test

Author: abrisco

.gitattributes

@@ -0,0 +1,2 @@
+# Ensure consistent line endings for files used in diff tests
+*.yaml text eol=lf

.github/github.bazelrc

@@ -18,3 +18,6 @@ common --keep_going
 
 # Github MacOS runners do not support docker
 test:macos --test_tag_filters=-"requires-docker"
+
+# Linux runners uses legacy image storage with docker
+test:linux --@rules_docker_compose//docker_compose/settings:toolchain_default_digest_mode=docker-legacy

docker_compose/private/BUILD.bazel

@@ -4,4 +4,7 @@ bzl_library(
     name = "bzl_lib",
     srcs = glob(["*.bzl"]),
     visibility = ["//docker_compose:__pkg__"],
+    deps = [
+        "@bazel_skylib//rules:common_settings",
+    ],
 )

docker_compose/private/digest/digest.go

@@ -1,32 +1,26 @@
-// Package digest provides utilities for computing container image digests.
+// Package digest provides utilities for reading container image digests.
 //
-// This package handles the conversion between OCI (Open Container Initiative) image
-// manifests and Docker V2 Schema 2 manifests, and computes the appropriate digests
-// for each format.
+// This package handles reading digests from OCI (Open Container Initiative) image
+// layouts and manifest files, supporting both OCI manifest digests and Docker
+// image IDs (manifest digests after OCI-to-Docker conversion).
 //
 // # OCI Image Manifest Specification
 //
 // The OCI Image Manifest specification defines the format for OCI container images:
 // https://github.com/opencontainers/image-spec/blob/main/manifest.md
 //
-// # Docker Registry HTTP API V2 - Manifest Schema 2
+// # OCI Image Layout
 //
-// The Docker V2 Schema 2 manifest format is documented here:
-// https://docs.docker.com/registry/spec/manifest-v2-2/
+// The OCI Image Layout specifies how OCI image content is stored on disk:
+// https://github.com/opencontainers/image-spec/blob/main/image-layout.md
 //
-// # Media Type Conversion
+// # Docker Image ID
 //
-// When converting from OCI to Docker format, the following media types are mapped:
+// When Docker loads an OCI image with `docker load`, it converts the OCI manifest
+// to Docker V2 Schema 2 format and uses the SHA256 digest of the converted manifest
+// as the image ID. This is visible in `docker images` output and `docker inspect`.
 //
-//	OCI Media Type                                    -> Docker Media Type
-//	application/vnd.oci.image.manifest.v1+json        -> application/vnd.docker.distribution.manifest.v2+json
-//	application/vnd.oci.image.config.v1+json          -> application/vnd.docker.container.image.v1+json
-//	application/vnd.oci.image.layer.v1.tar+gzip       -> application/vnd.docker.image.rootfs.diff.tar.gzip
-//	application/vnd.oci.image.layer.v1.tar            -> application/vnd.docker.image.rootfs.diff.tar
-//	application/vnd.oci.image.layer.v1.tar+zstd       -> application/vnd.docker.image.rootfs.diff.tar+zstd
-//
-// The digest computed from the Docker V2 manifest is what Docker uses as the image ID
-// after loading an OCI image with `docker load`.
+// See: https://docs.docker.com/registry/spec/manifest-v2-2/
 package digest
 
 import (
@@ -49,30 +43,26 @@ var ociToDockerMediaTypes = map[string]string{
 	"application/vnd.oci.image.layer.v1.tar+zstd": "application/vnd.docker.image.rootfs.diff.tar+zstd",
 }
 
-// ConvertOCIToDockerMediaType converts an OCI media type to its Docker V2 equivalent.
-// If the media type is not recognized as an OCI type, it is returned unchanged.
-//
-// See OCI media types: https://github.com/opencontainers/image-spec/blob/main/media-types.md
-// See Docker media types: https://docs.docker.com/registry/spec/manifest-v2-2/#media-types
-func ConvertOCIToDockerMediaType(ociMediaType string) string {
+// convertOCIToDockerMediaType converts an OCI media type to its Docker V2 equivalent.
+func convertOCIToDockerMediaType(ociMediaType string) string {
 	if dockerType, ok := ociToDockerMediaTypes[ociMediaType]; ok {
 		return dockerType
 	}
 	return ociMediaType
 }
 
-// DockerManifest represents a Docker V2 Schema 2 manifest.
+// dockerManifest represents a Docker V2 Schema 2 manifest.
+// Field order matches Docker's serialization for digest computation.
 // See: https://docs.docker.com/registry/spec/manifest-v2-2/#image-manifest-field-descriptions
-type DockerManifest struct {
+type dockerManifest struct {
 	SchemaVersion int                        `json:"schemaVersion"`
 	MediaType     string                     `json:"mediaType"`
-	Config        DockerManifestDescriptor   `json:"config"`
-	Layers        []DockerManifestDescriptor `json:"layers"`
+	Config        dockerManifestDescriptor   `json:"config"`
+	Layers        []dockerManifestDescriptor `json:"layers"`
 }
 
-// DockerManifestDescriptor represents a content descriptor in a Docker V2 manifest.
-// See: https://docs.docker.com/registry/spec/manifest-v2-2/#image-manifest-field-descriptions
-type DockerManifestDescriptor struct {
+// dockerManifestDescriptor represents a content descriptor in a Docker V2 manifest.
+type dockerManifestDescriptor struct {
 	MediaType string `json:"mediaType"`
 	Digest    string `json:"digest"`
 	Size      int64  `json:"size"`
@@ -104,47 +94,6 @@ type OCIIndex struct {
 	} `json:"manifests"`
 }
 
-// ConvertOCIManifestToDocker converts an OCI manifest to a Docker V2 Schema 2 manifest.
-// The conversion involves changing the media types from OCI format to Docker format.
-//
-// OCI Manifest spec: https://github.com/opencontainers/image-spec/blob/main/manifest.md
-// Docker V2 Schema 2 spec: https://docs.docker.com/registry/spec/manifest-v2-2/
-func ConvertOCIManifestToDocker(ociManifest *OCIManifest) *DockerManifest {
-	dockerManifest := &DockerManifest{
-		SchemaVersion: 2,
-		MediaType:     "application/vnd.docker.distribution.manifest.v2+json",
-		Config: DockerManifestDescriptor{
-			MediaType: ConvertOCIToDockerMediaType(ociManifest.Config.MediaType),
-			Digest:    ociManifest.Config.Digest,
-			Size:      ociManifest.Config.Size,
-		},
-		Layers: make([]DockerManifestDescriptor, len(ociManifest.Layers)),
-	}
-
-	for i, layer := range ociManifest.Layers {
-		dockerManifest.Layers[i] = DockerManifestDescriptor{
-			MediaType: ConvertOCIToDockerMediaType(layer.MediaType),
-			Digest:    layer.Digest,
-			Size:      layer.Size,
-		}
-	}
-
-	return dockerManifest
-}
-
-// ComputeDockerManifestDigest computes the SHA256 digest of a Docker V2 manifest.
-// This is the digest that Docker uses as the image ID.
-func ComputeDockerManifestDigest(manifest *DockerManifest) (string, error) {
-	// Serialize to JSON without indentation to match Docker's format
-	manifestJSON, err := json.Marshal(manifest)
-	if err != nil {
-		return "", fmt.Errorf("failed to marshal Docker manifest: %v", err)
-	}
-
-	hash := sha256.Sum256(manifestJSON)
-	return fmt.Sprintf("sha256:%x", hash), nil
-}
-
 // ReadOCIManifestDigest reads the manifest digest from an OCI layout directory.
 // This reads the first manifest digest from index.json.
 //
@@ -173,19 +122,50 @@ func ReadOCIManifestDigest(ociLayoutDir string) (string, error) {
 	return digest, nil
 }
 
-// ReadDockerManifestDigestFromOCILayout reads an OCI layout, converts the manifest
+// ReadConfigDigestFromOCILayout reads the config digest from an OCI layout.
+// This is the digest that Docker Engine (without containerd) uses as the image ID.
+//
+// OCI Image Layout spec: https://github.com/opencontainers/image-spec/blob/main/image-layout.md
+func ReadConfigDigestFromOCILayout(ociLayoutDir string) (string, error) {
+	// Read the OCI index to get the manifest digest
+	ociManifestDigest, err := ReadOCIManifestDigest(ociLayoutDir)
+	if err != nil {
+		return "", err
+	}
+
+	// Read the OCI manifest blob
+	manifestPath := filepath.Join(ociLayoutDir, "blobs", "sha256", ociManifestDigest[7:])
+	manifestData, err := os.ReadFile(manifestPath)
+	if err != nil {
+		return "", fmt.Errorf("failed to read manifest blob %s: %v", manifestPath, err)
+	}
+
+	// Parse OCI manifest to get the config digest
+	var ociManifest OCIManifest
+	if err := json.Unmarshal(manifestData, &ociManifest); err != nil {
+		return "", fmt.Errorf("failed to parse OCI manifest: %v", err)
+	}
+
+	if ociManifest.Config.Digest == "" {
+		return "", fmt.Errorf("no config digest found in OCI manifest")
+	}
+
+	return ociManifest.Config.Digest, nil
+}
+
+// ReadDockerContainerdImageIDFromOCILayout reads an OCI layout, converts the manifest
 // to Docker V2 format, and returns the Docker manifest digest.
 //
-// This is the digest that Docker uses as the image ID after loading an OCI image
-// with `docker load`. The conversion involves:
+// This is the digest that Docker (with containerd storage) uses as the image ID
+// after `docker load`. The conversion involves:
 // 1. Reading the OCI index.json to find the manifest digest
 // 2. Reading the OCI manifest blob
 // 3. Converting media types from OCI to Docker format
 // 4. Computing the SHA256 digest of the resulting Docker manifest
 //
 // OCI Image Layout spec: https://github.com/opencontainers/image-spec/blob/main/image-layout.md
 // Docker V2 Schema 2 spec: https://docs.docker.com/registry/spec/manifest-v2-2/
-func ReadDockerManifestDigestFromOCILayout(ociLayoutDir string) (string, error) {
+func ReadDockerContainerdImageIDFromOCILayout(ociLayoutDir string) (string, error) {
 	// Read the OCI index to get the manifest digest
 	ociManifestDigest, err := ReadOCIManifestDigest(ociLayoutDir)
 	if err != nil {
@@ -206,10 +186,34 @@ func ReadDockerManifestDigestFromOCILayout(ociLayoutDir string) (string, error)
 	}
 
 	// Convert to Docker V2 manifest
-	dockerManifest := ConvertOCIManifestToDocker(&ociManifest)
+	dockerMfst := dockerManifest{
+		SchemaVersion: 2,
+		MediaType:     "application/vnd.docker.distribution.manifest.v2+json",
+		Config: dockerManifestDescriptor{
+			MediaType: convertOCIToDockerMediaType(ociManifest.Config.MediaType),
+			Digest:    ociManifest.Config.Digest,
+			Size:      ociManifest.Config.Size,
+		},
+		Layers: make([]dockerManifestDescriptor, len(ociManifest.Layers)),
+	}
+
+	for i, layer := range ociManifest.Layers {
+		dockerMfst.Layers[i] = dockerManifestDescriptor{
+			MediaType: convertOCIToDockerMediaType(layer.MediaType),
+			Digest:    layer.Digest,
+			Size:      layer.Size,
+		}
+	}
+
+	// Serialize to compact JSON (no whitespace) to match Docker's format
+	manifestJSON, err := json.Marshal(dockerMfst)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal Docker manifest: %v", err)
+	}
 
 	// Compute and return the Docker manifest digest
-	return ComputeDockerManifestDigest(dockerManifest)
+	hash := sha256.Sum256(manifestJSON)
+	return fmt.Sprintf("sha256:%x", hash), nil
 }
 
 // ReadConfigDigestFromManifestFile reads the config digest from a manifest JSON file.

docker_compose/private/merger/merger.go

@@ -20,6 +20,11 @@ func debugLog(format string, args ...interface{}) {
 	}
 }
 
+// normalizeLineEndings converts CRLF to LF for consistent output across platforms
+func normalizeLineEndings(data []byte) []byte {
+	return []byte(strings.ReplaceAll(string(data), "\r\n", "\n"))
+}
+
 type Args struct {
 	DockerCompose  string
 	Output         string
@@ -73,8 +78,8 @@ func parseArgs() (*Args, error) {
 	if len(files) == 0 {
 		return nil, fmt.Errorf("at least one -file flag is required")
 	}
-	if args.DigestMode != "oci" && args.DigestMode != "docker" {
-		return nil, fmt.Errorf("invalid -digest-mode: %s (must be 'oci' or 'docker')", args.DigestMode)
+	if args.DigestMode != "oci" && args.DigestMode != "docker-legacy" && args.DigestMode != "docker-containerd" {
+		return nil, fmt.Errorf("invalid -digest-mode: %s (must be 'oci', 'docker-legacy', or 'docker-containerd')", args.DigestMode)
 	}
 
 	args.Files = files
@@ -199,7 +204,10 @@ func readDigestFromManifestFile(manifestFile string) (string, error) {
 }
 
 // loadImageManifestsWithDigests loads image manifests and extracts digests
-// digestMode can be "oci" (uses manifest digest) or "docker" (uses Docker V2 manifest digest for docker load compatibility)
+// digestMode can be:
+// - "oci": uses OCI manifest digest (for OCI-compatible tools)
+// - "docker-legacy": uses config digest (for Docker without containerd storage)
+// - "docker-containerd": uses Docker V2 manifest digest (for Docker with containerd storage)
 func loadImageManifestsWithDigests(manifestPaths []string, digestMode string) (map[string]string, error) {
 	// Map of repository to digest
 	imageDigests := make(map[string]string)
@@ -237,22 +245,27 @@ func loadImageManifestsWithDigests(manifestPaths []string, digestMode string) (m
 
 		var dgst string
 		if manifest.OCILayoutDir != "" {
-			if digestMode == "docker" {
-				// Compute Docker V2 manifest digest for docker load compatibility
-				dgst, err = digest.ReadDockerManifestDigestFromOCILayout(manifest.OCILayoutDir)
-			} else {
-				// Use OCI manifest digest for OCI mode (default)
+			switch digestMode {
+			case "docker-legacy":
+				// Config digest for Docker without containerd storage
+				dgst, err = digest.ReadConfigDigestFromOCILayout(manifest.OCILayoutDir)
+			case "docker-containerd":
+				// Docker V2 manifest digest for Docker with containerd storage
+				dgst, err = digest.ReadDockerContainerdImageIDFromOCILayout(manifest.OCILayoutDir)
+			default: // "oci" or unspecified
+				// OCI manifest digest
 				dgst, err = digest.ReadOCIManifestDigest(manifest.OCILayoutDir)
 			}
 			if err != nil {
 				return nil, err
 			}
 		} else if manifest.ManifestFile != "" {
-			if digestMode == "docker" {
+			switch digestMode {
+			case "docker-legacy", "docker-containerd":
 				// Use config digest for docker load compatibility (rules_img)
 				dgst, err = digest.ReadConfigDigestFromManifestFile(manifest.ManifestFile)
-			} else {
-				// Use manifest digest for OCI mode (default)
+			default: // "oci" or unspecified
+				// Use manifest digest for OCI mode
 				dgst, err = readDigestFromManifestFile(manifest.ManifestFile)
 			}
 			if err != nil {
@@ -273,7 +286,7 @@ func loadImageManifestsWithDigests(manifestPaths []string, digestMode string) (m
 }
 
 // generateLockFileFromManifests generates a lock file by mapping images from docker-compose config to digests from image manifests
-// digestMode can be "oci" (uses manifest digest) or "docker" (uses Docker V2 manifest digest for docker load compatibility)
+// digestMode can be "oci", "docker", or "docker-desktop"
 func generateLockFileFromManifests(dockerCompose string, cmdArgs []string, manifestPaths []string, lockPath string, digestMode string) error {
 	// Get list of images from docker-compose config --images
 	imagesArgs := append(cmdArgs, "config", "--images")
@@ -332,8 +345,17 @@ func generateLockFileFromManifests(dockerCompose string, cmdArgs []string, manif
 		}
 	}
 
+	// Create lock file structure with mode and digests
+	lockFile := struct {
+		Mode    string            `json:"mode"`
+		Digests map[string]string `json:"digests"`
+	}{
+		Mode:    digestMode,
+		Digests: lockData,
+	}
+
 	// Write lock file as JSON
-	lockJSON, err := json.MarshalIndent(lockData, "", "  ")
+	lockJSON, err := json.MarshalIndent(lockFile, "", "  ")
 	if err != nil {
 		return fmt.Errorf("failed to marshal lock data: %v", err)
 	}
@@ -401,9 +423,16 @@ func main() {
 	// Generate lock file if requested
 	if args.OutputLock != "" {
 		if len(args.ImageManifests) == 0 {
-			// No images - create an empty lock file
+			// No images - create an empty lock file with mode
 			debugLog("No image manifests provided, creating empty lock file")
-			emptyLock := []byte("{}\n")
+			emptyLockData := struct {
+				Mode    string            `json:"mode"`
+				Digests map[string]string `json:"digests"`
+			}{
+				Mode:    args.DigestMode,
+				Digests: map[string]string{},
+			}
+			emptyLock, _ := json.MarshalIndent(emptyLockData, "", "  ")
 			if err := os.WriteFile(args.OutputLock, emptyLock, 0644); err != nil {
 				fmt.Fprintf(os.Stderr, "Error writing empty lock file: %v\n", err)
 				os.Exit(1)
@@ -482,7 +511,8 @@ func main() {
 		}
 	}
 
-	finalOutput := output
+	// Normalize line endings for consistent output across platforms (CRLF -> LF)
+	finalOutput := normalizeLineEndings(output)
 	debugLog("Final YAML size: %d bytes", len(finalOutput))
 
 	// Ensure output directory exists