checkEnvironmentVariables walks every compose file that will be serialized into the OCI artifact (the top-level files plus any local extends parents) and prompts the user to confirm before publishing: 1. service env_file declarations and literal environment values whose key name looks sensitive (pa
(ctx context.Context, project *types.Project, options api.PublishOptions)
| 426 | // in the published YAML and don't leak the resolved value; the keyword |
| 427 | // detector's value regex skips them automatically. |
| 428 | func (s *composeService) checkEnvironmentVariables(ctx context.Context, project *types.Project, options api.PublishOptions) error { |
| 429 | if len(project.ComposeFiles) == 0 { |
| 430 | return nil |
| 431 | } |
| 432 | |
| 433 | findings, err := collectEnvCheckFindings(ctx, project) |
| 434 | if err != nil { |
| 435 | return err |
| 436 | } |
| 437 | |
| 438 | if !options.WithEnvironment && findings.hasEnvFinding() { |
| 439 | if err := s.confirmOrCancel(buildEnvPromptMessage(findings.services)); err != nil { |
| 440 | return err |
| 441 | } |
| 442 | } |
| 443 | |
| 444 | if len(findings.configsLiteralContent) > 0 { |
| 445 | if err := s.confirmOrCancel(buildConfigContentPromptMessage(findings.configsLiteralContent)); err != nil { |
| 446 | return err |
| 447 | } |
| 448 | } |
| 449 | |
| 450 | return nil |
| 451 | } |
| 452 | |
| 453 | // confirmOrCancel runs an interactive yes/no prompt and returns: |
| 454 | // - the prompt's error verbatim, if it failed; |