Bug when merging when TCP and UDP on the same published port

[mpcref]

Description

When merging multiple stack Compose files where one defines a service exposing TCP and UDP on the same published port (e.g., 443), the resulting merged configuration silently drops the first port entry. Even if the override doesn't specify ports. The only work-around I've found is to change the merge order but that's only a viable solution if you're not relying on overriding other values.

This violates the expected behavior where the ports array should remain unchanged if not explicitly overridden.

Reproduce

Given the following files:

# compose.yaml
services:
  web:
    image: caddy
    ports:
      - "80:80"
      - "443:443" # adding /tcp here makes no difference
      - "443:443/udp"

# compose.override.yaml
services:
  web:
    environment:
      FOO: bar

Running the following command:

docker stack config -c compose.yaml -c compose.override.yaml

Returns the following:

version: "3.13"
services:
  web:
    environment:
      FOO: bar
    image: caddy
    ports:
      - mode: ingress
        target: 80
        published: 80
        protocol: tcp
      - mode: ingress
        target: 443
        published: 443
        protocol: udp

Note that the 443 tcp entry is now gone.
The same is true when using long syntax.
Reversing the merge order leaves the ports array intact:

docker stack config -c compose.override.yaml -c compose.yaml

Returns the following:

version: "3.13"
services:
  web:
    environment:
      FOO: bar
    image: caddy
    ports:
      - mode: ingress
        target: 80
        published: 80
        protocol: tcp
      - mode: ingress
        target: 443
        published: 443
        protocol: tcp
      - mode: ingress
        target: 443
        published: 443
        protocol: udp

I've found that merging on a service that uses the same port for both tcp and udp only work as expected if the ports array is only defined in the last file.

Expected behavior

I expect the resulting ports array to be the same (untouched) in the examples above.

docker version

Client: Docker Engine - Community
 Version:           28.0.0
 API version:       1.48
 Go version:        go1.24.0
 Git commit:        f9ced58158
 Built:             Wed Feb 19 22:05:47 2025
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.43.2 (199162)
 Engine:
  Version:          28.3.2
  API version:      1.51 (minimum version 1.24)
  Go version:       go1.24.5
  Git commit:       e77ff99
  Built:            Wed Jul  9 16:13:56 2025
  OS/Arch:          linux/arm64
  Experimental:     true
 containerd:
  Version:          1.7.27
  GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
 runc:
  Version:          1.2.5
  GitCommit:        v1.2.5-0-g59923ef
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    28.0.0
 Context:    desktop-linux
 Debug Mode: false

Additional Info

No response

[Neirda24]

Hey. Same issue. Did you find a proper solution @mpcref ?
For information here are my informations :

$ docker version
Client: Docker Engine - Community
 Version:           28.5.1
 API version:       1.51
 Go version:        go1.24.8
 Git commit:        e180ab8
 Built:             Wed Oct  8 12:17:24 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.5.1
  API version:      1.51 (minimum version 1.24)
  Go version:       go1.24.8
  Git commit:       f8215cc
  Built:            Wed Oct  8 12:17:24 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.2.0
  GitCommit:        1c4457e00facac03ce1d75f7b6777a7a851e5c41
 runc:
  Version:          1.3.4
  GitCommit:        v1.3.4-0-gd6d73eb8
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

$ docker info
Client: Docker Engine - Community
 Version:    28.5.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.30.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v5.0.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

[mpcref]

@Neirda24

The only work-around I've found is to change the merge order but that's only a viable solution if you're not relying on overriding other values.

[Neirda24]

Hi @thaJeztah sorry to ping you like this but this bug seems rather important. It does not merge configurations thus not allowing both udp and tcp on the same port. Would you have an idea if we did something wrong or if this indeed a bug ? How can I help ?

[mpcref]

Same problem was mentioned here #2407
And a fix is underway #6799