Summary
doco-cd pre-deploy image change detection can miss updates when a compose service uses a mutable image tag such as :dev.
Example compose service:
image: ghcr.io/example/app:dev
A new image can be pushed to the same tag, but pre-deploy may still conclude that images have not changed.
Observed behavior
With force_image_pull: true, pre-deploy can log the equivalent of:
force image pull enabled, checking for image updatesimages have not changed after pullno changes detected, skipping deployment
That is incorrect for floating tags if the pulled tag now points to a different image.
Likely cause
In internal/stages/stage_2_pre-deploy.go, pre-deploy compares image IDs before and after PullImages().
Those image IDs come from internal/docker/compose.go, where GetImages() uses compose project/container state rather than the configured compose image references themselves.
For floating tags:
- pulling
ghcr.io/...:dev updates the local tag target
- existing running containers still point to the old image until recreate
- the before/after container-derived image IDs can remain identical
- pre-deploy therefore concludes that nothing changed
Expected behavior
Pre-deploy image update detection should use a signal that reflects the configured image references, not only the images currently attached to existing project containers.
Better long-term fix
For services with image: entries:
- inspect the configured image refs before pull
- pull
- inspect the same refs after pull
- compare digests, or image IDs as fallback
That would correctly detect floating-tag updates without depending on current container state.
Reproduction outline
- Configure a stack with
force_image_pull: true.
- Use a mutable image tag like
ghcr.io/example/app:dev in compose.
- Push a new image to the same tag.
- Trigger deployment.
- Observe pre-deploy conclude that images did not change even though the tag now points to a new image.
Summary
doco-cdpre-deploy image change detection can miss updates when a compose service uses a mutable image tag such as:dev.Example compose service:
A new image can be pushed to the same tag, but pre-deploy may still conclude that images have not changed.
Observed behavior
With
force_image_pull: true, pre-deploy can log the equivalent of:force image pull enabled, checking for image updatesimages have not changed after pullno changes detected, skipping deploymentThat is incorrect for floating tags if the pulled tag now points to a different image.
Likely cause
In internal/stages/stage_2_pre-deploy.go, pre-deploy compares image IDs before and after
PullImages().Those image IDs come from internal/docker/compose.go, where
GetImages()uses compose project/container state rather than the configured compose image references themselves.For floating tags:
ghcr.io/...:devupdates the local tag targetExpected behavior
Pre-deploy image update detection should use a signal that reflects the configured image references, not only the images currently attached to existing project containers.
Better long-term fix
For services with
image:entries:That would correctly detect floating-tag updates without depending on current container state.
Reproduction outline
force_image_pull: true.ghcr.io/example/app:devin compose.