fix(docker): ignore changes outside repo (#1170)

Co-authored-by: Kim Oliver Drechsel <kim@drechsel.xyz>

docs: add documentation for service labels to control service recreat…

…ion on config, secret, or bind mount changes

test: update test file

fix(filesystem): improve path traversal detection checks (#1152)

* fix(filesystem): improve path traversal detection by centralizing trusted root checks

* fix(filesystem): remove duplicate code

* fix(filesystem): return absPath on path traversal error for improved error handling

* refactor(filesystem): rename InTrustedRoot to InBasePath for clarity and update references

fix(decryption): prevent path traversal when decrypting files in bind…

… mount directories (#1150)

refactor(git): pass custom env vars for variable interpolation direct…

…ly (#1141)

* refactor(git): remove temporary dotenv file creation and cleanup logic from deployment flow

* refactor(utils): remove CreateTmpDotEnvFile function and related logic

* fix(deploy): ensure internal environment map is initialized before setting resolved secrets

* fix(init): ensure remote repository is fetched before loading remote dotenv files and update dotenv loading logic

fix(docker): fix change detect error (#1137)

* fix(docker): fix change detect error

#1132

* chore: golangci-lint fix

* fix(docker): fix path check logical error

* chore(docker): add test not deps git repo & fix error check path affected

* chore: dockerignore ignore docs test git and bin

* chore: golangci-lint fix

* test(docker): add more test case for checkPathAffected

* fix(docker): test setAgeKey

* fix(docker): t.Parallel not use with setenv

* fix(compose): resolve variable shadowing in volume change detection loop

---------

Co-authored-by: Kim Oliver Drechsel <kim@drechsel.xyz>
Co-authored-by: Kim Oliver Drechsel <kimoliver.drechsel@adorsys.com>

fix(compose): decrypt project files before loading compose project (#…

…1133)

* fix(compose): decrypt project files before loading compose project

- Add logic to decrypt all relevant files (configs, secrets, bind mounts, env files, build contexts) in the compose project if SOPS key is set
- Cache SOPS key presence check for efficiency
- Add DecryptFileInPlace utility to decrypt and overwrite encrypted files
- Ensure files are decrypted before loading compose project and during pre-deploy stage

* fix(decrypt): enforce absolute paths and sanitize file paths before decryption

* fix(decrypt): include working directory when resolving project file paths for decryption

* fix(compose): move project file decryption to pre-deploy stage and update decryption logic to use working directory

* fix(decrypt): centralize SOPS key check in DecryptFile and simplify project file decryption logic

fix(compose): ignore compose labels in project hash and prevent share…

…d state in GetLatestServiceLabels (#1126)

* fix(project): remove compose-specific labels instead of emptying values for hash calculation

* fix(labels): move local variables inside GetLatestServiceLabels to prevent shared state

#1055 (comment)

fix(compose): improve project hash stability and error handling (#1123)

Refactor ProjectHash to use a deep copy via reflection instead of JSON round-trip, ensuring pointer fields are handled correctly and avoiding modification of the original struct. Update function to return errors on failure, propagate errors to callers, and update all usages to handle errors accordingly. This improves reliability of change detection and prevents silent failures.