Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerignore: convert to whitelist #361

Closed
wants to merge 3 commits into from
Closed
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,22 @@
node_modules
Copy link
Member

@matthew-white matthew-white Dec 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we already had node_modules in here, how was it copied through during the build of that one server? Does .dockerignore work differently from .gitignore in that way?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes 😞

.dockerignore

the patterns /foo/bar and foo/bar both exclude a file or directory named bar in the foo subdirectory of PATH or in the root of the git repository located at URL. Neither excludes anything else.
-- https://docs.docker.com/engine/reference/builder/#dockerignore-file

.gitignore

If there is a separator at the beginning or middle (or both) of the pattern, then the pattern is relative to the directory level of the particular .gitignore file itself. Otherwise the pattern may also match at any level below the .gitignore level.
-- https://git-scm.com/docs/gitignore#_pattern_format

Probably good to include the preceding / in .dockerignore to make the intent more explicit.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we make it something like this:

/server/node_modules
/server/npm-debug.log

/client/node_modules
/client/npm-debug.log

Actually, could that change be all we need? Then an errant node_modules directory wouldn't be copied through.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be an alternative approach, but I think with a blacklisting approach there is more scope for accidentally including unwanted files in the future.

npm-debug.log
# Ignore everything
*

# Re-include the things we actually want

# .git dirs: required to generate version files in service container
Copy link
Member

@matthew-white matthew-white Dec 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also required to generate version.txt in the nginx container (files/prebuild/write-version.sh I believe).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, added to comment

!/.git/
!/server/.git
!/client/.git

!/files/

!/server/package.json
!/server/package-lock.json
!/server/config/
!/server/lib/

!/client/package.json
!/client/package-lock.json
!/client/vue.config.js
!/client/public/
!/client/src/
matthew-white marked this conversation as resolved.
Show resolved Hide resolved