assignUser commented on code in PR #15229:
URL: https://github.com/apache/arrow/pull/15229#discussion_r1063833523
##########
ci/docker/linux-apt-r.dockerfile:
##########
@@ -27,50 +27,53 @@ ENV R_PRUNE_DEPS=${r_prune_deps}
ARG r_duckdb_dev=FALSE
ENV R_DUCKDB_DEV=${r_duckdb_dev}
+ARG github_pat=""
Review Comment:
:x: this permanently embeds the pat into the image. This is not super
dangerous for the crossbow builds as those PATs expire after the job is run but
people do run these jobs locally and could have this envvar exported for use in
their local R things. (Also it is just bad practice, maybe we need to use an
non expiring pat for some reason at some point ...)
Here the first link explaining the issue + solution I found
https://medium.com/marionete/pass-secure-information-for-building-docker-images-8adeafe08355
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
