Make sure folks dont leak GITHUB_TOKENs into the image when using git dependencies

2023-02-08 08:35:30 +01:00
parent bb18189b01
commit f99ff47f75
1 changed files with 3 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -257,6 +257,9 @@ COPY Gemfile Gemfile.lock ./
 RUN --mount=type=secret,id=GITHUB_TOKEN \
  BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
  bundle install
+
+# Remove git configs with exposed GITHUB_TOKEN
+RUN find /usr/local/bundle/cache/bundler/git -name "config" -delete
 ```

 ### Using command arguments for Traefik