Skip to content

Commit

Permalink
fix token
Browse files Browse the repository at this point in the history
  • Loading branch information
@HugoRCD
HugoRCD committed Nov 12, 2024
1 parent e81c93d commit dcdde1b
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build-image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,4 @@ jobs:
build-args: |
TURBO_TEAM=${{ vars.TURBO_TEAM }}
TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
NUXT_PRIVATE_GITHUB_TOKEN=${{ secrets.NUXT_PRIVATE_GITHUB_TOKEN }}
4 changes: 2 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ FROM oven/bun:latest AS build

ARG TURBO_TEAM
ARG TURBO_TOKEN

Check warning on line 5 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "TURBO_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ARG GITHUB_TOKEN
ARG NUXT_PRIVATE_GITHUB_TOKEN

Check warning on line 6 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "NUXT_PRIVATE_GITHUB_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

ENV TURBO_TEAM=$TURBO_TEAM
ENV TURBO_TOKEN=$TURBO_TOKEN

Check warning on line 9 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "TURBO_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV GITHUB_TOKEN=$GITHUB_TOKEN
ENV NUXT_PRIVATE_GITHUB_TOKEN=$NUXT_PRIVATE_GITHUB_TOKEN

Check warning on line 10 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "NUXT_PRIVATE_GITHUB_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV NODE_ENV=production

WORKDIR /app
Expand Down

0 comments on commit dcdde1b

Please sign in to comment.