check-docker-compose-config
Docker Compose Configuration Checker
Analyze Docker Compose files for configuration issues in PHP application stacks.
Detection Patterns
1. Missing Health Checks
# BAD: No healthcheck section for service
# GOOD: Health check present
services:
php-fpm:
healthcheck:
test: ["CMD-SHELL", "php-fpm-healthcheck || exit 1"]
interval: 10s
timeout: 3s
retries: 3
2. depends_on Without Condition
# BAD: No health condition (race condition on startup)
services:
app:
depends_on:
- mysql
# GOOD: Health condition enforced
services:
app:
depends_on:
mysql:
condition: service_healthy
3. Hardcoded Passwords
# BAD: Credentials in plain text
services:
mysql:
environment:
MYSQL_ROOT_PASSWORD: secret123
# GOOD: Using .env file reference
services:
mysql:
env_file: [.env]
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
4. No Resource Limits
# GOOD: Resource limits defined
services:
php-fpm:
deploy:
resources:
limits:
cpus: "1.0"
memory: 512M
5. No Restart Policy
# GOOD: Restart policy defined
services:
app:
restart: unless-stopped
6. Deprecated version Field
# BAD: Deprecated in Compose V2+
version: "3.8"
services:
app:
image: my-app
7. Missing Networks Definition
# GOOD: Explicit network isolation
services:
app:
networks: [frontend, backend]
mysql:
networks: [backend]
networks:
frontend:
backend:
internal: true
8. Volume Permission Issues
# GOOD: User mapping to avoid permission issues
services:
php-fpm:
user: "${UID:-1000}:${GID:-1000}"
volumes:
- ./src:/var/www/html
9. Port Conflicts
# BAD: Binding to all interfaces — ports: ["80:80"]
# GOOD: Specific host binding — ports: ["127.0.0.1:8080:80"]
10. Missing .env File Reference
# GOOD: Explicit env_file with variable interpolation
services:
app:
env_file: [.env]
Grep Patterns
# Hardcoded passwords
Grep: "PASSWORD.*:.*['\"]?[a-zA-Z0-9]" --glob "**/docker-compose*.yml"
# depends_on without condition
Grep: "depends_on:" --glob "**/docker-compose*.yml"
# Deprecated version field
Grep: "^version:" --glob "**/docker-compose*.yml"
# Port bindings
Grep: "ports:" --glob "**/docker-compose*.yml"
Severity Classification
| Pattern | Severity | Impact |
|---|---|---|
| Hardcoded credentials | Critical | Security breach risk |
| No health checks | Major | Unreliable dependencies |
| depends_on without condition | Major | Race conditions on startup |
| No resource limits | Major | OOM kills, resource exhaustion |
| Port conflicts | Major | Service startup failure |
| Missing networks | Minor | No network isolation |
| Deprecated version field | Minor | Compatibility warning |
| No restart policy | Minor | Manual recovery needed |
| Volume permissions | Minor | File access errors |
| Missing .env reference | Minor | Undefined variable risk |
Output Format
### Compose Issue: [Description]
**Severity:** Critical/Major/Minor
**File:** `docker-compose.yml:line`
**Issue:** [Description of the problem]
**Fix:** [Corrected configuration snippet]
**Impact:** [What could happen if not fixed]
More from dykyi-roman/awesome-claude-code
psr-overview-knowledge
PHP Standards Recommendations (PSR) overview knowledge base. Provides comprehensive reference for all accepted PSRs including PSR-1,3,4,6,7,11,12,13,14,15,16,17,18,20. Use for PSR selection decisions and compliance audits.
22detect-code-smells
Detects code smells in PHP codebases. Identifies God Class, Feature Envy, Data Clumps, Long Parameter List, Long Method, Primitive Obsession, Message Chains, Inappropriate Intimacy. Generates actionable reports with refactoring recommendations.
15clean-arch-knowledge
Clean Architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Clean Architecture and Hexagonal Architecture audits.
15ddd-knowledge
DDD architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Domain-Driven Design audits.
14testing-knowledge
Testing knowledge base for PHP 8.4 projects. Provides testing pyramid, AAA pattern, naming conventions, isolation principles, DDD testing guidelines, and PHPUnit patterns.
12bug-root-cause-finder
Root cause analysis methods for PHP bugs. Provides 5 Whys technique, fault tree analysis, git bisect guidance, and stack trace parsing.
12