carverauto/serviceradar

Fork 0

docker updates #2527

Merged

mfreeman451 merged 2 commits from refs/pull/2527/head into main

2025-12-08 06:50:43 +00:00

mfreeman451 commented

2025-12-08 06:35:18 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2084
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2084
Original created: 2025-12-08T06:35:18Z
Original updated: 2025-12-08T06:54:05Z
Original head: carverauto/serviceradar:chore/1_0_65-docker-fixes
Original base: main
Original merged: 2025-12-08T06:50:43Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement

Description

Update all service image tags from latest to v1.0.65
Replace SHA-based tag with semantic version in Helm values
Standardize Docker Compose mTLS configuration with release version

Diagram Walkthrough

flowchart LR
  A["Docker Compose<br/>mTLS Config"] -- "18 services" --> B["Image Tags:<br/>latest → v1.0.65"]
  C["Helm Values<br/>Config"] -- "appTag" --> D["SHA Hash →<br/>v1.0.65"]
  B --> E["Consistent<br/>Release Version"]
  D --> E

File Walkthrough

Relevant files

Configuration changes

docker-compose.mtls.yml

Update Docker Compose service tags to v1.0.65

docker-compose.mtls.yml

Updated 18 service image tags from ${APP_TAG:-latest} to
${APP_TAG:-v1.0.65}
Services updated: config-updater, core-jwks-init, core, datasvc,
poller-kv-seed, agent, poller, srql, sync, otel, flowgger, trapd, zen,
db-event-writer, mapper, snmp-checker, rperf-client, kong-config, web
Ensures consistent versioning across all containerized services in
mTLS deployment

+19/-19

values.yaml

Update Helm appTag to semantic version v1.0.65

helm/serviceradar/values.yaml

Changed appTag from SHA-based commit hash to semantic version v1.0.65
Replaces sha-42860d456649cf49f76a910c5ac0955f654c4ec0 with v1.0.65
Affects all services using the appTag anchor reference

+1/-1

Imported from GitHub pull request. Original GitHub pull request: #2084 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2084 Original created: 2025-12-08T06:35:18Z Original updated: 2025-12-08T06:54:05Z Original head: carverauto/serviceradar:chore/1_0_65-docker-fixes Original base: main Original merged: 2025-12-08T06:50:43Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement ___ ### **Description** - Update all service image tags from latest to v1.0.65 - Replace SHA-based tag with semantic version in Helm values - Standardize Docker Compose mTLS configuration with release version ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Docker Compose mTLS Config"] -- "18 services" --> B["Image Tags: latest → v1.0.65"] C["Helm Values Config"] -- "appTag" --> D["SHA Hash → v1.0.65"] B --> E["Consistent Release Version"] D --> E ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Configuration changes</td><td><table> <tr> <td> <details> <summary>docker-compose.mtls.yml<dd><code>Update Docker Compose service tags to v1.0.65</code>                        </dd></summary> <hr> docker-compose.mtls.yml <ul><li>Updated 18 service image tags from <code>${APP_TAG:-latest}</code> to <code>${APP_TAG:-v1.0.65}</code> <li> Services updated: config-updater, core-jwks-init, core, datasvc, poller-kv-seed, agent, poller, srql, sync, otel, flowgger, trapd, zen, db-event-writer, mapper, snmp-checker, rperf-client, kong-config, web <li> Ensures consistent versioning across all containerized services in mTLS deployment</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2084/files#diff-6d953c3f91279bbdeea722524ee1069c8a367625a3970503232174e56a06bd48">+19/-19</a>  </td> </tr> <tr> <td> <details> <summary>values.yaml<dd><code>Update Helm appTag to semantic version v1.0.65</code>                      </dd></summary> <hr> helm/serviceradar/values.yaml <ul><li>Changed appTag from SHA-based commit hash to semantic version v1.0.65 <li> Replaces <code>sha-42860d456649cf49f76a910c5ac0955f654c4ec0</code> with <code>v1.0.65</code> <li> Affects all services using the appTag anchor reference</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2084/files#diff-d4449c7cb70362554b274f81eae5a4b81a8e81df494282e383d1b7ea3871c452">+1/-1</a>      </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-12-08 06:35:54 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2084#issuecomment-3625249956
Original created: 2025-12-08T06:35:54Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No audit impact: The changes only update container image tags and do not add or modify any application logic that affects audit trails. Referred Code image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No error paths: The diff only alters image tags and does not introduce code that could be evaluated for error handling or edge cases. Referred Code image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: No user errors: Only image tag updates were made and there are no user-facing error messages added or modified to assess for sensitive detail leakage. Referred Code image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: No logging changes: The PR updates image tags only and does not modify logging behavior, structure, or content to evaluate against secure logging requirements. Referred Code image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Version pinning: The change pins application images to version v1.0.65 but does not introduce input handling logic in this diff to assess validation or data handling security. Referred Code `appTag: &appTag "v1.0.65" # ServiceRadar UUID identity system - generates stable device IDs based on strong identifiers` Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2084#issuecomment-3625249956 Original created: 2025-12-08T06:35:54Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td>🟢</td><td><details><summary>No security concerns identified</summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=1>🟢</td><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=5>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2084/files#diff-6d953c3f91279bbdeea722524ee1069c8a367625a3970503232174e56a06bd48R58-R690'>No audit impact</a>: The changes only update container image tags and do not add or modify any application logic that affects audit trails. <details open><summary>Referred Code</summary> ```yaml image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2084/files#diff-6d953c3f91279bbdeea722524ee1069c8a367625a3970503232174e56a06bd48R58-R690'>No error paths</a>: The diff only alters image tags and does not introduce code that could be evaluated for error handling or edge cases. <details open><summary>Referred Code</summary> ```yaml image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2084/files#diff-6d953c3f91279bbdeea722524ee1069c8a367625a3970503232174e56a06bd48R58-R690'>No user errors</a>: Only image tag updates were made and there are no user-facing error messages added or modified to assess for sensitive detail leakage. <details open><summary>Referred Code</summary> ```yaml image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2084/files#diff-6d953c3f91279bbdeea722524ee1069c8a367625a3970503232174e56a06bd48R58-R690'>No logging changes</a>: The PR updates image tags only and does not modify logging behavior, structure, or content to evaluate against secure logging requirements. <details open><summary>Referred Code</summary> ```yaml image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} container_name: serviceradar-config-updater-mtls volumes: - cert-data:/etc/serviceradar/certs - generated-config:/etc/serviceradar/config - ./packaging/core/config:/config:ro - ./docker/compose:/templates:ro - ./docker/compose/update-config.sh:/usr/local/bin/update-config.sh:ro environment: - SYSMON_VM_ADDRESS=${SYSMON_VM_ADDRESS:-192.168.1.218:50110} - SYSMON_VM_SECURITY_MODE=mtls - POLLERS_SECURITY_MODE=mtls - CORE_SECURITY_MODE=mtls - CNPG_HOST=${CNPG_HOST:-cnpg} - CNPG_PORT=${CNPG_PORT:-5432} - CNPG_DATABASE=${CNPG_DATABASE:-serviceradar} - CNPG_USERNAME=${CNPG_USERNAME:-serviceradar} - CNPG_PASSWORD=${CNPG_PASSWORD:-serviceradar} - CNPG_SSL_MODE=${CNPG_SSL_MODE:-verify-full} depends_on: cert-generator: ... (clipped 612 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2084/files#diff-d4449c7cb70362554b274f81eae5a4b81a8e81df494282e383d1b7ea3871c452R5-R5'>Version pinning</a>: The change pins application images to version v1.0.65 but does not introduce input handling logic in this diff to assess validation or data handling security. <details open><summary>Referred Code</summary> ```yaml appTag: &appTag "v1.0.65" # ServiceRadar UUID identity system - generates stable device IDs based on strong identifiers ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2025-12-08 06:36:54 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2084#issuecomment-3625252585
Original created: 2025-12-08T06:36:54Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category Suggestion Impact

General

Category	Suggestion	Impact
General	Use a YAML anchor for maintainability Use a YAML anchor to define the default application tag `v1.0.65` once and reuse it for all services to improve maintainability and simplify future updates. docker-compose.mtls.yml [57-117] - config-updater: - - image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-latest} - + image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} - container_name: serviceradar-config-updater-mtls - ... - core-jwks-init: - - image: ghcr.io/carverauto/serviceradar-kong-config:${APP_TAG:-latest} - + image: ghcr.io/carverauto/serviceradar-kong-config:${APP_TAG:-v1.0.65} - container_name: serviceradar-core-jwks-init-mtls - ... - core: - - image: ghcr.io/carverauto/serviceradar-core:${APP_TAG:-latest} - + image: ghcr.io/carverauto/serviceradar-core:${APP_TAG:-v1.0.65} - container_name: serviceradar-core-mtls + x-app-tag: &app-tag ${APP_TAG:-v1.0.65} + + services: + ... (clipped 51 lines) + aliases: + - cnpg + - cnpg-rw + restart: unless-stopped + + config-updater: + image: ghcr.io/carverauto/serviceradar-config-updater:app-tag + container_name: serviceradar-config-updater-mtls + volumes: + - cert-data:/etc/serviceradar/certs + - generated-config:/etc/serviceradar/config + ... (clipped 18 lines) + condition: service_healthy + restart: "no" + networks: + - serviceradar-net + + core-jwks-init: + image: ghcr.io/carverauto/serviceradar-kong-config:app-tag + container_name: serviceradar-core-jwks-init-mtls + user: "0:0" + entrypoint: ["/usr/local/bin/serviceradar-cli", "generate-jwt-keys"] + command: ["-file", "/etc/serviceradar/config/core.json", "-bits", "2048"] + ... (clipped 18 lines) + condition: service_completed_successfully + restart: "no" + networks: + - serviceradar-net + + core: + image: ghcr.io/carverauto/serviceradar-core:*app-tag + container_name: serviceradar-core-mtls + mem_limit: 8g + mem_reservation: 4g ... `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a repeated value across multiple services and proposes using YAML anchors to improve maintainability, which is a best practice for `docker-compose` files.	Medium
Update

Use a YAML anchor for maintainability

Use a YAML anchor to define the default application tag v1.0.65 once and reuse
it for all services to improve maintainability and simplify future updates.

docker-compose.mtls.yml [57-117]

-    config-updater:
-    -    image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-latest}
-    +    image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65}
-         container_name: serviceradar-config-updater-mtls
-    ...
-    core-jwks-init:
-    -    image: ghcr.io/carverauto/serviceradar-kong-config:${APP_TAG:-latest}
-    +    image: ghcr.io/carverauto/serviceradar-kong-config:${APP_TAG:-v1.0.65}
-         container_name: serviceradar-core-jwks-init-mtls
-    ...
-    core:
-    -    image: ghcr.io/carverauto/serviceradar-core:${APP_TAG:-latest}
-    +    image: ghcr.io/carverauto/serviceradar-core:${APP_TAG:-v1.0.65}
-         container_name: serviceradar-core-mtls
+    x-app-tag: &app-tag ${APP_TAG:-v1.0.65}
+
+    services:
+      ... (clipped 51 lines)
+         aliases:
+           - cnpg
+           - cnpg-rw
+     restart: unless-stopped
+ 
+   config-updater:
+     image: ghcr.io/carverauto/serviceradar-config-updater:*app-tag
+     container_name: serviceradar-config-updater-mtls
+     volumes:
+       - cert-data:/etc/serviceradar/certs
+       - generated-config:/etc/serviceradar/config
+     ... (clipped 18 lines)
+         condition: service_healthy
+     restart: "no"
+     networks:
+       - serviceradar-net
+ 
+   core-jwks-init:
+     image: ghcr.io/carverauto/serviceradar-kong-config:*app-tag
+     container_name: serviceradar-core-jwks-init-mtls
+     user: "0:0"
+     entrypoint: ["/usr/local/bin/serviceradar-cli", "generate-jwt-keys"]
+     command: ["-file", "/etc/serviceradar/config/core.json", "-bits", "2048"]
+     ... (clipped 18 lines)
+         condition: service_completed_successfully
+     restart: "no"
+     networks:
+       - serviceradar-net
+ 
+   core:
+     image: ghcr.io/carverauto/serviceradar-core:*app-tag
+     container_name: serviceradar-core-mtls
+     mem_limit: 8g
+     mem_reservation: 4g
     ...

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 7

Why: The suggestion correctly identifies a repeated value across multiple services and proposes using YAML anchors to improve maintainability, which is a best practice for docker-compose files.

Medium

Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2084#issuecomment-3625252585 Original created: 2025-12-08T06:36:54Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td>Category</td><td align=left>Suggestion                                                                                                                                    </td><td align=center>Impact</td></tr><tbody><tr><td rowspan=1>General</td> <td> <details><summary>Use a YAML anchor for maintainability</summary> ___ **Use a YAML anchor to define the default application tag <code>v1.0.65</code> once and reuse it for all services to improve maintainability and simplify future updates.** [docker-compose.mtls.yml [57-117]](https://github.com/carverauto/serviceradar/pull/2084/files#diff-6d953c3f91279bbdeea722524ee1069c8a367625a3970503232174e56a06bd48R57-R117) ```diff - config-updater: - - image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-latest} - + image: ghcr.io/carverauto/serviceradar-config-updater:${APP_TAG:-v1.0.65} - container_name: serviceradar-config-updater-mtls - ... - core-jwks-init: - - image: ghcr.io/carverauto/serviceradar-kong-config:${APP_TAG:-latest} - + image: ghcr.io/carverauto/serviceradar-kong-config:${APP_TAG:-v1.0.65} - container_name: serviceradar-core-jwks-init-mtls - ... - core: - - image: ghcr.io/carverauto/serviceradar-core:${APP_TAG:-latest} - + image: ghcr.io/carverauto/serviceradar-core:${APP_TAG:-v1.0.65} - container_name: serviceradar-core-mtls + x-app-tag: &app-tag ${APP_TAG:-v1.0.65} + + services: + ... (clipped 51 lines) + aliases: + - cnpg + - cnpg-rw + restart: unless-stopped + + config-updater: + image: ghcr.io/carverauto/serviceradar-config-updater:*app-tag + container_name: serviceradar-config-updater-mtls + volumes: + - cert-data:/etc/serviceradar/certs + - generated-config:/etc/serviceradar/config + ... (clipped 18 lines) + condition: service_healthy + restart: "no" + networks: + - serviceradar-net + + core-jwks-init: + image: ghcr.io/carverauto/serviceradar-kong-config:*app-tag + container_name: serviceradar-core-jwks-init-mtls + user: "0:0" + entrypoint: ["/usr/local/bin/serviceradar-cli", "generate-jwt-keys"] + command: ["-file", "/etc/serviceradar/config/core.json", "-bits", "2048"] + ... (clipped 18 lines) + condition: service_completed_successfully + restart: "no" + networks: + - serviceradar-net + + core: + image: ghcr.io/carverauto/serviceradar-core:*app-tag + container_name: serviceradar-core-mtls + mem_limit: 8g + mem_reservation: 4g ... ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies a repeated value across multiple services and proposes using YAML anchors to improve maintainability, which is a best practice for `docker-compose` files. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>