docs(secrets): note compose build not yet supported#25571
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🔴 CRITICAL
This PR edits data/cli/secrets/docker_pass.yaml, a YAML file in a data/*/*.yaml subdirectory. These files are generated CLI reference data and must not be manually edited — changes must be made upstream and synced in. Additionally, the added line uses Note: meta-commentary which violates the Docker documentation style guide.
| DB_PASSWORD: se://postgres/prod/app-user | ||
| ``` | ||
| Note: `docker compose build` is not supported yet. |
There was a problem hiding this comment.
[HIGH] Editing vendored/generated CLI reference YAML
The file data/cli/secrets/docker_pass.yaml lives under data/cli/secrets/ — a data/*/*.yaml subdirectory. Per the project's review guidelines, YAML files in these subdirectories are generated CLI reference data (like data/engine-cli/*.yaml, data/buildx/*.yaml, etc.) and must not be manually edited. Changes to CLI reference YAML must go through the upstream source repository and be re-generated/synced into this repo.
To document that docker compose build is not yet supported, the note should be added to the hand-authored documentation page(s) that cover docker pass (for example, in content/), not in this generated data file.
| DB_PASSWORD: se://postgres/prod/app-user | ||
| ``` | ||
| Note: `docker compose build` is not supported yet. |
There was a problem hiding this comment.
[MEDIUM] "Note:" is meta-commentary — state the fact directly
The STYLE.md guide lists Note: (and similar lead-ins like "It's worth noting that…") as meta-commentary to avoid. State the information directly instead. For example:
docker compose buildis not yet supported.
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🔴 CRITICAL
This PR manually edits a vendored/generated CLI reference YAML file (data/cli/secrets/docker_pass.yaml). Files in data/*/*.yaml subdirectories are generated from upstream repositories and must not be edited directly — any manual change will be overwritten on the next CLI data sync. The fix must be made upstream.
Additionally, the added text uses a banned Note: meta-commentary prefix instead of a proper callout or plain statement.
| DB_PASSWORD: se://postgres/prod/app-user | ||
| ``` | ||
| Note: `docker compose build` is not supported yet. |
There was a problem hiding this comment.
[HIGH] Manually editing a vendored/generated CLI reference YAML file
data/cli/secrets/docker_pass.yaml lives under data/cli/ — a subdirectory of data/ — which contains CLI reference YAML files generated from upstream repositories. Per project rules, files matching data/*/*.yaml must not be manually edited; any change here will be silently overwritten the next time the CLI reference data is synced from upstream.
The correct fix is to make this change upstream (in the docker/secrets-engine repo or wherever docker_pass.yaml is generated), so it flows back through the normal sync process.
| DB_PASSWORD: se://postgres/prod/app-user | ||
| ``` | ||
| Note: `docker compose build` is not supported yet. |
There was a problem hiding this comment.
[MEDIUM] Note: inline prefix is a banned meta-commentary pattern
The style guide prohibits using Note: as a standalone inline prefix — it's classified as meta-commentary that adds no value. If this note were being added to an editable file, it should either be expressed as a direct plain statement (e.g., `docker compose build` is not yet supported.) or use the proper GitHub-style callout syntax:
> [!NOTE]
> `docker compose build` is not yet supported.
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🔴 CRITICAL
This PR manually edits a vendored/generated CLI reference YAML file (). Files under are generated from upstream sources and must not be hand-edited — changes will be overwritten on the next sync. The fix should be submitted upstream (https://github.com/docker/secrets-engine) and re-vendored into this repo.
| DB_PASSWORD: se://postgres/prod/app-user | ||
| ``` | ||
| Note: `docker compose build` is not supported yet. |
There was a problem hiding this comment.
[HIGH] Manually edited vendored/generated CLI reference YAML
data/cli/secrets/docker_pass.yaml lives under a data/<subdir>/ path, which means it is generated/vendored CLI reference data that must not be manually edited. Per project guidelines, files matching data/*/*.yaml (e.g. data/engine-cli/*.yaml, data/buildx/*.yaml, data/scout-cli/*.yaml) are synced from upstream sources and any manual edits will be overwritten on the next vendor sync.
The fix for the docker compose build limitation should be submitted to the upstream repo (https://github.com/docker/secrets-engine) and re-vendored into this repo rather than being hand-edited here.
| DB_PASSWORD: se://postgres/prod/app-user | ||
| ``` | ||
| Note: `docker compose build` is not supported yet. |
There was a problem hiding this comment.
[MEDIUM] 'Note:' lead-in is a style guide violation
The added line uses Note: as a meta-commentary lead-in. The Docker style guide explicitly forbids this pattern (similar to "It's worth noting that…") and requires authors to either state the information directly or use a proper callout.
Direct statement:
`docker compose build` is not yet supported.
Or as a callout (if special emphasis is warranted):
> [!NOTE]
> `docker compose build` is not yet supported.Note: this is a secondary concern — the high-severity vendored-file issue should be addressed first.
Description
Explicitly highlighting secrets from docker pass are not supported in
docker compose buildyet. See docker/secrets-engine#584Related issues or tickets
Reviews