Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
In #8908, we updated the Docker Compose publish path to use the existing configs feature to provide an analog to the runtime behavior for ContainerFileSystemCallbackAnnotation. However, while compose allows us to set ownership and permission settings for all configs references in a service, it only honors those settings when providing the file content inline (as internally it uses docker cp like we do at runtime). With existing file references, compose uses volume mounts to inject the files and doesn't apply permissions (the file is added to the container, but with default ownership/mode settings).
One potential workaround would be to convert all text based ContainerFileSystemCallbackAnnotation to inline by reading the file contents, but this could cause the compose file to grow very large and wouldn't be a viable option for binary files.
Expected Behavior
No response
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version info
No response
Anything else?
No response