From 43d74d808c1861e4085e381226a37114b195dc9e Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Wed, 31 Jan 2018 18:56:50 -0500
Subject: [PATCH] Add a script which explicitly detects for the presence of
 config.yaml in the built container, and fails if it is there

This will prevent any leakage of config.yaml's into the built image
---
 Dockerfile           | 2 ++
 detect-config.sh     | 8 ++++++++
 quay-base.dockerfile | 2 ++
 3 files changed, 12 insertions(+)
 create mode 100755 detect-config.sh

diff --git a/Dockerfile b/Dockerfile
index 35a423850..5471a28ed 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -55,4 +55,6 @@ RUN ln -s $QUAYCONF /conf
 #            /root/node_modules /node_modules /grunt
 RUN PYTHONPATH=$QUAYPATH venv/bin/alembic heads | grep -E '^[0-9a-f]+ \(head\)$' > ALEMBIC_HEAD
 
+RUN ./detect-config.sh
+
 CMD ./quay-entrypoint.sh
\ No newline at end of file
diff --git a/detect-config.sh b/detect-config.sh
new file mode 100755
index 000000000..f426396c0
--- /dev/null
+++ b/detect-config.sh
@@ -0,0 +1,8 @@
+if find . -name "config.yaml" -exec false {} +
+then
+  exit 0
+else
+  echo '!!! config.yaml found in container !!!'
+  find . -name "config.yaml"
+  exit -1
+fi
\ No newline at end of file
diff --git a/quay-base.dockerfile b/quay-base.dockerfile
index de13018ea..0adcf0874 100644
--- a/quay-base.dockerfile
+++ b/quay-base.dockerfile
@@ -98,4 +98,6 @@ RUN venv/bin/python -m external_libraries
 RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache
 VOLUME ["/var/log", "/datastorage", "/tmp"]
 
+ADD detect-config.sh .
+RUN ./detect-config.sh
 EXPOSE 443 8443 80