// the find
kimdre/doco-cd
Docker Compose Continuous Deployment
doco-cd is a GitOps CD tool for Docker Compose and Swarm that watches your Git repos (or OCI artifacts) and redeploys stacks when you push. It sits in the gap between 'I have a VPS and a compose file' and 'I need full Kubernetes' — a niche that Portainer fills with a GUI and ArgoCD fills with enormous complexity.
Distroless image in Go means it's genuinely tiny and you can drop it on a $5 VPS without noticing it's there. The external secrets breadth is impressive — 1Password, AWS Secrets Manager, Bitwarden, Infisical, OpenBao, and a generic webhook provider all in one tool. SOPS integration for encrypted compose files in Git is the right call for this use case. The staged deployment pipeline (init → pre-deploy → deploy → post-deploy → cleanup) with Prometheus metrics and notifications is production-ready thinking, not just a shell script wrapper.
52 forks for 1566 stars is a low contribution ratio — this is effectively a solo-maintainer project, which matters when you're handing it your deployment pipeline. Swarm mode is a second-class citizen; Docker Swarm is already in managed decline and investing in that path carries real risk. No built-in rollback: if the new compose file breaks your stack, you're on your own to revert Git and re-trigger. The webhook security model depends entirely on correctly configuring HMAC secrets per provider — there's no mention of IP allowlisting or additional auth layers, so a misconfigured webhook listener is internet-exposed.