Make sure folks dont leak GITHUB_TOKENs into the image when using git dependencies

This commit is contained in:
David Heinemeier Hansson
2023-02-08 08:35:30 +01:00
parent bb18189b01
commit f99ff47f75

View File

@@ -257,6 +257,9 @@ COPY Gemfile Gemfile.lock ./
RUN --mount=type=secret,id=GITHUB_TOKEN \
BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
bundle install
# Remove git configs with exposed GITHUB_TOKEN
RUN find /usr/local/bundle/cache/bundler/git -name "config" -delete
```
### Using command arguments for Traefik