finds.dev← search

// the find

kimdre/doco-cd

★ 1,566 · Go · Apache-2.0 · updated Jul 2026

Docker Compose Continuous Deployment

doco-cd is a GitOps CD tool for Docker Compose and Swarm that watches your Git repos (or OCI artifacts) and redeploys stacks when you push. It sits in the gap between 'I have a VPS and a compose file' and 'I need full Kubernetes' — a niche that Portainer fills with a GUI and ArgoCD fills with enormous complexity.

Distroless image in Go means it's genuinely tiny and you can drop it on a $5 VPS without noticing it's there. The external secrets breadth is impressive — 1Password, AWS Secrets Manager, Bitwarden, Infisical, OpenBao, and a generic webhook provider all in one tool. SOPS integration for encrypted compose files in Git is the right call for this use case. The staged deployment pipeline (init → pre-deploy → deploy → post-deploy → cleanup) with Prometheus metrics and notifications is production-ready thinking, not just a shell script wrapper.

52 forks for 1566 stars is a low contribution ratio — this is effectively a solo-maintainer project, which matters when you're handing it your deployment pipeline. Swarm mode is a second-class citizen; Docker Swarm is already in managed decline and investing in that path carries real risk. No built-in rollback: if the new compose file breaks your stack, you're on your own to revert Git and re-trigger. The webhook security model depends entirely on correctly configuring HMAC secrets per provider — there's no mention of IP allowlisting or additional auth layers, so a misconfigured webhook listener is internet-exposed.

View on GitHub → Homepage ↗

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →