40 lines
562 B
Text
40 lines
562 B
Text
|
|
# SEC-04: keep secrets and bulk artefacts out of image layers.
|
||
|
|
# The Dockerfile ends with `COPY . .` — everything not listed here ships in the image.
|
||
|
|
|
||
|
|
# Secrets — never in an image layer
|
||
|
|
.env
|
||
|
|
.env.*
|
||
|
|
*.pw
|
||
|
|
|
||
|
|
# VCS / local tooling
|
||
|
|
.git
|
||
|
|
.gitignore
|
||
|
|
.claude
|
||
|
|
.pytest_cache
|
||
|
|
.ruff_cache
|
||
|
|
.venv
|
||
|
|
__pycache__
|
||
|
|
*.pyc
|
||
|
|
*.pyo
|
||
|
|
.DS_Store
|
||
|
|
*.code-workspace
|
||
|
|
|
||
|
|
# Bulk data artefacts (rebuildable / operator-side only)
|
||
|
|
*.osm.pbf
|
||
|
|
*.geojson
|
||
|
|
csv/
|
||
|
|
data/
|
||
|
|
tools/data/
|
||
|
|
shell_stations.csv
|
||
|
|
|
||
|
|
# Not needed at runtime
|
||
|
|
docs/
|
||
|
|
tests/
|
||
|
|
agents/
|
||
|
|
db_audit/
|
||
|
|
legacy/
|
||
|
|
SOUL.md
|
||
|
|
README.md
|
||
|
|
CLAUDE.md
|
||
|
|
uv.lock.bak
|