PR: #55 (feat/27-docker-compose)
Files: Dockerfile line 36; deploy/compose/docker-compose.yml volumes block
The Dockerfile performs:
The compose file simultaneously bind-mounts the same directory at runtime:
volumes:
- ../../config:/app/config:ro
This creates two problems:
-
Layer bake-in: Every file in config/ at build time is baked into the image layer and visible in docker history charon:local. If a developer inadvertently writes a secret value into a TOML file (an ongoing risk given the ${ENV_VAR} substitution pattern in the config loader), that secret is permanently in the image layer even after the bind mount overlays it at runtime.
-
Divergence risk on standalone runs: A docker run charon:local without compose will use the baked-in config/default.toml, which may contain placeholder or stale values. There is no visible error — the binary starts with silently wrong config. This is particularly dangerous given that contract addresses and RPC endpoints are embedded in TOML.
The runtime bind mount makes the build-time COPY redundant. The correct approach is to remove COPY config ./config from the Dockerfile and require operators to always use the compose bind mount or an explicit -v flag.
Suggested fix: Remove COPY config ./config from the Dockerfile. Add config/ to .dockerignore. Document in the README deploy section that running without a config mount is unsupported and will fail.
Refs #55
PR: #55 (feat/27-docker-compose)
Files: Dockerfile line 36; deploy/compose/docker-compose.yml volumes block
The Dockerfile performs:
COPY config ./configThe compose file simultaneously bind-mounts the same directory at runtime:
This creates two problems:
Layer bake-in: Every file in
config/at build time is baked into the image layer and visible indocker history charon:local. If a developer inadvertently writes a secret value into a TOML file (an ongoing risk given the ${ENV_VAR} substitution pattern in the config loader), that secret is permanently in the image layer even after the bind mount overlays it at runtime.Divergence risk on standalone runs: A
docker run charon:localwithout compose will use the baked-inconfig/default.toml, which may contain placeholder or stale values. There is no visible error — the binary starts with silently wrong config. This is particularly dangerous given that contract addresses and RPC endpoints are embedded in TOML.The runtime bind mount makes the build-time COPY redundant. The correct approach is to remove
COPY config ./configfrom the Dockerfile and require operators to always use the compose bind mount or an explicit-vflag.Suggested fix: Remove
COPY config ./configfrom the Dockerfile. Addconfig/to.dockerignore. Document in the README deploy section that running without a config mount is unsupported and will fail.Refs #55