TL;DR
Use COPY src src
.
Security Consideration
Refer to the Sysdig's post.
COPY . .
will place credentials in container by default. You will need to configure .dockerignore
to avoid this. However, managing .dockerignore
is tedious and easy to make mistake. This is just like .gitignore
.
Whitelist copying like COPY src src
and copy build build
never cause this problem.
Layer efficiency
The files required by a command are different by step. For example, npm install
requires only package.json
and package-lock.json
. Overwriting them in a later step by COPY . .
may cause a consistency problem. In addition, not the builder container but only the runner container requires the files under src
in Node.js, Ruby, Python, and so on with builder pattern.
Conclusion
I suggest to use whitelist copying to avoid some security problems. Build time will become shorter as a bonus.
Top comments (1)
This is misleading.