apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-06-10 20:35:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(docker): integrate HF_TOKEN secret into Docker build process

Browse source 
- Added support for HF_TOKEN as a secret in the Docker build workflow to enhance security during model embedding retrieval.
- Updated the Dockerfile to utilize the HF_TOKEN secret for fetching embeddings, ensuring sensitive information is handled securely.
This commit is contained in:
Anish Sarkar 2026-06-07 12:06:34 +05:30
parent 6ebee03931
commit b254ef32e2
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/docker-build.yml vendored
View file

@ -193,6 +193,8 @@ jobs:
platforms: ${{ matrix.platform }}
cache-from: type=registry,ref=${{ steps.image.outputs.name }}:buildcache-${{ matrix.variant }}-${{ matrix.suffix }}
cache-to: type=registry,ref=${{ steps.image.outputs.name }}:buildcache-${{ matrix.variant }}-${{ matrix.suffix }},mode=max,image-manifest=true,oci-mediatypes=true
secrets: |
HF_TOKEN=${{ secrets.HF_TOKEN }}
provenance: false
build-args: |
${{ matrix.image == 'backend' && format('USE_CUDA={0}', matrix.use_cuda) || '' }}

5
surfsense_backend/Dockerfile
View file

@ -1,3 +1,4 @@
# syntax=docker.io/docker/dockerfile:1
# =============================================================================
# SurfSense Backend — Multi-stage Dockerfile
# =============================================================================
@ -104,7 +105,9 @@ RUN printf '%s\n' \
| python || true
ARG EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
RUN python -c "from chonkie import AutoEmbeddings; AutoEmbeddings.get_embeddings('${EMBEDDING_MODEL}')"
RUN --mount=type=secret,id=HF_TOKEN \
HF_TOKEN="$(cat /run/secrets/HF_TOKEN 2>/dev/null || true)" \
python -c "from chonkie import AutoEmbeddings; AutoEmbeddings.get_embeddings('${EMBEDDING_MODEL}')"
# Install Playwright browsers (the playwright python package itself is in deps)
RUN playwright install chromium --with-deps