chore: wire read-only secrets/ volume for session bundles
Mounts ./secrets to /secrets:ro so LINGMA_SESSION_BUNDLE_FILE can point at a host-managed file without the bundle ever being baked into the image or committed to git. secrets/ is git-ignored except for .gitkeep so the directory exists on fresh clones. Made-with: Cursor
This commit is contained in:
GitHub Actions
2
.gitignore
vendored
2
.gitignore
vendored
@@ -5,3 +5,5 @@ bin/
|
|||||||
runtime-bin/
|
runtime-bin/
|
||||||
data/*
|
data/*
|
||||||
!data/.gitkeep
|
!data/.gitkeep
|
||||||
|
secrets/*
|
||||||
|
!secrets/.gitkeep
|
||||||
|
|||||||
@@ -14,4 +14,6 @@ services:
|
|||||||
- "${PORT:-8317}:${PORT:-8317}"
|
- "${PORT:-8317}:${PORT:-8317}"
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/app/data
|
- ./data:/app/data
|
||||||
|
# Read-only secrets (session bundles, etc). Created outside git; see README.
|
||||||
|
- ./secrets:/secrets:ro
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|||||||
0
secrets/.gitkeep
Normal file
0
secrets/.gitkeep
Normal file
Reference in New Issue
Block a user