This addresses part 1 of ENG-8869.
Details
Details
- Docker build: docker build --build-arg HOST_GID=20 --build-arg HOST_UID=501 --build-arg COMM_JSONCONFIG_secrets_alchemy='{"key":"<secret>"}' --build-arg COMM_JSONCONFIG_secrets_walletconnect='{"key":"<secret>"}' --build-arg COMM_JSONCONFIG_secrets_neynar='{"key":"<secret>"}' --build-arg COMM_JSONCONFIG_secrets_geoip_license='{"key":"<secret>"}' --platform linux/arm64 -f keyserver/Dockerfile -t commapp/keyserver:sometag .
- Open the build: docker run -it commapp/keyserver:sometag bash
- Search for passwords via cd .. && (grep -R password_string . | grep -v node_modules)
Diff Detail
Diff Detail
- Repository
- rCOMM Comm
- Branch
- ashoat/dockerignore
- Lint
No Lint Coverage - Unit
No Test Coverage
Event Timeline
.dockerignore | ||
---|---|---|
46–49 ↗ | (On Diff #42589) | Should we consider excluding all *.env, *.env.*, *.tfstate, and *.tfvars files in the entire repo? Seems safer than excluding them piecemeal like this, but I'm not sure if there might be any unintended effects |
.dockerignore | ||
---|---|---|
46–49 ↗ | (On Diff #42589) | A problematic place might be CommTest CI, which builds docker images for each service and then uses Terraform to set up resources on localstack. |
.dockerignore | ||
---|---|---|
46–49 ↗ | (On Diff #42589) | Sounds like that would be easy to detect – I'll try it and we'll see if the CI fails |
Comment Actions
Looks like CommTest passes – would love to get another accept from either reviewer before landing, to confirm that this new strategy seems safe