| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- # SEC_REVIEW F19: explicit allow/deny for the ui build context.
- # `Dockerfile` does `COPY . ./` for the runtime stage, so anything
- # not listed here is baked into the image.
- # Secrets — block any future `.env` / `.env.local` dropped in this
- # directory from silently shipping in the image. Compose loads `.env`
- # from the repo root, not from `ui/`, so nothing here is needed.
- .env
- .env.*
- # Version control
- .git
- .gitignore
- .gitattributes
- # Editor / IDE noise
- .idea/
- .vscode/
- *.swp
- *~
- .DS_Store
- # Tests and dev tooling — not needed at runtime, and `tests/` may hold
- # fixtures that double as LFI targets.
- tests/
- .phpunit.cache/
- .phpunit.result.cache
- .phpstan.cache/
- .php-cs-fixer.cache
- .php-cs-fixer.dist.php
- phpstan.neon
- phpunit.xml
- # Dependencies — the deps / assets stages install clean trees and
- # copy them in via `COPY --from=...`; leaving the host versions in
- # the context would let the subsequent `COPY . ./` clobber them.
- vendor/
- node_modules/
- # Project metadata and docs — not consumed by the runtime.
- CHANGELOG.md
- # Build artifacts that don't belong in the runtime image.
- .dockerignore
- Dockerfile
- # Claude Code session state
- .claude/
|
