From 5171059dd1ad0388edef2c5d518fbe9bd9681629 Mon Sep 17 00:00:00 2001
From: Micha <michideheld@gmx.de>
Date: Wed, 17 Jun 2026 22:33:15 +0200
Subject: [PATCH] Ignore profiled services in runtime drift check

---
 services/posture-check/compose-runtime-drift.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/posture-check/compose-runtime-drift.sh b/services/posture-check/compose-runtime-drift.sh
index 39a5a2f..c4b31d5 100755
--- a/services/posture-check/compose-runtime-drift.sh
+++ b/services/posture-check/compose-runtime-drift.sh
@@ -30,7 +30,7 @@ parse_compose() {
       return value
     }
     function emit() {
-      if (service && image) {
+      if (service && image && !has_profile) {
         print clean(container) "\t" clean(image)
       }
     }
@@ -40,6 +40,7 @@ parse_compose() {
       sub(/:$/, "", service)
       image=""
       container=service
+      has_profile=0
       next
     }
     service && /^    image:/ {
@@ -52,6 +53,10 @@ parse_compose() {
       sub(/^[[:space:]]*container_name:[[:space:]]*/, "", container)
       next
     }
+    service && /^    profiles:/ {
+      has_profile=1
+      next
+    }
     END { emit() }
   ' "$compose"
 }