Error with large docker-compose file and SOPS #536
Description
Description
Hello,
First of all, thank you for the work done on this project, which I find very interesting to use !
I've noticed an issue when using SOPS with a docker-compose file containing many services (5). It seems there’s a size limit beyond which an error related to the presence of the sops field is raised:
ERR msg=deployment failed job_id=1adbf7b4-29f0-44fe-9aeb-23a805122f24 repository=*** custom_target=*** stack=test-filesize reference=refs/heads/main error=failed to load compose config: failed to load compose project: validating /data/***/***/***/test-filesize/docker-compose.yml: additional properties 'sops' not allowed
The docker-compose file illustrates the problem. When removing the dummy environment variables, the stack deploys correctly.
I'm using the following .sops.tml file to encrypt the compose file :
creation_rules:
- age: ***
path_regex: ".*"
mac_only_encrypted: true
encrypted_regex: "^(environment|traefik\\.http\\.routers\\..*\\.rule)$"
stores:
yaml:
indent: 2I was able to fix the issue by using multiple docker-compose files.
Versions used:
local machine:
sops: 3.10.2 (latest)
os: macOS 15.5
server:
doco-cd: 0.31.1 (latest)
os: Ubuntu 24.04.2
docker: 28.3.2
Steps to reproduce the issue
1. Configure this file exemple and the webhook
2. Encrypt the compose file with sops
3. Push to deploy
4. See errorOperating System
Linux
Docker Compose File
services:
whoami1:
image: containous/whoami
environment:
FAKE_ENV_FOR_SIZE1: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi sagittis faucibus pellentesque. In euismod hendrerit varius. Duis sit amet nisi sit amet erat imperdiet venenatis at sit amet urna. Donec imperdiet consectetur fringilla. Nunc cursus tellus a arcu cursus, nec tristique ante consectetur. Etiam quis interdum lorem, sed venenatis massa. Pellentesque fringilla metus libero, ac accumsan turpis ullamcorper in. Fusce bibendum vulputate vulputate. Sed hendrerit purus ut orci facilisis hendrerit. Ut sodales tellus arcu, non facilisis mi semper quis. In porttitor laoreet ante ac bibendum. Duis a sem id ante varius tristique quis ac ipsum. Sed tincidunt, dolor euismod posuere pretium, est mi finibus leo, quis dignissim mauris felis sed elit. Sed sagittis justo nulla, in molestie ex pretium viverra.
FAKE_ENV_FOR_SIZE2: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi sagittis faucibus pellentesque. In euismod hendrerit varius. Duis sit amet nisi sit amet erat imperdiet venenatis at sit amet urna. Donec imperdiet consectetur fringilla. Nunc cursus tellus a arcu cursus, nec tristique ante consectetur. Etiam quis interdum lorem, sed venenatis massa. Pellentesque fringilla metus libero, ac accumsan turpis ullamcorper in. Fusce bibendum vulputate vulputate. Sed hendrerit purus ut orci facilisis hendrerit. Ut sodales tellus arcu, non facilisis mi semper quis. In porttitor laoreet ante ac bibendum. Duis a sem id ante varius tristique quis ac ipsum. Sed tincidunt, dolor euismod posuere pretium, est mi finibus leo, quis dignissim mauris felis sed elit. Sed sagittis justo nulla, in molestie ex pretium viverra.
FAKE_ENV_FOR_SIZE3: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi sagittis faucibus pellentesque. In euismod hendrerit varius. Duis sit amet nisi sit amet erat imperdiet venenatis at sit amet urna. Donec imperdiet consectetur fringilla. Nunc cursus tellus a arcu cursus, nec tristique ante consectetur. Etiam quis interdum lorem, sed venenatis massa. Pellentesque fringilla metus libero, ac accumsan turpis ullamcorper in. Fusce bibendum vulputate vulputate. Sed hendrerit purus ut orci facilisis hendrerit. Ut sodales tellus arcu, non facilisis mi semper quis. In porttitor laoreet ante ac bibendum. Duis a sem id ante varius tristique quis ac ipsum. Sed tincidunt, dolor euismod posuere pretium, est mi finibus leo, quis dignissim mauris felis sed elit. Sed sagittis justo nulla, in molestie ex pretium viverra.
labels:
traefik.enable: true
traefik.http.routers.whoami1.rule: Host(`whoami1.example.com`)
traefik.http.routers.whoami1.entryPoints: websecure
whoami2:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.whoami2.rule: Host(`whoami2.example.com`)
traefik.http.routers.whoami2.entryPoints: websecure
whoami3:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.whoami3.rule: Host(`whoami3.example.com`)
traefik.http.routers.whoami3.entryPoints: websecure
whoami4:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.whoami4.rule: Host(`whoami4.example.com`)
traefik.http.routers.whoami4.entryPoints: websecure
whoami5:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.whoami5.rule: Host(`whoami5.example.com`)
traefik.http.routers.whoami5.entryPoints: websecure
networks:
default:
name: traefik
external: trueDeployment Config
name: test-filesize
working_dir: test-filesizeLogs
2025-08-03T16:25:55.231036827+02:00 DBG msg=deployment configuration retrieved job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main config={"Name":"test-filesize","RepositoryUrl":"","Reference":"refs/heads/main","WorkingDirectory":"test-filesize","ComposeFiles":["compose.yaml","compose.yml","docker-compose.yml","docker-compose.yaml"],"RemoveOrphans":true,"ForceRecreate":false,"ForceImagePull":false,"Timeout":180,"BuildOpts":{"ForceImagePull":false,"Quiet":false,"Args":null,"NoCache":false},"Destroy":false,"DestroyOpts":{"RemoveVolumes":true,"RemoveImages":true,"RemoveRepoDir":true}}
2025-08-03T16:25:55.231110091+02:00 DBG msg=checking out reference refs/heads/main job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main host_path=/var/lib/docker/volumes/doco-cd_data/_data/***/***/***
2025-08-03T16:25:56.044403676+02:00 DBG msg=comparing commits job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main deployed_commit=85ecb6ac02c9836cd1582ad984e61fc2a46a008f latest_commit=01dfc28ee582ee8e4cad42c4878d86f15fc328d3
2025-08-03T16:25:56.055597698+02:00 DBG msg=changes detected in subdirectory, proceeding with deployment job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main directory=test-filesize last_commit=01dfc28ee582ee8e4cad42c4878d86f15fc328d3 deployed_commit=85ecb6ac02c9836cd1582ad984e61fc2a46a008f
2025-08-03T16:25:56.055677062+02:00 DBG msg=checking for default compose files job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main
2025-08-03T16:25:56.09176699+02:00 ERR msg=failed to load compose config job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main error=failed to load compose project: validating /data/***/***/***/test-filesize/docker-compose.yml: additional properties 'sops' not allowed compose_files={"files":["docker-compose.yml"]}
2025-08-03T16:25:56.093757451+02:00 ERR msg=deployment failed job_id=dc0332ae-d902-421d-939f-fc77534118fd repository=***/***/*** custom_target=lab stack=test-filesize reference=refs/heads/main error=failed to load compose config: failed to load compose project: validating /data/***/***/***/test-filesize/docker-compose.yml: additional properties 'sops' not allowed