chore: wire read-only secrets/ volume for session bundles
Mounts ./secrets to /secrets:ro so LINGMA_SESSION_BUNDLE_FILE can point at a host-managed file without the bundle ever being baked into the image or committed to git. secrets/ is git-ignored except for .gitkeep so the directory exists on fresh clones. Made-with: Cursor
This commit is contained in:
GitHub Actions
2
.gitignore
vendored
2
.gitignore
vendored
@@ -5,3 +5,5 @@ bin/
|
||||
runtime-bin/
|
||||
data/*
|
||||
!data/.gitkeep
|
||||
secrets/*
|
||||
!secrets/.gitkeep
|
||||
|
||||
Reference in New Issue
Block a user