1package dockercompose
2
3import "list"
4
5// Compose Specification
6//
7// The Compose file is a YAML file defining a multi-containers
8// based application.
9#Schema: {
10 @jsonschema(schema="http://json-schema.org/draft-07/schema#")
11 @jsonschema(id="https://raw.githubusercontent.com/compose-spec/compose-spec/HEAD/schema/compose_spec.json")
12 close({
13 // declared for backward compatibility, ignored. Please remove it.
14 "version"?: string
15
16 // define the Compose project name, until user defines one
17 // explicitly.
18 "name"?: string
19
20 // compose sub-projects to be included.
21 "include"?: [...#include]
22
23 // The services that will be used by your application.
24 "services"?: close({
25 {[=~"^[a-zA-Z0-9._-]+$"]: #service}
26 })
27
28 // Language models that will be used by your application.
29 "models"?: {
30 {[=~"^[a-zA-Z0-9._-]+$"]: #model}
31 ...
32 }
33
34 // Networks that are shared among multiple services.
35 "networks"?: {
36 {[=~"^[a-zA-Z0-9._-]+$"]: #network}
37 ...
38 }
39
40 // Named volumes that are shared among multiple services.
41 "volumes"?: close({
42 {[=~"^[a-zA-Z0-9._-]+$"]: #volume}
43 })
44
45 // Secrets that are shared among multiple services.
46 "secrets"?: close({
47 {[=~"^[a-zA-Z0-9._-]+$"]: #secret}
48 })
49
50 // Configurations that are shared among multiple services.
51 "configs"?: close({
52 {[=~"^[a-zA-Z0-9._-]+$"]: #config}
53 })
54
55 {[=~"^x-" & !~"^(version|name|include|services|models|networks|volumes|secrets|configs)$"]: _}
56 })
57
58 // Block IO limit for a specific device.
59 #blkio_limit: close({
60 // Path to the device (e.g., '/dev/sda').
61 "path"?: string
62
63 // Rate limit in bytes per second or IO operations per second.
64 "rate"?: int | string
65 })
66
67 // Block IO weight for a specific device.
68 #blkio_weight: close({
69 // Path to the device (e.g., '/dev/sda').
70 "path"?: string
71
72 // Relative weight for the device, between 10 and 1000.
73 "weight"?: int | string
74 })
75
76 // Command to run in the container, which can be specified as a
77 // string (shell form) or array (exec form).
78 #command: matchN(1, [null, string, [...string]])
79
80 // Config configuration for the Compose application.
81 #config: close({
82 // Custom name for this config.
83 "name"?: string
84
85 // Inline content of the config.
86 "content"?: string
87
88 // Name of an environment variable from which to get the config
89 // value.
90 "environment"?: string
91
92 // Path to a file containing the config value.
93 "file"?: string
94
95 // Specifies that this config already exists and was created
96 // outside of Compose.
97 "external"?: bool | string | {
98 // Specifies the name of the external config. Deprecated: use the
99 // 'name' property instead.
100 "name"?: string
101 ...
102 }
103 "labels"?: #list_or_dict
104
105 // Driver to use for templating the config's value.
106 "template_driver"?: string
107
108 {[=~"^x-" & !~"^(name|content|environment|file|external|labels|template_driver)$"]: _}
109 })
110
111 // Deployment configuration for the service.
112 #deployment: null | close({
113 // Deployment mode for the service: 'replicated' (default) or
114 // 'global'.
115 "mode"?: string
116
117 // Endpoint mode for the service: 'vip' (default) or 'dnsrr'.
118 "endpoint_mode"?: string
119
120 // Number of replicas of the service container to run.
121 "replicas"?: int | string
122 "labels"?: #list_or_dict
123
124 // Configuration for rolling back a service update.
125 "rollback_config"?: close({
126 // The number of containers to rollback at a time. If set to 0,
127 // all containers rollback simultaneously.
128 "parallelism"?: int | string
129
130 // The time to wait between each container group's rollback (e.g.,
131 // '1s', '1m30s').
132 "delay"?: string
133
134 // Action to take if a rollback fails: 'continue', 'pause'.
135 "failure_action"?: string
136
137 // Duration to monitor each task for failures after it is created
138 // (e.g., '1s', '1m30s').
139 "monitor"?: string
140
141 // Failure rate to tolerate during a rollback.
142 "max_failure_ratio"?: number | string
143
144 // Order of operations during rollbacks: 'stop-first' (default) or
145 // 'start-first'.
146 "order"?: "start-first" | "stop-first"
147
148 {[=~"^x-" & !~"^(parallelism|delay|failure_action|monitor|max_failure_ratio|order)$"]: _}
149 })
150
151 // Configuration for updating a service.
152 "update_config"?: close({
153 // The number of containers to update at a time.
154 "parallelism"?: int | string
155
156 // The time to wait between updating a group of containers (e.g.,
157 // '1s', '1m30s').
158 "delay"?: string
159
160 // Action to take if an update fails: 'continue', 'pause',
161 // 'rollback'.
162 "failure_action"?: string
163
164 // Duration to monitor each updated task for failures after it is
165 // created (e.g., '1s', '1m30s').
166 "monitor"?: string
167
168 // Failure rate to tolerate during an update (0 to 1).
169 "max_failure_ratio"?: number | string
170
171 // Order of operations during updates: 'stop-first' (default) or
172 // 'start-first'.
173 "order"?: "start-first" | "stop-first"
174
175 {[=~"^x-" & !~"^(parallelism|delay|failure_action|monitor|max_failure_ratio|order)$"]: _}
176 })
177
178 // Resource constraints and reservations for the service.
179 "resources"?: close({
180 // Resource limits for the service containers.
181 "limits"?: close({
182 // Limit for how much of the available CPU resources, as number of
183 // cores, a container can use.
184 "cpus"?: number | string
185
186 // Limit on the amount of memory a container can allocate (e.g.,
187 // '1g', '1024m').
188 "memory"?: string
189
190 // Maximum number of PIDs available to the container.
191 "pids"?: int | string
192
193 {[=~"^x-" & !~"^(cpus|memory|pids)$"]: _}
194 })
195
196 // Resource reservations for the service containers.
197 "reservations"?: close({
198 // Reservation for how much of the available CPU resources, as
199 // number of cores, a container can use.
200 "cpus"?: number | string
201
202 // Reservation on the amount of memory a container can allocate
203 // (e.g., '1g', '1024m').
204 "memory"?: string
205 "generic_resources"?: #generic_resources
206 "devices"?: #devices
207
208 {[=~"^x-" & !~"^(cpus|memory|generic_resources|devices)$"]: _}
209 })
210
211 {[=~"^x-" & !~"^(limits|reservations)$"]: _}
212 })
213
214 // Restart policy for the service containers.
215 "restart_policy"?: close({
216 // Condition for restarting the container: 'none', 'on-failure',
217 // 'any'.
218 "condition"?: string
219
220 // Delay between restart attempts (e.g., '1s', '1m30s').
221 "delay"?: string
222
223 // Maximum number of restart attempts before giving up.
224 "max_attempts"?: int | string
225
226 // Time window used to evaluate the restart policy (e.g., '1s',
227 // '1m30s').
228 "window"?: string
229
230 {[=~"^x-" & !~"^(condition|delay|max_attempts|window)$"]: _}
231 })
232
233 // Constraints and preferences for the platform to select a
234 // physical node to run service containers
235 "placement"?: close({
236 // Placement constraints for the service (e.g.,
237 // 'node.role==manager').
238 "constraints"?: [...string]
239
240 // Placement preferences for the service.
241 "preferences"?: [...close({
242 // Spread tasks evenly across values of the specified node label.
243 "spread"?: string
244
245 {[=~"^x-" & !~"^(spread)$"]: _}
246 })]
247
248 // Maximum number of replicas of the service.
249 "max_replicas_per_node"?: int | string
250
251 {[=~"^x-" & !~"^(constraints|preferences|max_replicas_per_node)$"]: _}
252 })
253
254 {[=~"^x-" & !~"^(mode|endpoint_mode|replicas|labels|rollback_config|update_config|resources|restart_policy|placement)$"]: _}
255 })
256
257 // Development configuration for the service, used for development
258 // workflows.
259 #development: null | close({
260 // Configure watch mode for the service, which monitors file
261 // changes and performs actions in response.
262 "watch"?: [...close({
263 "ignore"?: #string_or_list
264 "include"?: #string_or_list
265
266 // Path to watch for changes.
267 "path"!: string
268
269 // Action to take when a change is detected: rebuild the
270 // container, sync files, restart the container, sync and
271 // restart, or sync and execute a command.
272 "action"!: "rebuild" | "sync" | "restart" | "sync+restart" | "sync+exec"
273
274 // Target path in the container for sync operations.
275 "target"?: string
276 "exec"?: #service_hook
277
278 // Ensure that an initial synchronization is done before starting
279 // watch mode for sync+x triggers
280 "initial_sync"?: bool
281
282 {[=~"^x-" & !~"^(ignore|include|path|action|target|exec|initial_sync)$"]: _}
283 })]
284
285 {[=~"^x-" & !~"^(watch)$"]: _}
286 })
287
288 // Device reservations for containers, allowing services to access
289 // specific hardware devices.
290 #devices: [...close({
291 "capabilities"!: #list_of_strings
292
293 // Number of devices of this type to reserve.
294 "count"?: int | string
295 "device_ids"?: #list_of_strings
296
297 // Device driver to use (e.g., 'nvidia').
298 "driver"?: string
299 "options"?: #list_or_dict
300
301 {[=~"^x-" & !~"^(capabilities|count|device_ids|driver|options)$"]: _}
302 })]
303
304 #env_file: matchN(1, [string, [...matchN(1, [string, close({
305 // Path to the environment file.
306 "path"!: string
307
308 // Format attribute lets you to use an alternative file formats
309 // for env_file. When not set, env_file is parsed according to
310 // Compose rules.
311 "format"?: string
312
313 // Whether the file is required. If true and the file doesn't
314 // exist, an error will be raised.
315 "required"?: bool | string
316 })])]])
317
318 // Additional hostnames to be defined in the container's
319 // /etc/hosts file.
320 #extra_hosts: matchN(1, [close({
321 {[=~".+"]: matchN(1, [string, [...string]])}
322 }), list.UniqueItems() & [...string]])
323
324 // User-defined resources for services, allowing services to
325 // reserve specialized hardware resources.
326 #generic_resources: [...close({
327 // Specification for discrete (countable) resources.
328 "discrete_resource_spec"?: close({
329 // Type of resource (e.g., 'GPU', 'FPGA', 'SSD').
330 "kind"?: string
331
332 // Number of resources of this kind to reserve.
333 "value"?: number | string
334
335 {[=~"^x-" & !~"^(kind|value)$"]: _}
336 })
337
338 {[=~"^x-" & !~"^(discrete_resource_spec)$"]: _}
339 })]
340
341 #gpus: matchN(1, ["all", [...{
342 "capabilities"?: #list_of_strings
343
344 // Number of GPUs to use.
345 "count"?: int | string
346 "device_ids"?: #list_of_strings
347
348 // GPU driver to use (e.g., 'nvidia').
349 "driver"?: string
350 "options"?: #list_or_dict
351 ...
352 }]])
353
354 // Configuration options to determine whether the container is
355 // healthy.
356 #healthcheck: close({
357 // Disable any container-specified healthcheck. Set to true to
358 // disable.
359 "disable"?: bool | string
360
361 // Time between running the check (e.g., '1s', '1m30s'). Default:
362 // 30s.
363 "interval"?: string
364
365 // Number of consecutive failures needed to consider the container
366 // as unhealthy. Default: 3.
367 "retries"?: number | string
368
369 // The test to perform to check container health. Can be a string
370 // or a list. The first item is either NONE, CMD, or CMD-SHELL.
371 // If it's CMD, the rest of the command is exec'd. If it's
372 // CMD-SHELL, the rest is run in the shell.
373 "test"?: matchN(1, [string, [...string]])
374
375 // Maximum time to allow one check to run (e.g., '1s', '1m30s').
376 // Default: 30s.
377 "timeout"?: string
378
379 // Start period for the container to initialize before starting
380 // health-retries countdown (e.g., '1s', '1m30s'). Default: 0s.
381 "start_period"?: string
382
383 // Time between running the check during the start period (e.g.,
384 // '1s', '1m30s'). Default: interval value.
385 "start_interval"?: string
386
387 {[=~"^x-" & !~"^(disable|interval|retries|test|timeout|start_period|start_interval)$"]: _}
388 })
389
390 // Compose application or sub-projects to be included.
391 #include: matchN(1, [string, close({
392 "path"?: #string_or_list
393 "env_file"?: #string_or_list
394
395 // Path to resolve relative paths set in the Compose file
396 "project_directory"?: string
397 })])
398
399 #label_file: matchN(1, [string, [...string]])
400
401 // A list of unique string values.
402 #list_of_strings: list.UniqueItems() & [...string]
403
404 // Either a dictionary mapping keys to values, or a list of
405 // strings.
406 #list_or_dict: matchN(1, [close({
407 {[=~".+"]: null | bool | number | string}
408 }), list.UniqueItems() & [...string]])
409
410 // Language Model for the Compose application.
411 #model: close({
412 // Custom name for this model.
413 "name"?: string
414
415 // Language Model to run.
416 "model"!: string
417 "context_size"?: int
418
419 // Raw runtime flags to pass to the inference engine.
420 "runtime_flags"?: [...string]
421
422 {[=~"^x-" & !~"^(name|model|context_size|runtime_flags)$"]: _}
423 })
424
425 // Network configuration for the Compose application.
426 #network: null | close({
427 // Custom name for this network.
428 "name"?: string
429
430 // Specify which driver should be used for this network. Default
431 // is 'bridge'.
432 "driver"?: string
433
434 // Specify driver-specific options defined as key/value pairs.
435 "driver_opts"?: {
436 {[=~"^.+$"]: number | string}
437 ...
438 }
439
440 // Custom IP Address Management configuration for this network.
441 "ipam"?: close({
442 // Custom IPAM driver, instead of the default.
443 "driver"?: string
444
445 // List of IPAM configuration blocks.
446 "config"?: [...close({
447 // Subnet in CIDR format that represents a network segment.
448 "subnet"?: string
449
450 // Range of IPs from which to allocate container IPs.
451 "ip_range"?: string
452
453 // IPv4 or IPv6 gateway for the subnet.
454 "gateway"?: string
455
456 // Auxiliary IPv4 or IPv6 addresses used by Network driver.
457 "aux_addresses"?: close({
458 {[=~"^.+$"]: string}
459 })
460
461 {[=~"^x-" & !~"^(subnet|ip_range|gateway|aux_addresses)$"]: _}
462 })]
463
464 // Driver-specific options for the IPAM driver.
465 "options"?: close({
466 {[=~"^.+$"]: string}
467 })
468
469 {[=~"^x-" & !~"^(driver|config|options)$"]: _}
470 })
471
472 // Specifies that this network already exists and was created
473 // outside of Compose.
474 "external"?: bool | string | close({
475 // Specifies the name of the external network. Deprecated: use the
476 // 'name' property instead.
477 "name"?: string
478
479 {[=~"^x-" & !~"^(name)$"]: _}
480 })
481
482 // Create an externally isolated network.
483 "internal"?: bool | string
484
485 // Enable IPv4 networking.
486 "enable_ipv4"?: bool | string
487
488 // Enable IPv6 networking.
489 "enable_ipv6"?: bool | string
490
491 // If true, standalone containers can attach to this network.
492 "attachable"?: bool | string
493 "labels"?: #list_or_dict
494
495 {[=~"^x-" & !~"^(name|driver|driver_opts|ipam|external|internal|enable_ipv4|enable_ipv6|attachable|labels)$"]: _}
496 })
497
498 // Secret configuration for the Compose application.
499 #secret: close({
500 // Custom name for this secret.
501 "name"?: string
502
503 // Name of an environment variable from which to get the secret
504 // value.
505 "environment"?: string
506
507 // Path to a file containing the secret value.
508 "file"?: string
509
510 // Specifies that this secret already exists and was created
511 // outside of Compose.
512 "external"?: bool | string | {
513 // Specifies the name of the external secret.
514 "name"?: string
515 ...
516 }
517 "labels"?: #list_or_dict
518
519 // Specify which secret driver should be used for this secret.
520 "driver"?: string
521
522 // Specify driver-specific options.
523 "driver_opts"?: {
524 {[=~"^.+$"]: number | string}
525 ...
526 }
527
528 // Driver to use for templating the secret's value.
529 "template_driver"?: string
530
531 {[=~"^x-" & !~"^(name|environment|file|external|labels|driver|driver_opts|template_driver)$"]: _}
532 })
533
534 // Configuration for a service.
535 #service: close({
536 "develop"?: #development
537 "deploy"?: #deployment
538 "annotations"?: #list_or_dict
539 "attach"?: bool | string
540
541 // Configuration options for building the service's image.
542 "build"?: matchN(1, [string, close({
543 // Path to the build context. Can be a relative path or a URL.
544 "context"?: string
545
546 // Name of the Dockerfile to use for building the image.
547 "dockerfile"?: string
548
549 // Inline Dockerfile content to use instead of a Dockerfile from
550 // the build context.
551 "dockerfile_inline"?: string
552
553 // List of extra privileged entitlements to grant to the build
554 // process.
555 "entitlements"?: [...string]
556 "args"?: #list_or_dict
557 "ssh"?: #list_or_dict
558 "labels"?: #list_or_dict
559
560 // List of sources the image builder should use for cache
561 // resolution
562 "cache_from"?: [...string]
563
564 // Cache destinations for the build cache.
565 "cache_to"?: [...string]
566
567 // Do not use cache when building the image.
568 "no_cache"?: bool | string
569 "additional_contexts"?: #list_or_dict
570
571 // Network mode to use for the build. Options include 'default',
572 // 'none', 'host', or a network name.
573 "network"?: string
574
575 // Add a provenance attestation
576 "provenance"?: bool | string
577
578 // Add a SBOM attestation
579 "sbom"?: bool | string
580
581 // Always attempt to pull a newer version of the image.
582 "pull"?: bool | string
583
584 // Build stage to target in a multi-stage Dockerfile.
585 "target"?: string
586
587 // Size of /dev/shm for the build container. A string value can
588 // use suffix like '2g' for 2 gigabytes.
589 "shm_size"?: int | string
590 "extra_hosts"?: #extra_hosts
591
592 // Container isolation technology to use for the build process.
593 "isolation"?: string
594
595 // Give extended privileges to the build container.
596 "privileged"?: bool | string
597 "secrets"?: #service_config_or_secret
598
599 // Additional tags to apply to the built image.
600 "tags"?: [...string]
601 "ulimits"?: #ulimits
602
603 // Platforms to build for, e.g., 'linux/amd64', 'linux/arm64', or
604 // 'windows/amd64'.
605 "platforms"?: [...string]
606
607 {[=~"^x-" & !~"^(context|dockerfile|dockerfile_inline|entitlements|args|ssh|labels|cache_from|cache_to|no_cache|additional_contexts|network|provenance|sbom|pull|target|shm_size|extra_hosts|isolation|privileged|secrets|tags|ulimits|platforms)$"]: _}
608 })])
609
610 // Block IO configuration for the service.
611 "blkio_config"?: close({
612 // Limit read rate (bytes per second) from a device.
613 "device_read_bps"?: [...#blkio_limit]
614
615 // Limit read rate (IO per second) from a device.
616 "device_read_iops"?: [...#blkio_limit]
617
618 // Limit write rate (bytes per second) to a device.
619 "device_write_bps"?: [...#blkio_limit]
620
621 // Limit write rate (IO per second) to a device.
622 "device_write_iops"?: [...#blkio_limit]
623
624 // Block IO weight (relative weight) for the service, between 10
625 // and 1000.
626 "weight"?: int | string
627
628 // Block IO weight (relative weight) for specific devices.
629 "weight_device"?: [...#blkio_weight]
630 })
631
632 // Add Linux capabilities. For example, 'CAP_SYS_ADMIN',
633 // 'SYS_ADMIN', or 'NET_ADMIN'.
634 "cap_add"?: list.UniqueItems() & [...string]
635
636 // Drop Linux capabilities. For example, 'CAP_SYS_ADMIN',
637 // 'SYS_ADMIN', or 'NET_ADMIN'.
638 "cap_drop"?: list.UniqueItems() & [...string]
639
640 // Specify the cgroup namespace to join. Use 'host' to use the
641 // host's cgroup namespace, or 'private' to use a private cgroup
642 // namespace.
643 "cgroup"?: "host" | "private"
644
645 // Specify an optional parent cgroup for the container.
646 "cgroup_parent"?: string
647 "command"?: #command
648 "configs"?: #service_config_or_secret
649
650 // Specify a custom container name, rather than a generated
651 // default name.
652 "container_name"?: =~"[a-zA-Z0-9][a-zA-Z0-9_.-]+"
653
654 // Number of usable CPUs.
655 "cpu_count"?: matchN(1, [string, int & >=0])
656
657 // Percentage of CPU resources to use.
658 "cpu_percent"?: matchN(1, [string, int & >=0 & <=100])
659
660 // CPU shares (relative weight) for the container.
661 "cpu_shares"?: number | string
662
663 // Limit the CPU CFS (Completely Fair Scheduler) quota.
664 "cpu_quota"?: number | string
665
666 // Limit the CPU CFS (Completely Fair Scheduler) period.
667 "cpu_period"?: number | string
668
669 // Limit the CPU real-time period in microseconds or a duration.
670 "cpu_rt_period"?: number | string
671
672 // Limit the CPU real-time runtime in microseconds or a duration.
673 "cpu_rt_runtime"?: number | string
674
675 // Number of CPUs to use. A floating-point value is supported to
676 // request partial CPUs.
677 "cpus"?: number | string
678
679 // CPUs in which to allow execution (0-3, 0,1).
680 "cpuset"?: string
681
682 // Configure the credential spec for managed service account.
683 "credential_spec"?: close({
684 // The name of the credential spec Config to use.
685 "config"?: string
686
687 // Path to a credential spec file.
688 "file"?: string
689
690 // Path to a credential spec in the Windows registry.
691 "registry"?: string
692
693 {[=~"^x-" & !~"^(config|file|registry)$"]: _}
694 })
695
696 // Express dependency between services. Service dependencies cause
697 // services to be started in dependency order. The dependent
698 // service will wait for the dependency to be ready before
699 // starting.
700 "depends_on"?: matchN(1, [#list_of_strings, close({
701 {[=~"^[a-zA-Z0-9._-]+$"]: close({
702 // Whether to restart dependent services when this service is
703 // restarted.
704 "restart"?: bool | string
705
706 // Whether the dependency is required for the dependent service to
707 // start.
708 "required"?: bool
709
710 // Condition to wait for. 'service_started' waits until the
711 // service has started, 'service_healthy' waits until the service
712 // is healthy (as defined by its healthcheck),
713 // 'service_completed_successfully' waits until the service has
714 // completed successfully.
715 "condition"!: "service_started" | "service_healthy" | "service_completed_successfully"
716
717 {[=~"^x-" & !~"^(restart|required|condition)$"]: _}
718 })
719 }
720 })])
721 "device_cgroup_rules"?: #list_of_strings
722
723 // List of device mappings for the container.
724 "devices"?: [...matchN(1, [string, close({
725 // Path on the host to the device.
726 "source"!: string
727
728 // Path in the container where the device will be mapped.
729 "target"?: string
730
731 // Cgroup permissions for the device (rwm).
732 "permissions"?: string
733
734 {[=~"^x-" & !~"^(source|target|permissions)$"]: _}
735 })])]
736 "dns"?: #string_or_list
737
738 // Custom DNS options to be passed to the container's DNS
739 // resolver.
740 "dns_opt"?: list.UniqueItems() & [...string]
741 "dns_search"?: #string_or_list
742
743 // Custom domain name to use for the service container.
744 "domainname"?: string
745 "entrypoint"?: #command
746 "env_file"?: #env_file
747 "label_file"?: #label_file
748 "environment"?: #list_or_dict
749
750 // Expose ports without publishing them to the host machine -
751 // they'll only be accessible to linked services.
752 "expose"?: list.UniqueItems() & [...number | string]
753
754 // Extend another service, in the current file or another file.
755 "extends"?: matchN(1, [string, close({
756 // The name of the service to extend.
757 "service"!: string
758
759 // The file path where the service to extend is defined.
760 "file"?: string
761 })])
762
763 // Specify a service which will not be manage by Compose directly,
764 // and delegate its management to an external provider.
765 "provider"?: close({
766 // External component used by Compose to manage setup and teardown
767 // lifecycle of the service.
768 "type"!: string
769
770 // Provider-specific options.
771 "options"?: {
772 {[=~"^.+$"]: matchN(1, [bool | number | string, [...bool | number | string]])}
773 ...
774 }
775
776 {[=~"^x-" & !~"^(type|options)$"]: _}
777 })
778
779 // Link to services started outside this Compose application.
780 // Specify services as <service_name>:<alias>.
781 "external_links"?: list.UniqueItems() & [...string]
782 "extra_hosts"?: #extra_hosts
783 "gpus"?: #gpus
784
785 // Add additional groups which user inside the container should be
786 // member of.
787 "group_add"?: list.UniqueItems() & [...number | string]
788 "healthcheck"?: #healthcheck
789
790 // Define a custom hostname for the service container.
791 "hostname"?: string
792
793 // Specify the image to start the container from. Can be a
794 // repository/tag, a digest, or a local image ID.
795 "image"?: string
796
797 // Run as an init process inside the container that forwards
798 // signals and reaps processes.
799 "init"?: bool | string
800
801 // IPC sharing mode for the service container. Use 'host' to share
802 // the host's IPC namespace, 'service:[service_name]' to share
803 // with another service, or 'shareable' to allow other services
804 // to share this service's IPC namespace.
805 "ipc"?: string
806
807 // Container isolation technology to use. Supported values are
808 // platform-specific.
809 "isolation"?: string
810 "labels"?: #list_or_dict
811
812 // Link to containers in another service. Either specify both the
813 // service name and a link alias (SERVICE:ALIAS), or just the
814 // service name.
815 "links"?: list.UniqueItems() & [...string]
816
817 // Logging configuration for the service.
818 "logging"?: close({
819 // Logging driver to use, such as 'json-file', 'syslog',
820 // 'journald', etc.
821 "driver"?: string
822
823 // Options for the logging driver.
824 "options"?: {
825 {[=~"^.+$"]: null | number | string}
826 ...
827 }
828
829 {[=~"^x-" & !~"^(driver|options)$"]: _}
830 })
831
832 // Container MAC address to set.
833 "mac_address"?: string
834
835 // Memory limit for the container. A string value can use suffix
836 // like '2g' for 2 gigabytes.
837 "mem_limit"?: number | string
838
839 // Memory reservation for the container.
840 "mem_reservation"?: int | string
841
842 // Container memory swappiness as percentage (0 to 100).
843 "mem_swappiness"?: int | string
844
845 // Amount of memory the container is allowed to swap to disk. Set
846 // to -1 to enable unlimited swap.
847 "memswap_limit"?: number | string
848
849 // Network mode. Values can be 'bridge', 'host', 'none',
850 // 'service:[service name]', or 'container:[container name]'.
851 "network_mode"?: string
852
853 // AI Models to use, referencing entries under the top-level
854 // models key.
855 "models"?: matchN(1, [#list_of_strings, {
856 {[=~"^[a-zA-Z0-9._-]+$"]: close({
857 // Environment variable set to AI model endpoint.
858 "endpoint_var"?: string
859
860 // Environment variable set to AI model name.
861 "model_var"?: string
862
863 {[=~"^x-" & !~"^(endpoint_var|model_var)$"]: _}
864 })
865 }
866 ...
867 }])
868
869 // Networks to join, referencing entries under the top-level
870 // networks key. Can be a list of network names or a mapping of
871 // network name to network configuration.
872 "networks"?: matchN(1, [#list_of_strings, close({
873 {[=~"^[a-zA-Z0-9._-]+$"]: matchN(1, [close({
874 "aliases"?: #list_of_strings
875
876 // Interface network name used to connect to network
877 "interface_name"?: string
878
879 // Specify a static IPv4 address for this service on this network.
880 "ipv4_address"?: string
881
882 // Specify a static IPv6 address for this service on this network.
883 "ipv6_address"?: string, "link_local_ips"?: #list_of_strings
884
885 // Specify a MAC address for this service on this network.
886 "mac_address"?: string
887
888 // Driver options for this network.
889 "driver_opts"?: {
890 {[=~"^.+$"]: number | string}
891 ...
892 }
893
894 // Specify the priority for the network connection.
895 "priority"?: number
896
897 // Specify the gateway priority for the network connection.
898 "gw_priority"?: number
899
900 {[=~"^x-" & !~"^(aliases|interface_name|ipv4_address|ipv6_address|link_local_ips|mac_address|driver_opts|priority|gw_priority)$"]: _}
901 }), null])
902 }
903 })])
904
905 // Disable OOM Killer for the container.
906 "oom_kill_disable"?: bool | string
907
908 // Tune host's OOM preferences for the container (accepts -1000 to
909 // 1000).
910 "oom_score_adj"?: matchN(1, [string, int & >=-1000 & <=1000])
911
912 // PID mode for container.
913 "pid"?: null | string
914
915 // Tune a container's PIDs limit. Set to -1 for unlimited PIDs.
916 "pids_limit"?: number | string
917
918 // Target platform to run on, e.g., 'linux/amd64', 'linux/arm64',
919 // or 'windows/amd64'.
920 "platform"?: string
921
922 // Expose container ports. Short format
923 // ([HOST:]CONTAINER[/PROTOCOL]).
924 "ports"?: list.UniqueItems() & [...matchN(1, [number, string, close({
925 // A human-readable name for this port mapping.
926 "name"?: string
927
928 // The port binding mode, either 'host' for publishing a host port
929 // or 'ingress' for load balancing.
930 "mode"?: string
931
932 // The host IP to bind to.
933 "host_ip"?: string
934
935 // The port inside the container.
936 "target"?: int | string
937
938 // The publicly exposed port.
939 "published"?: int | string
940
941 // The port protocol (tcp or udp).
942 "protocol"?: string
943
944 // Application protocol to use with the port (e.g., http, https,
945 // mysql).
946 "app_protocol"?: string
947
948 {[=~"^x-" & !~"^(name|mode|host_ip|target|published|protocol|app_protocol)$"]: _}
949 })])]
950
951 // Commands to run after the container starts. If any command
952 // fails, the container stops.
953 "post_start"?: [...#service_hook]
954
955 // Commands to run before the container stops. If any command
956 // fails, the container stop is aborted.
957 "pre_stop"?: [...#service_hook]
958
959 // Give extended privileges to the service container.
960 "privileged"?: bool | string
961 "profiles"?: #list_of_strings
962
963 // Policy for pulling images. Options include: 'always', 'never',
964 // 'if_not_present', 'missing', 'build', or time-based refresh
965 // policies.
966 "pull_policy"?: =~"always|never|build|if_not_present|missing|refresh|daily|weekly|every_([0-9]+[wdhms])+"
967
968 // Time after which to refresh the image. Used with
969 // pull_policy=refresh.
970 "pull_refresh_after"?: string
971
972 // Mount the container's filesystem as read only.
973 "read_only"?: bool | string
974
975 // Restart policy for the service container. Options include:
976 // 'no', 'always', 'on-failure', and 'unless-stopped'.
977 "restart"?: string
978
979 // Runtime to use for this container, e.g., 'runc'.
980 "runtime"?: string
981
982 // Number of containers to deploy for this service.
983 "scale"?: int | string
984
985 // Override the default labeling scheme for each container.
986 "security_opt"?: list.UniqueItems() & [...string]
987
988 // Size of /dev/shm. A string value can use suffix like '2g' for 2
989 // gigabytes.
990 "shm_size"?: number | string
991 "secrets"?: #service_config_or_secret
992 "sysctls"?: #list_or_dict
993
994 // Keep STDIN open even if not attached.
995 "stdin_open"?: bool | string
996
997 // Time to wait for the container to stop gracefully before
998 // sending SIGKILL (e.g., '1s', '1m30s').
999 "stop_grace_period"?: string
1000
1001 // Signal to stop the container (e.g., 'SIGTERM', 'SIGINT').
1002 "stop_signal"?: string
1003
1004 // Storage driver options for the container.
1005 "storage_opt"?: {
1006 ...
1007 }
1008 "tmpfs"?: #string_or_list
1009
1010 // Allocate a pseudo-TTY to service container.
1011 "tty"?: bool | string
1012 "ulimits"?: #ulimits
1013
1014 // Bind mount Docker API socket and required auth.
1015 "use_api_socket"?: bool
1016
1017 // Username or UID to run the container process as.
1018 "user"?: string
1019
1020 // UTS namespace to use. 'host' shares the host's UTS namespace.
1021 "uts"?: string
1022
1023 // User namespace to use. 'host' shares the host's user namespace.
1024 "userns_mode"?: string
1025
1026 // Mount host paths or named volumes accessible to the container.
1027 // Short syntax (VOLUME:CONTAINER_PATH[:MODE])
1028 "volumes"?: list.UniqueItems() & [...matchN(1, [string, close({
1029 // The mount type: bind for mounting host directories, volume for
1030 // named volumes, tmpfs for temporary filesystems, cluster for
1031 // cluster volumes, npipe for named pipes, or image for mounting
1032 // from an image.
1033 "type"!: "bind" | "volume" | "tmpfs" | "cluster" | "npipe" | "image"
1034
1035 // The source of the mount, a path on the host for a bind mount, a
1036 // docker image reference for an image mount, or the name of a
1037 // volume defined in the top-level volumes key. Not applicable
1038 // for a tmpfs mount.
1039 "source"?: string
1040
1041 // The path in the container where the volume is mounted.
1042 "target"?: string
1043
1044 // Flag to set the volume as read-only.
1045 "read_only"?: bool | string
1046
1047 // The consistency requirements for the mount. Available values
1048 // are platform specific.
1049 "consistency"?: string
1050
1051 // Configuration specific to bind mounts.
1052 "bind"?: close({
1053 // The propagation mode for the bind mount: 'shared', 'slave',
1054 // 'private', 'rshared', 'rslave', or 'rprivate'.
1055 "propagation"?: string
1056
1057 // Create the host path if it doesn't exist.
1058 "create_host_path"?: bool | string
1059
1060 // Recursively mount the source directory.
1061 "recursive"?: "enabled" | "disabled" | "writable" | "readonly"
1062
1063 // SELinux relabeling options: 'z' for shared content, 'Z' for
1064 // private unshared content.
1065 "selinux"?: "z" | "Z"
1066
1067 {[=~"^x-" & !~"^(propagation|create_host_path|recursive|selinux)$"]: _}
1068 })
1069
1070 // Configuration specific to volume mounts.
1071 "volume"?: close({
1072 "labels"?: #list_or_dict
1073
1074 // Flag to disable copying of data from a container when a volume
1075 // is created.
1076 "nocopy"?: bool | string
1077
1078 // Path within the volume to mount instead of the volume root.
1079 "subpath"?: string
1080
1081 {[=~"^x-" & !~"^(labels|nocopy|subpath)$"]: _}
1082 })
1083
1084 // Configuration specific to tmpfs mounts.
1085 "tmpfs"?: close({
1086 // Size of the tmpfs mount in bytes.
1087 "size"?: matchN(1, [int & >=0, string])
1088
1089 // File mode of the tmpfs in octal.
1090 "mode"?: number | string
1091
1092 {[=~"^x-" & !~"^(size|mode)$"]: _}
1093 })
1094
1095 // Configuration specific to image mounts.
1096 "image"?: close({
1097 // Path within the image to mount instead of the image root.
1098 "subpath"?: string
1099
1100 {[=~"^x-" & !~"^(subpath)$"]: _}
1101 })
1102
1103 {[=~"^x-" & !~"^(type|source|target|read_only|consistency|bind|volume|tmpfs|image)$"]: _}
1104 })])]
1105
1106 // Mount volumes from another service or container. Optionally
1107 // specify read-only access (ro) or read-write (rw).
1108 "volumes_from"?: list.UniqueItems() & [...string]
1109
1110 // The working directory in which the entrypoint or command will
1111 // be run
1112 "working_dir"?: string
1113
1114 {[=~"^x-" & !~"^(develop|deploy|annotations|attach|build|blkio_config|cap_add|cap_drop|cgroup|cgroup_parent|command|configs|container_name|cpu_count|cpu_percent|cpu_shares|cpu_quota|cpu_period|cpu_rt_period|cpu_rt_runtime|cpus|cpuset|credential_spec|depends_on|device_cgroup_rules|devices|dns|dns_opt|dns_search|domainname|entrypoint|env_file|label_file|environment|expose|extends|provider|external_links|extra_hosts|gpus|group_add|healthcheck|hostname|image|init|ipc|isolation|labels|links|logging|mac_address|mem_limit|mem_reservation|mem_swappiness|memswap_limit|network_mode|models|networks|oom_kill_disable|oom_score_adj|pid|pids_limit|platform|ports|post_start|pre_stop|privileged|profiles|pull_policy|pull_refresh_after|read_only|restart|runtime|scale|security_opt|shm_size|secrets|sysctls|stdin_open|stop_grace_period|stop_signal|storage_opt|tmpfs|tty|ulimits|use_api_socket|user|uts|userns_mode|volumes|volumes_from|working_dir)$"]: _}
1115 })
1116
1117 // Configuration for service configs or secrets, defining how they
1118 // are mounted in the container.
1119 #service_config_or_secret: [...matchN(1, [string, close({
1120 // Name of the config or secret as defined in the top-level
1121 // configs or secrets section.
1122 "source"?: string
1123
1124 // Path in the container where the config or secret will be
1125 // mounted. Defaults to /<source> for configs and
1126 // /run/secrets/<source> for secrets.
1127 "target"?: string
1128
1129 // UID of the file in the container. Default is 0 (root).
1130 "uid"?: string
1131
1132 // GID of the file in the container. Default is 0 (root).
1133 "gid"?: string
1134
1135 // File permission mode inside the container, in octal. Default is
1136 // 0444 for configs and 0400 for secrets.
1137 "mode"?: number | string
1138
1139 {[=~"^x-" & !~"^(source|target|uid|gid|mode)$"]: _}
1140 })])]
1141
1142 // Configuration for service lifecycle hooks, which are commands
1143 // executed at specific points in a container's lifecycle.
1144 #service_hook: close({
1145 "command"!: #command
1146
1147 // User to run the command as.
1148 "user"?: string
1149
1150 // Whether to run the command with extended privileges.
1151 "privileged"?: bool | string
1152
1153 // Working directory for the command.
1154 "working_dir"?: string
1155 "environment"?: #list_or_dict
1156
1157 {[=~"^x-" & !~"^(command|user|privileged|working_dir|environment)$"]: _}
1158 })
1159
1160 // Either a single string or a list of strings.
1161 #string_or_list: matchN(1, [string, #list_of_strings])
1162
1163 // Container ulimit options, controlling resource limits for
1164 // processes inside the container.
1165 #ulimits: {
1166 {[=~"^[a-z]+$"]: matchN(1, [int | string, close({
1167 // Hard limit for the ulimit type. This is the maximum allowed
1168 // value.
1169 "hard"!: int | string
1170
1171 // Soft limit for the ulimit type. This is the value that's
1172 // actually enforced.
1173 "soft"!: int | string
1174
1175 {[=~"^x-" & !~"^(hard|soft)$"]: _}
1176 })])
1177 }
1178 ...
1179 }
1180
1181 // Volume configuration for the Compose application.
1182 #volume: null | close({
1183 // Custom name for this volume.
1184 "name"?: string
1185
1186 // Specify which volume driver should be used for this volume.
1187 "driver"?: string
1188
1189 // Specify driver-specific options.
1190 "driver_opts"?: {
1191 {[=~"^.+$"]: number | string}
1192 ...
1193 }
1194
1195 // Specifies that this volume already exists and was created
1196 // outside of Compose.
1197 "external"?: bool | string | close({
1198 // Specifies the name of the external volume. Deprecated: use the
1199 // 'name' property instead.
1200 "name"?: string
1201
1202 {[=~"^x-" & !~"^(name)$"]: _}
1203 })
1204 "labels"?: #list_or_dict
1205
1206 {[=~"^x-" & !~"^(name|driver|driver_opts|external|labels)$"]: _}
1207 })
1208}