Address PR feedback: handle optional env files when present

- Process optional env files if they exist on disk (instead of skipping all)
- Improve error message to mention "required env_file" for clarity
- Add test coverage for optional env files that exist
- Fix linting issues

Signed-off-by: Maks Kozlov <[email protected]>
Signed-off-by: maks2134 <[email protected]>

Author: maks2134

pkg/compose/publish.go

@@ -252,7 +252,9 @@ func processFile(ctx context.Context, file string, project *types.Project, extFi
 	for name, service := range base.Services {
 		for i, envFile := range service.EnvFiles {
 			if !envFile.Required {
-				continue
+				if _, err := os.Stat(envFile.Path); os.IsNotExist(err) {
+					continue
+				}
 			}
 			hash := fmt.Sprintf("%x.env", sha256.Sum256([]byte(envFile.Path)))
 			envFiles[envFile.Path] = hash
@@ -356,7 +358,7 @@ func (s *composeService) checkEnvironmentVariables(project *types.Project, optio
 	for _, service := range project.Services {
 		for _, envFile := range service.EnvFiles {
 			if envFile.Required {
-				errorList[service.Name] = append(errorList[service.Name], fmt.Sprintf("service %q has env_file declared.", service.Name))
+				errorList[service.Name] = append(errorList[service.Name], fmt.Sprintf("service %q has required env_file declared.", service.Name))
 				break
 			}
 		}
@@ -444,8 +446,11 @@ func (s *composeService) checkForSensitiveData(project *types.Project) ([]secret
 	for _, service := range project.Services {
 		// Check env files
 		for _, envFile := range service.EnvFiles {
+			// Skip optional env files that don't exist
 			if !envFile.Required {
-				continue
+				if _, err := os.Stat(envFile.Path); os.IsNotExist(err) {
+					continue
+				}
 			}
 			findings, err := scan.ScanFile(envFile.Path)
 			if err != nil {

pkg/compose/publish_test.go

@@ -121,15 +121,21 @@ func Test_createLayers_withRequiredFalse(t *testing.T) {
 	})
 	assert.NilError(t, err)
 
-	assert.Equal(t, len(layers), 2)
+	assert.Equal(t, len(layers), 3)
 
 	assert.Equal(t, layers[0].Annotations["com.docker.compose.file"], "compose-required-false.yaml")
 
 	assert.Equal(t, layers[1].MediaType, "application/vnd.docker.compose.envfile")
+	assert.Equal(t, layers[2].MediaType, "application/vnd.docker.compose.envfile")
 
-	envFileHash := layers[1].Annotations["com.docker.compose.envfile"]
-	assert.Assert(t, len(envFileHash) > 0)
-	assert.Assert(t, envFileHash != "missing.env")
+	envFileHashes := []string{
+		layers[1].Annotations["com.docker.compose.envfile"],
+		layers[2].Annotations["com.docker.compose.envfile"],
+	}
+	assert.Assert(t, envFileHashes[0] != "")
+	assert.Assert(t, envFileHashes[1] != "")
+	assert.Assert(t, envFileHashes[0] != "missing.env")
+	assert.Assert(t, envFileHashes[1] != "missing.env")
 }
 
 func Test_checkEnvironmentVariables_withRequiredFalse(t *testing.T) {
@@ -143,7 +149,7 @@ func Test_checkEnvironmentVariables_withRequiredFalse(t *testing.T) {
 						Required: false,
 					},
 					{
-						Path:     "existing.env", 
+						Path:     "existing.env",
 						Required: true,
 					},
 				},
@@ -164,6 +170,6 @@ func Test_checkEnvironmentVariables_withRequiredFalse(t *testing.T) {
 
 	err := service.checkEnvironmentVariables(project, api.PublishOptions{})
 	assert.Assert(t, err != nil)
-	assert.Assert(t, strings.Contains(err.Error(), `service "test" has env_file declared.`))
+	assert.Assert(t, strings.Contains(err.Error(), `service "test" has required env_file declared.`))
 	assert.Assert(t, !strings.Contains(err.Error(), `service "test2"`))
 }

pkg/compose/testdata/publish/compose-required-false.yaml

@@ -5,5 +5,7 @@ services:
     env_file:
       - path: missing.env
         required: false
+      - path: optional.env
+        required: false
       - path: existing.env
         required: true

pkg/compose/testdata/publish/optional.env

@@ -0,0 +1 @@
+OPTIONAL_VAR=value