Enforce .dockerignore for Docker projects

change-type: patch
product-os · Jan 29, 2025 · b101101 · b101101
1 parent 1183fff
commit b101101
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml
diff --git a/flowzone.yml b/flowzone.yml
@@ -2111,6 +2111,25 @@ jobs:
       # https://github.com/actions/checkout
       - *shallowCheckout
 
+      # enforce .dockerignore requirement and warn (for now) if .git isn't excluded
+      - name: Check for .dockerignore
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+        env:
+          WORKDIR: ${{ inputs.working_directory }}
+        with:
+          script: |
+            const fs = require('fs');
+            fs.readFile(`${process.env.WORKDIR}/.dockerignore`, 'utf8', (err, data) => {
+              if (err) {
+                console.error('Docker builds require .dockerignore file.');
+                process.exit(1);
+              } else {
+                if (!data.split('\n').includes('.git')) {
+                  console.warn('.dockerignore should exclude .git directory/folder for security reasons.');
+                }
+              }
+            });
+
       - <<: *setupBuildx
         with:
           # pin to a known working version because v0.10.x will

diff --git a/tests/.dockerignore b/tests/.dockerignore