You can bind-mount a single file read-only with docker.

While you're at it, bind mount .git read-only as well. Hasn't happened to me yet, but talked to people who had their local repo wiped out by desperate agents! No code - no broken tests, eh. It would also block one nasty container escape vector via git hooks.