boocode

indifferentketchup/boocode

Fork 0

Commit Graph

Author	SHA1	Message	Date
indifferentketchup	9a7b35b677	build: harden .dockerignore (secrets/, data/) The host-side docker-compose mounts secrets/ and data/ read-only at runtime, but the build context still slurped them in. Add secrets/, data/, and general SSH key patterns (.pem, .key, id_rsa, id_ed25519, known_hosts, .ssh/) so private material can never be baked into the image even by accident. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 20:50:37 +00:00
indifferentketchup	a7f218e182	initial	2026-05-14 19:24:50 +00:00

Author

SHA1

Message

Date

indifferentketchup

9a7b35b677

build: harden .dockerignore (secrets/, data/)

The host-side docker-compose mounts secrets/ and data/ read-only at
runtime, but the build context still slurped them in. Add secrets/,
data/, and general SSH key patterns (*.pem, *.key, id_rsa*,
id_ed25519*, known_hosts, .ssh/) so private material can never be
baked into the image even by accident.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-17 20:50:37 +00:00

indifferentketchup

a7f218e182

initial

2026-05-14 19:24:50 +00:00

2 Commits