[feature request] Have a way to patch workload/service

[mathieu-benoit]

I have this use case where I want to inject "security context" for each workload / service in my generated compose.yaml file.

Today, I need to manually do that:

cat <<EOF > compose.override.yaml
services:
  ${WORKLOAD_NAME}-${CONTAINER_NAME}:
    read_only: true
    cap_drop:
      - ALL
    user: "1000"
EOF

But when I have multiple workloads or containers, this is a bit painful.

A post-processing yq command may be able to help too, but same approach, not user friendly.

Do we have an opportunity to introduce a new provisioner type (or something else) in order to patch a workload or a service directly in score-compose generate?