Open yogat3ch opened 2 years ago
yogat3ch
commented
2 years ago Just added a couple more features:
sha256 hash of the rocker version to control the architecture of the image. Related to golem#885docker_from_desc for smaller docker images.
michkam89
commented
1 year ago Hello there, I'm just curious if this is going to be merged? I'm thinking about working on #43 and I could use this code :)
yogat3ch
commented
1 year ago @michkam89 , tagging @VincentGuyader here to get some eyes on this
yogat3ch
commented
1 year ago Hey @statnmap, thanks for the review here! I haven't had a chance to implement the changes yet but I'll have some time off over the holidays where I can hopefully get to it!
yogat3ch
commented
1 year ago Hey @statnmap , I had an opportunity to document the sha256 parameter in the preceding commits. Is there anything else?
yogat3ch
commented
1 year ago Hey @statnmap,
I think a safer way to do this is to copy an .Renviron file to the Docker image temporarily with the GITHUB_PAT set therein, and then delete it after renv::restore is run in the build process with RUN rm .Renviron cmd in the Dockerfile.
This avoids exposing the GITHUB_PAT` in the run log when the image is uploaded to Docker Hub.
Should I implement this instead?
Hi @VincentGuyader & @ColinFay, This PR will eventually fix #18. It currently only modifies
dock_from_descto add handling of theGITHUB_PATas abuild-argto enable fetching of private Github repos during docker build. A comment is included in the Dockerfile reminding the user to use the--build-arg GITHUB_PAT=[github PAT]flag when runningdocker build. There is an info message also indicating this fact which also informs the user that using this method causes the GITHUB_PAT to be exposed in the image metadata and thus the image must be kept private if uploaded to Docker Hub.I would appreciate feedback on this approach thus far before I implement a similar method for handling private repos on the
dock_from_renvfunction.Can y'all let me know if this is satisfactory?