frappe_docker

mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-17 13:55:08 +00:00

History

OmarElaraby26 ae275df161 fix(security): replace APPS_JSON_BASE64 build-arg with BuildKit secret mount APPS_JSON_BASE64 is stored in image layer metadata, permanently exposing private repo tokens (GitHub PATs) to anyone with image pull access. Replace --build-arg with --mount=type=secret so that apps.json is only available during the RUN step and never committed to any layer. Refs: https://docs.docker.com/reference/build-checks/secrets-used-in-arg-or-env/	2026-04-05 22:24:53 +02:00
..
Containerfile	fix(security): replace APPS_JSON_BASE64 build-arg with BuildKit secret mount	2026-04-05 22:24:53 +02:00

OmarElaraby26 ae275df161 fix(security): replace APPS_JSON_BASE64 build-arg with BuildKit secret mount

APPS_JSON_BASE64 is stored in image layer metadata, permanently exposing
private repo tokens (GitHub PATs) to anyone with image pull access.

Replace --build-arg with --mount=type=secret so that apps.json is only
available during the RUN step and never committed to any layer.

Refs: https://docs.docker.com/reference/build-checks/secrets-used-in-arg-or-env/

2026-04-05 22:24:53 +02:00

Containerfile

fix(security): replace APPS_JSON_BASE64 build-arg with BuildKit secret mount

2026-04-05 22:24:53 +02:00