From 6ba2c44e43f3a9cda888ad95112c69608a002357 Mon Sep 17 00:00:00 2001 From: Rob Hudson Date: Mon, 10 Mar 2025 14:00:21 -0700 Subject: [PATCH 1/2] Ignore hidden git folders for Docker images --- .dockerignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..94c3d6b6 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.git +.github + From 0d182f6e4d8406457990be6e9b00920c167765bc Mon Sep 17 00:00:00 2001 From: Rob Hudson Date: Mon, 10 Mar 2025 14:00:34 -0700 Subject: [PATCH 2/2] Disable git credential persistence --- .github/workflows/build.yaml | 1 + .github/workflows/ci.yaml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f14309b2..a507aebc 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -25,6 +25,7 @@ jobs: with: fetch-depth: 0 fetch-tags: true + persist-credentials: false - id: determine_tag name: determine tag diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6dad4957..aac28330 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,6 +32,8 @@ jobs: --health-retries 5 steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install poetry run: pipx install poetry @@ -57,6 +59,8 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + with: + persist-credentials: false - name: Build production image uses: docker/build-push-action@v6 @@ -70,6 +74,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install poetry run: pipx install poetry @@ -96,6 +102,8 @@ jobs: - name: Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Install poetry run: pipx install poetry