我有这个Dockerfile。我通过将github个人令牌作为参数[具有适当的权限]来克隆私人仓库。
这是最佳做法吗?
这种做法是否会对TOKEN造成任何安全威胁?
我看到有些人使用SSH密钥,但我认为与此解决方案相比,这是一项额外的工作。
# Starting from Python 2.7 base image
FROM python:2.7
# Update PIP
RUN pip install --upgrade pip
# Install GIT
RUN apt-get update -y && apt-get install git -y
# Set environmental vars
ARG GH_TOKEN=WRONG_GITHUB_TOKEN
# Adding the whole project from the repo to the container
RUN git clone https://$GH_TOKEN:x-oauth-basic@github.com/org/repo.git /repo
# Set the working directory
WORKDIR /repo
# Install dependencies via pip
RUN pip install -r dependencies.txt
# Set the working directory
WORKDIR /repo/folder
# Run a command for the container
CMD ["/bin/bash"]