Allowing multiple Fides containers in Docker

[galvana]

Description Of Changes

Allows multiple Fides servers to start in Docker. Generates unique image/container names and uses unallocated ports.

Steps to Confirm

1. Run nox -s dev in one repo, verify the server starts
2. Run nox -s dev in another Fides repo, verify the second server starts as well

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Feb 7, 2026 2:46am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		Feb 7, 2026 2:46am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR enables running multiple Fides development servers simultaneously by implementing dynamic port allocation and unique container naming based on git branch names. When port 8080 is already in use by a Fides container, the system automatically generates alternate ports using a hash of the branch name and appends branch-based suffixes to container and image names.

Key Changes:

• Modified docker-compose.yml to use environment variables for all port mappings and container names
• Added port conflict detection in dev_nox.py that checks if default ports are in use
• Implemented branch-based hashing to generate alternate port ranges (9000-13900)
• Dynamic image tagging with branch name suffixes to avoid image conflicts

Issues Found:

• Mid-function os import violates Python import conventions
• Container name detection checks static "fides" name, won't detect secondary instances with suffixes
• Port collision risk: limited to 50 base port ranges, multiple branches could hash to same ports
• Race condition between port availability check and container startup

Confidence Score: 3/5

• This PR has moderate risk due to port collision logic issues and race conditions that could cause conflicts in multi-developer scenarios
• The implementation successfully addresses the core requirement of running multiple instances, but has several logical flaws: (1) the container detection won't find secondary instances because it checks for static names, (2) the port hashing has collision risk with only 50 possible ranges, (3) race conditions exist between checking ports and binding them, and (4) a Python import style violation. These issues could cause unexpected failures when multiple developers try to run concurrent instances.
• Pay close attention to noxfiles/dev_nox.py, particularly the port allocation and conflict detection logic

Important Files Changed

Filename	Overview
docker-compose.yml	Added environment variable support for dynamic port mapping and container naming
noxfiles/dev_nox.py	Implemented port conflict detection and dynamic port allocation for multiple concurrent instances
noxfiles/docker_nox.py	Modified build function to support dynamic image suffix for unique image tags

[greptile-apps]

_{3 files reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Check if container name should be fides${CONTAINER_SUFFIX:-} to match the dynamic naming in docker-compose.yml. Currently checking for static name "fides" which won't detect secondary instances running with suffixes.

[galvana]

This check is intentionally looking for the primary container name. The logic flow is:

1. If port 8080 is NOT in use → use defaults
2. If port 8080 IS in use AND it's a fides/fidesplus container → use alternate ports
3. If port 8080 IS in use by something else → error

Secondary instances use alternate ports (not 8080), so they wouldn't trigger this code path in the first place. The purpose of this check is to verify whether the port 8080 conflict is caused by a Fides instance (so we can safely use alternate ports) vs some other application (which should error). Checking for the static "fides" name (the primary container) is correct here.

[greptile-apps]

The os import is placed in the middle of a function rather than at the top of the module. Move this import to the top of the file with the other imports.

Suggested change

	import os
	if image_suffix:
	os.environ["IMAGE_SUFFIX"] = image_suffix
	# Check for port conflicts with existing fides instances BEFORE building
	ports, container_suffix, image_suffix = check_for_conflicts(session)
	# Set IMAGE_SUFFIX env var for the build process
	if image_suffix:

Then add import os at the top of the file (around line 6).

Context Used: Rule from dashboard - Python imports should always be placed at the top of the file, not near the code that uses them. (source)

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[greptile-apps]

Port collision risk: if two different branches hash to the same base port range (hash_val % 50), they'll use identical ports and conflict. The modulo operation limits to 50 possible base values (9000-13900), which means collisions are likely with many branches.

[galvana]

This is technically correct, but not a practical concern for this use case. This is a local development tool where developers typically run 2-3 instances at most. With 50 possible port ranges, the probability of collision for a small number of branches is very low.

That said, a potential improvement would be to verify the calculated alternate ports are actually available before using them, rather than assuming they will be free.

[greptile-apps]

Race condition: between checking is_port_in_use() and actually starting containers, another process could bind to the port. Consider checking all required ports (api, db, redis, ui, pc) are available, not just the API port.

[galvana]

The race condition concern is theoretical - the window is milliseconds, and if Docker can't bind the port, it will error with a clear message. This is acceptable for a dev tool.

However, the suggestion to check all ports (not just API) has merit. If DB (5432) or Redis (6379) are in use by something else, those conflicts wouldn't be detected currently. This could be a future improvement, but isn't blocking for this PR.

[thabofletcher]

It works for me, but I did run into the race condition where they still both tried the same port from starting at the same time. I dont think its a typical use case for this though. Greptile needs to know an improvement when it sees one, considering running nox -s dev twice before wasn't even possible! Perfect is the enemy of the good @greptileai 😂