You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Environment variables defined in compose file are included in image build. They should only be defined at runtime.
Aside from being a deviation from docker compose behavior, this is a potential security concern since it is common for those variables to contain secrets.
STEP 1/2: FROM scratch
STEP 2/2: ENV "FOO"="bar" # note this variable that should not be part of build
COMMIT foo:latest
--> 9f279e6856c7
Successfully tagged localhost/foo:latest
Describe the bug
Environment variables defined in compose file are included in image build. They should only be defined at runtime.
Aside from being a deviation from docker compose behavior, this is a potential security concern since it is common for those variables to contain secrets.
To Reproduce
Dockerfile
:compose.yaml
:podman compose build foo
:podman image inspect foo:latest|jq '.[0].Config.Env'
:docker compose behaves correctly:
Expected behavior
Environment variables defined in compose file should not be included in build.
Actual behavior
Environment variables defined in compose file are included in build.
Output
Environment:
The text was updated successfully, but these errors were encountered: