Refactor Dockerfile to expose MongoDB URI secret at build time and simplify the ENTRYPOINT command for the Streamlit app. This change enhances security by using secrets during the build process and improves clarity in the container startup configuration.

Dockerfile

@@ -14,13 +14,13 @@ COPY src/ ./src/
 
 RUN pip3 install -r requirements.txt
 
-# Set the environment variable from the secret during runtime
-ENV mongo_uri=""
+# Expose the secret SECRET_EXAMPLE at buildtime and use its value as git remote URL
+RUN --mount=type=secret,id=mongo_uri,mode=0444,required=true \
+    git init && \
+    git remote add origin $(cat /run/secrets/mongo_uri)
 
 EXPOSE 8501
 
 HEALTHCHECK CMD curl --fail http://localhost:8501/_stcore/health
 
-# Use the secret as an environment variable during container runtime
-ENTRYPOINT --mount=type=secret,id=mongo_uri,target=/run/secrets/mongo_uri,mode=0444,required=true \
-    sh -c 'export mongo_uri=$(cat /run/secrets/mongo_uri) && streamlit run src/streamlit_app.py --server.port=8501 --server.address=0.0.0.0'
+ENTRYPOINT ["streamlit", "run", "src/streamlit_app.py", "--server.port=8501", "--server.address=0.0.0.0"]