mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-07-02 22:01:05 +02:00
feat(docker): integrate HF_TOKEN secret into Docker build process
- Added support for HF_TOKEN as a secret in the Docker build workflow to enhance security during model embedding retrieval. - Updated the Dockerfile to utilize the HF_TOKEN secret for fetching embeddings, ensuring sensitive information is handled securely.
This commit is contained in:
parent
6ebee03931
commit
b254ef32e2
2 changed files with 6 additions and 1 deletions
2
.github/workflows/docker-build.yml
vendored
2
.github/workflows/docker-build.yml
vendored
|
|
@ -193,6 +193,8 @@ jobs:
|
||||||
platforms: ${{ matrix.platform }}
|
platforms: ${{ matrix.platform }}
|
||||||
cache-from: type=registry,ref=${{ steps.image.outputs.name }}:buildcache-${{ matrix.variant }}-${{ matrix.suffix }}
|
cache-from: type=registry,ref=${{ steps.image.outputs.name }}:buildcache-${{ matrix.variant }}-${{ matrix.suffix }}
|
||||||
cache-to: type=registry,ref=${{ steps.image.outputs.name }}:buildcache-${{ matrix.variant }}-${{ matrix.suffix }},mode=max,image-manifest=true,oci-mediatypes=true
|
cache-to: type=registry,ref=${{ steps.image.outputs.name }}:buildcache-${{ matrix.variant }}-${{ matrix.suffix }},mode=max,image-manifest=true,oci-mediatypes=true
|
||||||
|
secrets: |
|
||||||
|
HF_TOKEN=${{ secrets.HF_TOKEN }}
|
||||||
provenance: false
|
provenance: false
|
||||||
build-args: |
|
build-args: |
|
||||||
${{ matrix.image == 'backend' && format('USE_CUDA={0}', matrix.use_cuda) || '' }}
|
${{ matrix.image == 'backend' && format('USE_CUDA={0}', matrix.use_cuda) || '' }}
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
# syntax=docker.io/docker/dockerfile:1
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
# SurfSense Backend — Multi-stage Dockerfile
|
# SurfSense Backend — Multi-stage Dockerfile
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
@ -104,7 +105,9 @@ RUN printf '%s\n' \
|
||||||
| python || true
|
| python || true
|
||||||
|
|
||||||
ARG EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
|
ARG EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
|
||||||
RUN python -c "from chonkie import AutoEmbeddings; AutoEmbeddings.get_embeddings('${EMBEDDING_MODEL}')"
|
RUN --mount=type=secret,id=HF_TOKEN \
|
||||||
|
HF_TOKEN="$(cat /run/secrets/HF_TOKEN 2>/dev/null || true)" \
|
||||||
|
python -c "from chonkie import AutoEmbeddings; AutoEmbeddings.get_embeddings('${EMBEDDING_MODEL}')"
|
||||||
|
|
||||||
# Install Playwright browsers (the playwright python package itself is in deps)
|
# Install Playwright browsers (the playwright python package itself is in deps)
|
||||||
RUN playwright install chromium --with-deps
|
RUN playwright install chromium --with-deps
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue