Add a script which explicitly detects for the presence of config.yaml in the built container, and fails if it is there
This will prevent any leakage of config.yaml's into the built image
This commit is contained in:
Joseph Schorr
parent
bc8e8f60e7
commit
43d74d808c
3 changed files with 12 additions and 0 deletions
|
|
@ -55,4 +55,6 @@ RUN ln -s $QUAYCONF /conf
|
||||||
# /root/node_modules /node_modules /grunt
|
# /root/node_modules /node_modules /grunt
|
||||||
RUN PYTHONPATH=$QUAYPATH venv/bin/alembic heads | grep -E '^[0-9a-f]+ \(head\)$' > ALEMBIC_HEAD
|
RUN PYTHONPATH=$QUAYPATH venv/bin/alembic heads | grep -E '^[0-9a-f]+ \(head\)$' > ALEMBIC_HEAD
|
||||||
|
|
||||||
|
RUN ./detect-config.sh
|
||||||
|
|
||||||
CMD ./quay-entrypoint.sh
|
CMD ./quay-entrypoint.sh
|
||||||
8
detect-config.sh
Executable file
8
detect-config.sh
Executable file
|
|
@ -0,0 +1,8 @@
|
||||||
|
if find . -name "config.yaml" -exec false {} +
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo '!!! config.yaml found in container !!!'
|
||||||
|
find . -name "config.yaml"
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
|
@ -98,4 +98,6 @@ RUN venv/bin/python -m external_libraries
|
||||||
RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache
|
RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache
|
||||||
VOLUME ["/var/log", "/datastorage", "/tmp"]
|
VOLUME ["/var/log", "/datastorage", "/tmp"]
|
||||||
|
|
||||||
|
ADD detect-config.sh .
|
||||||
|
RUN ./detect-config.sh
|
||||||
EXPOSE 443 8443 80
|
EXPOSE 443 8443 80
|
||||||
|
|
|
||||||
Reference in a new issue