So I found that to get it to respect the trustServerCerticate param in the url you have to set it as an environment variable. Note that this isn’t a solution for other environments where I need it to respect the certificate chain but at least this gets me working locally. I think this is definitely a bug btw.
services:
mssql-db:
container_name: mssql-base-image
image: mcr.microsoft.com/mssql/server:latest
networks:
- dbnet
ports:
- "1433:1433"
environment:
- ACCEPT_EULA=Y
- MSSQL_SA_PASSWORD=Password!
db-update-mssql:
container_name: update-mssql
image: liquibase/liquibase:latest
networks:
- dbnet
depends_on:
mssql-db:
condition: service_started
environment:
# have to put the url here as an env variable otherwise trustServerCertificate isn't read if --url used directly in command below
- LIQUIBASE_COMMAND_URL=jdbc:sqlserver://mssql-db:1433;encrypt=true;trustServerCertificate=true;user=sa;password=Password!;
- LIQUIBASE_COMMAND_CHANGELOG_FILE=master-changelog.xml
- LIQUIBASE_LOG_LEVEL=FINE
volumes:
- C:\[some path]liquibase\changelog:/liquibase/changelog
command: update
networks:
dbnet:
ipam:
driver: default