Documentation

Getting Started

Runtime-offline desired-state analysis for Argo CD GitOps repositories.

Use drydock when you want to inspect Argo CD desired state from repository contents before a controller sees it. The default commands do not call a live Argo CD server or Kubernetes cluster, and use native renderers for the common directory, Kustomize, Helm, and Jsonnet paths.

Install

Install the latest Linux/macOS release with Homebrew:

brew install sholdee/tap/drydock

Homebrew installs shell completions automatically.

For GitOps repository and CI pinning, use mise with the GitHub backend:

[tools]
"github:sholdee/drydock[exe=drydock]" = "vX.Y.Z"

Install Script

curl -fsSL https://raw.githubusercontent.com/sholdee/drydock/main/scripts/install-drydock.sh -o install-drydock.sh
bash install-drydock.sh --yes

The script verifies release checksums, verifies Sigstore bundles when available, installs the drydock binary, and attempts shell completion installation. Pin a release with --version vX.Y.Z.

Pipe form:

curl -fsSL https://raw.githubusercontent.com/sholdee/drydock/main/scripts/install-drydock.sh | bash -s -- --yes

Pinned pipe form:

curl -fsSL https://raw.githubusercontent.com/sholdee/drydock/main/scripts/install-drydock.sh | bash -s -- --version vX.Y.Z --yes

Use --no-completions when completions should be installed manually.

GitHub Actions

Use setup-action when your workflow owns the drydock commands:

- uses: sholdee/drydock/setup-action@main
  with:
    version: vX.Y.Z

Use pr-action for the standard pull request render test, manifest diff, image diff, artifacts, cache, and comment workflow. See GitHub Actions for inputs and permissions.

Download A Binary

Download Linux and macOS amd64 or arm64 archives from GitHub Releases . Verify the archive with checksums.txt, then place drydock on PATH.

Docker / GHCR

docker run --rm -v "$PWD:/workspace:ro" ghcr.io/sholdee/drydock:vX.Y.Z test apps --path /workspace

Go Install

go install github.com/sholdee/drydock/cmd/drydock@latest

Manual binary installs can generate completions with:

drydock completion zsh
drydock completion bash
drydock completion fish

First Commands

Run these from the GitOps repository you want to inspect:

drydock get apps --path .
drydock test apps --path .

Start with drydock get apps --path . to confirm which Applications drydock discovers. Then run drydock test apps --path . to render them without printing manifest bodies and surface warnings or errors.

If you are setting this up for CI, go to GitHub Actions next.

Compare Changes

Compare the current tree against a baseline worktree:

git worktree add ../baseline main
drydock diff apps --path . --path-orig ../baseline
drydock diff images --path . --path-orig ../baseline

Or compare local Git refs without creating a second checkout:

drydock diff apps --repo . --ref HEAD --ref-orig main
drydock diff images --repo . --ref HEAD --ref-orig main

Default diff output is intended for terminal review and uses TTY-appropriate color and syntax highlighting when available. Use markdown output for pull request comments.

Runtime Offline Does Not Mean Source Offline

drydock is runtime-offline: it does not depend on live Kubernetes or Argo CD. Declared Git, HTTP Helm, OCI Helm, and remote Kustomize sources may still be fetched into explicit caches during render commands.

Use --offline when a run must use only local files, repo maps, and existing cache entries:

drydock test apps --path . --offline
drydock diff apps --path . --path-orig ../baseline --offline

For full command coverage, see the CLI usage guide . For source fetching, cache, and auth details, see Source acquisition .