Skip to content

Add .dockerignore to prevent secrets leaking into Docker build context#2

Merged
boci11 merged 2 commits into
mainfrom
copilot/buduj-to-jeszcze-raz-w-nowym-repozytorium-codex
Jul 2, 2026
Merged

Add .dockerignore to prevent secrets leaking into Docker build context#2
boci11 merged 2 commits into
mainfrom
copilot/buduj-to-jeszcze-raz-w-nowym-repozytorium-codex

Conversation

Copilot AI commented Jul 2, 2026

Copy link
Copy Markdown

Without a .dockerignore, the .env file (containing secrets like POSTGRES_PASSWORD and OPENAI_API_KEY) and other unnecessary files were being sent to the Docker daemon as part of the build context for the app service.

Changes

  • .dockerignore — excludes from build context:

    • .env / .env.* (secrets)
    • .git (VCS metadata)
    • node_modules/, __pycache__/, .venv/ (dependency dirs)
    • dist/, build/, *.log, .cache/ (artifacts/noise)
    • Editor/OS files (.DS_Store, .vscode/, .idea/)
  • Project scaffold — includes files from the prior bootstrap PR that weren't reflected on main: docker-compose.yml, .devcontainer/, .gitignore, .env.example, and directory stubs (src/, docs/, data/, scripts/)

Adds .dockerignore to prevent .env, .git, node_modules, __pycache__,
and other unnecessary files from being included in the Docker build
context. This addresses the review comment (discussion_r3509898653)
and improves security and build performance.

Also includes the project scaffold files (docker-compose.yml,
.devcontainer, .gitignore, .env.example, etc.) that were introduced
in PR #1.
Copilot AI changed the title [WIP] Fix code for review comment on pull request Add .dockerignore to prevent secrets leaking into Docker build context Jul 2, 2026
Copilot finished work on behalf of boci11 July 2, 2026 01:45
Copilot AI requested a review from boci11 July 2, 2026 01:45
@boci11 boci11 marked this pull request as ready for review July 2, 2026 01:48
Copilot AI review requested due to automatic review settings July 2, 2026 01:48
@boci11 boci11 merged commit 2647d5d into main Jul 2, 2026
1 check passed

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Docker/Dev Container scaffolding for the “Codex” project and introduces a .dockerignore to prevent secrets (notably .env) and other noise from being sent in the Docker build context.

Changes:

  • Added .dockerignore and .gitignore rules to keep .env/secrets and common artifacts out of build contexts and git.
  • Introduced Docker Compose + Dev Container configuration (Postgres service + app dev container setup).
  • Replaced the root README.md with project-specific setup instructions and added directory stubs via .gitkeep.

Reviewed changes

Copilot reviewed 6 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
README.md Replaces prior README with Codex-focused setup/docs (Dev Container + Compose + env vars).
docker-compose.yml Adds app + Postgres services for local/devcontainer workflows.
.gitignore Ignores .env and common OS/editor/dependency/artifact files.
.env.example Adds example environment variables for OpenAI + Postgres.
.dockerignore Excludes secrets and common noise from Docker build context.
.devcontainer/Dockerfile Adds a simple devcontainer base image with postgresql-client.
.devcontainer/devcontainer.json Configures VS Code Dev Containers to use the Compose app service.
src/.gitkeep Adds stub directory for source.
docs/.gitkeep Adds stub directory for documentation.
data/.gitkeep Adds stub directory for data.
scripts/.gitkeep Adds stub directory for scripts.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docker-compose.yml
Comment on lines +7 to +9
env_file:
- path: .env
required: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants