podup 0.19.0

Translate and run docker-compose files on rootless Podman
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

# podup

[![CI](https://github.com/Glyndor/podup/actions/workflows/ci.yml/badge.svg)](https://github.com/Glyndor/podup/actions/workflows/ci.yml)
[![Release](https://github.com/Glyndor/podup/actions/workflows/release.yml/badge.svg)](https://github.com/Glyndor/podup/actions/workflows/release.yml)

**podup** runs your `docker-compose.yml` on rootless Podman โ€” a single static
binary, written in Rust, with no daemon and no Python runtime.

```mermaid
flowchart LR
	A["docker-compose.yml"] --> B["podup"]
	B -->|"parse ยท substitute ยท order"| C["Podman REST API"]
	C --> D["containers"]
	C --> E["networks"]
	C --> F["volumes"]
```

## โœจ Features

- ๐Ÿš€ **Drop-in workflow** โ€” `up`, `down`, `start`, `stop`, `ps`, `logs`, `exec`, `run`, `cp`, `build`, `pull`, `restart`, `rm`, `kill`, `pause`, `unpause`, `top`, `port`, `images`, `config`, `watch`
- ๐Ÿ”’ **Rootless by design** โ€” drives rootless Podman over its native libpod REST API
- ๐Ÿ“„ **Compose-spec parsing** โ€” YAML anchors, `extends`, `include`, profiles, `env_file`, variable substitution with modifiers
- ๐Ÿ” **Dependency-aware** โ€” `depends_on` ordering with `service_started`, `service_healthy`, and `service_completed_successfully` conditions
- ๐Ÿ”ข **Replicas** โ€” `scale:` and `deploy.replicas` with named replica containers
- ๐Ÿ” **Secrets & configs** โ€” inline content, file, and environment sources staged securely
- ๐Ÿ‘€ **Watch mode** โ€” sync, rebuild or restart services on file changes per `develop.watch` rules
- ๐Ÿ“ฆ **Single binary** โ€” statically musl-linked on Linux, no runtime dependencies
- ๐Ÿฆ€ **Library too** โ€” embed the parser and engine in your own Rust project

## ๐Ÿ“ฅ Install

Linux and macOS:

```bash
curl -fsSL https://glyndor.net/install/podup | bash
```

Windows (PowerShell):

```powershell
irm https://glyndor.net/install/podup.ps1 | iex
```

Binaries for Linux and macOS (x86_64 and arm64) plus Windows (x86_64 and
arm64), SHA-256 verified, with build provenance attestations. On macOS and
Windows, podup talks to the `podman machine` VM through its host-side socket or
named pipe. Both installers verify the Ed25519 signature over `SHA256SUMS` (or
the GitHub build-provenance attestation) and fail closed otherwise. Or build
from source:

```bash
cargo build --release
```

### Debian / Ubuntu (apt)

On amd64 Debian and Ubuntu, install from the Glyndor apt repository so updates
arrive through `apt upgrade`:

```bash
curl -fsSL https://glyndor.net/install/podup | bash -s -- --apt
```

This installs the `glyndor-archive-keyring` package (registering the signed
repository at `https://apt.glyndor.net`) and then `podup`. Because the signing
key ships as a package, key renewals are picked up automatically by `apt
upgrade`; the apt build omits self-update, since apt owns upgrades. To set it up
by hand:

```bash
curl -fsSLO https://apt.glyndor.net/glyndor-archive-keyring.deb
sudo dpkg -i glyndor-archive-keyring.deb
sudo apt update && sudo apt install podup
```

### Updating

```bash
podup update            # download and install the latest signed release
podup update --check    # report whether a newer release exists, install nothing
```

`podup update` replaces the running binary in place, but only after verifying
the release's Ed25519 signature against the public key embedded in your build
and matching its SHA-256 checksum. It fails closed: a bad signature, missing
key, or checksum mismatch aborts before the installed binary is touched. See
[docs/self-update.md](docs/self-update.md) for the trust model. Installing into
a system directory (e.g. `/usr/local/bin`) needs elevation โ€” re-run with `sudo`.

## ๐Ÿš€ Quick start

```bash
podup up --detach                      # docker-compose.yml in the current directory
podup -f stack.yml -p myapp up -d      # explicit file and project name
podup ps                               # list project containers
podup logs api --follow                # follow one service's logs
podup down --volumes                   # tear down, removing named volumes
podup generate quadlet -o ~/.config/containers/systemd  # emit systemd Quadlet units
```

## โš–๏ธ vs. alternatives

|  | podup | docker-compose | podman-compose (Python) |
|---|---|---|---|
| Engine | rootless Podman | Docker daemon | Podman |
| Runtime | single static binary | Go binary + Docker daemon | Python + pip packages |
| Root required | no | typically yes (daemon) | no |
| Implementation | Rust | Go | Python |

## ๐Ÿฆ€ Library usage

```rust
use podup::{parse_file, podman, Engine};

#[tokio::main]
async fn main() -> podup::Result<()> {
	let file = parse_file(std::path::Path::new("docker-compose.yml"))?;
	let client = podman::connect(None)?;
	let engine = Engine::new(client, "myproject".to_string());
	engine.up(&file).await?;
	Ok(())
}
```

```toml
[dependencies]
podup = { git = "https://github.com/Glyndor/podup", tag = "v0.19.0" }
```

## ๐Ÿ“– Docs

- [Command reference](docs/commands.md) โ€” every subcommand, its options, and what it does
- [Migrating from Docker Compose](docs/docker-migration.md) โ€” compatibility guide, rootless differences, deprecated fields
- [Self-update](docs/self-update.md) โ€” the `podup update` trust model and verification flow
- [Debian packaging](docs/debian-packaging.md) โ€” building and distributing a `.deb`

## Contributing & security

See the org-wide [contributing guide](https://github.com/Glyndor/.github/blob/main/CONTRIBUTING.md).
Report vulnerabilities privately via the Security tab โ€” never in a public issue.

## License

[Apache-2.0](LICENSE)