(sock_path)
+
+            self.run_subprocess_assert_returncode([
+                podman_compose_path(),
+                "-f",
+                compose_path,
+                "build",
+                "test_build_ssh_map",
+                "test_build_ssh_array",
+            ])
+
+            for test_image in [
+                "test_build_ssh_map",
+                "test_build_ssh_array",
+            ]:
+                out, _ = self.run_subprocess_assert_returncode([
+                    podman_compose_path(),
+                    "-f",
+                    compose_path,
+                    "run",
+                    "--rm",
+                    test_image,
+                ])
+
+                out = out.decode('utf-8')
+
+                # Check if all lines are contained in the output
+                self.assertTrue(
+                    all(line in out for line in expected_lines),
+                    f"Incorrect output for image {test_image}",
+                )
+
+        finally:
+            # Now we send the stop command to gracefully shut down the server
+            agent.stop_agent()
+
+            if os.path.exists(sock_path):
+                os.remove(sock_path)
+
+            self.run_subprocess_assert_returncode([
+                "podman",
+                "rmi",
+                "my-alpine-build-ssh-map",
+                "my-alpine-build-ssh-array",
+            ])
+
+
+# SSH agent message types
+SSH_AGENTC_REQUEST_IDENTITIES = 11
+SSH_AGENT_IDENTITIES_ANSWER = 12
+SSH_AGENT_FAILURE = 5
+STOP_REQUEST = 0xFF
+
+
+class MockSSHAgent:
+    def __init__(self, private_key_path):
+        self.sock_path = None
+        self.server_sock = None
+        self.running = threading.Event()
+        self.keys = [self._load_ed25519_private_key(private_key_path)]
+        self.agent_thread = None  # Thread to run the agent
+
+    def _load_ed25519_private_key(self, private_key_path):
+        """Load ED25519 private key from an OpenSSH private key file."""
+        with open(private_key_path, 'rb') as key_file:
+            private_key = serialization.load_ssh_private_key(key_file.read(), password=None)
+
+        # Ensure it's an Ed25519 key
+        if not isinstance(private_key, Ed25519PrivateKey):
+            raise ValueError("Invalid key type, expected ED25519 private key.")
+
+        # Get the public key corresponding to the private key
+        public_key = private_key.public_key()
+
+        # Serialize the public key to the OpenSSH format
+        public_key_blob = public_key.public_bytes(
+            encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw
+        )
+
+        # SSH key type "ssh-ed25519"
+        key_type = b"ssh-ed25519"
+
+        # Build the key blob (public key part for the agent)
+        key_blob_full = (
+            struct.pack(">I", len(key_type))
+            + key_type  # Key type length + type
+            + struct.pack(">I", len(public_key_blob))
+            + public_key_blob  # Public key length + key blob
+        )
+
+        # Comment (empty)
+        comment = ""
+
+        return ("ssh-ed25519", key_blob_full, comment)
+
+    def start_agent(self, sock_path):
+        """Start the mock SSH agent and create a Unix domain socket."""
+        self.sock_path = sock_path
+        if os.path.exists(self.sock_path):
+            os.remove(self.sock_path)
+
+        self.server_sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+        self.server_sock.bind(self.sock_path)
+        self.server_sock.listen(5)
+
+        os.environ['SSH_AUTH_SOCK'] = self.sock_path
+
+        self.running.set()  # Set the running event
+
+        # Start a thread to accept client connections
+        self.agent_thread = threading.Thread(target=self._accept_connections, daemon=True)
+        self.agent_thread.start()
+
+    def _accept_connections(self):
+        """Accept and handle incoming connections."""
+        while self.running.is_set():
+            try:
+                client_sock, _ = self.server_sock.accept()
+                self._handle_client(client_sock)
+            except Exception as e:
+                print(f"Error accepting connection: {e}")
+
+    def _handle_client(self, client_sock):
+        """Handle a single client request (like ssh-add)."""
+        try:
+            # Read the message length (first 4 bytes)
+            length_message = client_sock.recv(4)
+            if not length_message:
+                raise "no length message received"
+
+            msg_len = struct.unpack(">I", length_message)[0]
+
+            request_message = client_sock.recv(msg_len)
+
+            # Check for STOP_REQUEST
+            if request_message[0] == STOP_REQUEST:
+                client_sock.close()
+                self.running.clear()  # Stop accepting connections
+                return
+
+            # Check for SSH_AGENTC_REQUEST_IDENTITIES
+            if request_message[0] == SSH_AGENTC_REQUEST_IDENTITIES:
+                response = self._mock_list_keys_response()
+                client_sock.sendall(response)
+            else:
+                print("Message not recognized")
+                # Send failure if the message type is not recognized
+                response = struct.pack(">I", 1) + struct.pack(">B", SSH_AGENT_FAILURE)
+                client_sock.sendall(response)
+
+        except socket.error:
+            print("Client socket error.")
+            pass  # You can handle specific errors here if needed
+        finally:
+            client_sock.close()  # Ensure the client socket is closed
+
+    def _mock_list_keys_response(self):
+        """Create a mock response for ssh-add -l, listing keys."""
+
+        # Start building the response
+        response = struct.pack(">B", SSH_AGENT_IDENTITIES_ANSWER)  # Message type
+
+        # Number of keys
+        response += struct.pack(">I", len(self.keys))
+
+        # For each key, append key blob and comment
+        for key_type, key_blob, comment in self.keys:
+            # Key blob length and content
+            response += struct.pack(">I", len(key_blob)) + key_blob
+
+            # Comment length and content
+            comment_encoded = comment.encode()
+            response += struct.pack(">I", len(comment_encoded)) + comment_encoded
+
+        # Prefix the entire response with the total message length
+        response = struct.pack(">I", len(response)) + response
+
+        return response
+
+    def stop_agent(self):
+        """Stop the mock SSH agent."""
+        if self.running.is_set():  # First check if the agent is running
+            # Create a temporary connection to send the stop command
+            with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as client_sock:
+                client_sock.connect(self.sock_path)  # Connect to the server
+
+                stop_command = struct.pack(
+                    ">B", STOP_REQUEST
+                )  # Pack the stop command as a single byte
+
+                # Send the message length first
+                message_length = struct.pack(">I", len(stop_command))
+                client_sock.sendall(message_length)  # Send the length first
+
+                client_sock.sendall(stop_command)  # Send the stop command
+
+            self.running.clear()  # Stop accepting new connections
+
+            # Wait for the agent thread to finish
+            if self.agent_thread:
+                self.agent_thread.join()  # Wait for the thread to finish
+                self.agent_thread = None  # Reset thread reference
+
+            # Remove the socket file only after the server socket is closed
+            if self.server_sock:  # Check if the server socket exists
+                self.server_sock.close()  # Close the server socket
+                os.remove(self.sock_path)

tests/integration/default_net_behavior/docker-compose_no_nets.yaml

@@ -0,0 +1,4 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/

tests/integration/default_net_behavior/docker-compose_no_nets_compat.yaml

@@ -0,0 +1,7 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+x-podman:
+  default_net_behavior_compat: true

tests/integration/default_net_behavior/docker-compose_one_net.yaml

@@ -0,0 +1,7 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+networks:
+  net0: {}

tests/integration/default_net_behavior/docker-compose_one_net_compat.yaml

@@ -0,0 +1,10 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+networks:
+  net0: {}
+
+x-podman:
+  default_net_behavior_compat: true

tests/integration/default_net_behavior/docker-compose_two_nets.yaml

@@ -0,0 +1,8 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+networks:
+  net0: {}
+  net1: {}

tests/integration/default_net_behavior/docker-compose_two_nets_compat.yaml

@@ -0,0 +1,11 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+networks:
+  net0: {}
+  net1: {}
+
+x-podman:
+  default_net_behavior_compat: true

tests/integration/default_net_behavior/docker-compose_with_default.yaml

@@ -0,0 +1,9 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+networks:
+  net0: {}
+  net1: {}
+  default: {}

tests/integration/default_net_behavior/docker-compose_with_default_compat.yaml

@@ -0,0 +1,12 @@
+services:
+  web:
+    image: busybox
+    command: httpd -f -p 8123 -h /tmp/
+
+networks:
+  net0: {}
+  net1: {}
+  default: {}
+
+x-podman:
+  default_net_behavior_compat: true

tests/integration/deps/docker-compose-conditional-fails.yaml

@@ -0,0 +1,22 @@
+version: "3.7"
+services:
+  web:
+    image: nopush/podman-compose-test
+    command: ["dumb-init", "/bin/busybox", "httpd", "-f", "-h", "/etc/", "-p", "8000"]
+    tmpfs:
+      - /run
+      - /tmp
+    healthcheck:
+      test: ["CMD", "/bin/false"]
+      interval: 10s # Time between health checks
+      timeout: 1s # Time to wait for a response
+      retries: 1 # Number of consecutive failures before marking as unhealthy
+  sleep:
+    image: nopush/podman-compose-test
+    command: ["dumb-init", "/bin/busybox", "sh", "-c", "sleep 3600"]
+    depends_on:
+      web:
+        condition: service_healthy
+    tmpfs:
+      - /run
+      - /tmp

tests/integration/deps/docker-compose-conditional-succeeds.yaml

@@ -0,0 +1,22 @@
+version: "3.7"
+services:
+  web:
+    image: nopush/podman-compose-test
+    command: ["dumb-init", "/bin/busybox", "httpd", "-f", "-h", "/etc/", "-p", "8000"]
+    tmpfs:
+      - /run
+      - /tmp
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost:8000/hosts"]
+      interval: 30s # Time between health checks
+      timeout: 5s # Time to wait for a response
+      retries: 3 # Number of consecutive failures before marking as unhealthy
+  sleep:
+    image: nopush/podman-compose-test
+    command: ["dumb-init", "/bin/busybox", "sh", "-c", "sleep 3600"]
+    depends_on:
+      web:
+        condition: service_healthy
+    tmpfs:
+      - /run
+      - /tmp

tests/integration/deps/docker-compose.yaml

@@ -0,0 +1,25 @@
+version: "3.7"
+services:
+    web:
+      image: nopush/podman-compose-test
+      command: ["dumb-init", "/bin/busybox", "httpd", "-f", "-h", "/etc/", "-p", "8000"]
+      tmpfs:
+        - /run
+        - /tmp
+    sleep:
+      image: nopush/podman-compose-test
+      command: ["dumb-init", "/bin/busybox", "sh", "-c", "sleep 3600"]
+      depends_on:
+        - "web"
+      tmpfs:
+        - /run
+        - /tmp
+    sleep2:
+      image: nopush/podman-compose-test
+      command: ["dumb-init", "/bin/busybox", "sh", "-c", "sleep 3600"]
+      depends_on:
+      - sleep
+      tmpfs:
+        - /run
+        - /tmp
+

tests/integration/env-file-tests/.env

@@ -0,0 +1,2 @@
+ZZVAR1='This value is overwritten by env-file-tests/.env'
+ZZVAR3='This value is loaded from env-file-tests/.env'

tests/integration/env-file-tests/.gitignore

@@ -0,0 +1,4 @@
+# This overrides the repository root .gitignore (ignoring all .env).
+# The .env files in this directory are important for the test cases.
+!.env
+!project/.env

tests/integration/env-file-tests/env-files/project-1.env

@@ -0,0 +1,3 @@
+ZZVAR1=podman-rocks-123
+ZZVAR2=podman-rocks-124
+ZZVAR3=podman-rocks-125

tests/integration/env-file-tests/env-files/project-2.env

@@ -0,0 +1,2 @@
+ZZVAR1=podman-rocks-223
+ZZVAR2=podman-rocks-224

tests/integration/env-file-tests/project/.env

@@ -0,0 +1,2 @@
+ZZVAR1='This value is loaded but should be overwritten'
+ZZVAR2='This value is loaded from .env in project/ directory'

tests/integration/env-file-tests/project/container-compose.env-file-flat.yaml

@@ -0,0 +1,9 @@
+services:
+  app:
+    image: busybox
+    command: ["/bin/busybox", "sh", "-c", "env | grep ZZ"]
+    tmpfs:
+      - /run
+      - /tmp
+    env_file:
+      - ../env-files/project-1.env

tests/integration/env-file-tests/project/container-compose.env-file-obj-optional-exists.yaml

@@ -0,0 +1,11 @@
+services:
+  app:
+    image: busybox
+    command: ["/bin/busybox", "sh", "-c", "env | grep ZZ"]
+    tmpfs:
+      - /run
+      - /tmp
+    env_file:
+      - path: ../env-files/project-1.env
+      - path: ../env-files/project-2.env # this file exists
+        required: false

tests/integration/env-file-tests/project/container-compose.env-file-obj-optional-missing.yaml

@@ -0,0 +1,11 @@
+services:
+  app:
+    image: busybox
+    command: ["/bin/busybox", "sh", "-c", "env | grep ZZ"]
+    tmpfs:
+      - /run
+      - /tmp
+    env_file:
+      - path: ../env-files/project-1.env
+      - path: ../env-files/project-3.env # this file is missing
+        required: false

tests/integration/env-file-tests/project/container-compose.env-file-obj.yaml

@@ -0,0 +1,9 @@
+services:
+  app:
+    image: busybox
+    command: ["/bin/busybox", "sh", "-c", "env | grep ZZ"]
+    tmpfs:
+      - /run
+      - /tmp
+    env_file:
+      - path: ../env-files/project-1.env

tests/integration/env-file-tests/project/container-compose.load-.env-in-project.yaml

@@ -0,0 +1,11 @@
+services:
+  app:
+    image: busybox
+    command: ["/bin/busybox", "sh", "-c", "env | grep ZZ"]
+    tmpfs:
+      - /run
+      - /tmp
+    environment:
+      ZZVAR1: $ZZVAR1
+      ZZVAR2: $ZZVAR2
+      ZZVAR3: $ZZVAR3

tests/integration/env-file-tests/project/container-compose.yaml

@@ -0,0 +1,9 @@
+services:
+  app:
+    image: busybox
+    command: ["/bin/busybox", "sh", "-c", "env | grep ZZ"]
+    tmpfs:
+      - /run
+      - /tmp
+    environment:
+      ZZVAR1: $ZZVAR1

tests/integration/env-tests/container-compose.yml

@@ -1,9 +1,10 @@
-version: '3'
+version: "3"
 
 services:
   env-test:
     image: busybox
     command: sh -c "export | grep ZZ"
     environment:
-    - ZZVAR1=myval1
-
+      ZZVAR1: myval1
+      ZZVAR2: 2-$ZZVAR1
+      ZZVAR3: 3-$ZZVAR2

tests/integration/exit-from/docker-compose.yaml

@@ -0,0 +1,15 @@
+version: "3"
+services:
+    sh1:
+      image: nopush/podman-compose-test
+      command: ["dumb-init", "/bin/busybox", "sh", "-c", "sleep 1; exit 1"]
+      tmpfs:
+        - /run
+        - /tmp
+    sh2:
+      image: nopush/podman-compose-test
+      command: ["dumb-init", "/bin/busybox", "sh", "-c", "sleep 1; exit 2"]
+      tmpfs:
+        - /run
+        - /tmp
+

tests/integration/extends_w_empty_service/common-services.yml

@@ -0,0 +1,7 @@
+services:
+  webapp_default:
+
+  webapp_special:
+    image: nopush/podman-compose-test
+    volumes:
+      - "/data"

tests/integration/extends_w_empty_service/docker-compose.yml

@@ -0,0 +1,10 @@
+version: "3"
+services:
+  web:
+    image: nopush/podman-compose-test
+    extends:
+      file: common-services.yml
+      service: webapp_default
+    environment:
+      - DEBUG=1
+    cpu_shares: 5

tests/integration/extends_w_file/Dockerfile

@@ -0,0 +1 @@
+FROM nopush/podman-compose-test as base