Inject from secrets

baseplate-admin · baseplate-admin · commit bb9d7a53a0e7 · 2026-04-11T15:29:37.000+06:00
diff --git a/.github/workflows/push-landing-page-ghcr.yml b/.github/workflows/push-landing-page-ghcr.yml
@@ -40,12 +40,12 @@ jobs:
 
       - name: Build and push image
         uses: docker/build-push-action@v7
-        env:
-          GITHUB_TOKEN: ${{ secrets.GHP_TOKEN }}
         with:
           context: ./apps/landing-page
           file: ./apps/landing-page/Dockerfile
           push: true
+          secrets: |
+            github_token=${{ secrets.GHP_TOKEN }}
           tags: |
             ghcr.io/${{ github.repository }}-landing-page:latest
             ghcr.io/${{ github.repository }}-landing-page:${{ github.sha }}
diff --git a/apps/landing-page/Dockerfile b/apps/landing-page/Dockerfile
@@ -27,9 +27,8 @@ COPY . .
 # Uncomment the following line in case you want to disable telemetry during the build.
 ENV NEXT_TELEMETRY_DISABLED=1
 
-ENV GITHUB_TOKEN=${GITHUB_TOKEN}
-
-RUN \
+RUN --mount=type=secret,id=github_token \
+    export GITHUB_TOKEN=$(cat /run/secrets/github_token) && \
     if [ -f yarn.lock ]; then yarn run build; \
     elif [ -f package-lock.json ]; then npm run build; \
     elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm run build; \
