Nicolas De loof

Can you look into https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds#generating-build-provenance-for-binaries so this additional artifact gets provenance attestation and you can safely rely on this for an offline build ?

Can't you just rely on `go.mod` for this purpose? What's the challenge you have to address as a package manager?

both buildx and docker cli projects adopted a `vendor` folder inside repository, which we don't. This is a long debate, but compose maintainers don't consider this to be a good...

right, feel free to offer us a pull request for this purpose :)

What make you think this is related to Docker Compose ? Sounds like a Docker Desktop or vscode extension issue, compose is not involved here

first confirm you can run a docker container and/or a compose application from command line running `docker run ...` if not, your Docker desktop installation has some issue. Otherwise, this...

The common approach to this issue is to define tag by a variable, maybe using a default value or with `.env` file to declare a reasonable default value: ```yaml services:...

> Both ways are not practical, in my opinion. that's the compose way ¯\_(ツ)_/¯

that's why compose file variables support default value syntax `${VAR:-default}` so you don't need a value defined in your `.env` file to get a reasonable default being set (would typically...

Note: this require we re-implement [`WithServicesEnvironmentResolved`](https://github.com/compose-spec/compose-go/blob/main/types/project.go#L604) within `loadYamlModel` so that `env_file` get loaded before we merge the included model with the including one. This is obviously feasible but need to...