Adding hadolint and pinning (#11)

baldarn · Sep 6, 2024 · c11fab1 · c11fab1
1 parent 921af75
commit c11fab1
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -79,6 +79,12 @@ jobs:
         run: bin/brakeman -q -w2
       - name: Lint Ruby files
         run: bin/rubocop --parallel
+      - name: Install Hadolint
+        run: |
+          wget -O ./hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
+          chmod +x ./hadolint
+      - name: Lint Dockerfile with Hadolint
+        run: ./hadolint Dockerfile
 
   build:
     needs: [tests, system-tests, lint]

diff --git a/Dockerfile b/Dockerfile
@@ -19,7 +19,7 @@ FROM --platform=$TARGETPLATFORM base as build
 
 # Install packages needed to build gems
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config nodejs
+    apt-get install --no-install-recommends -y build-essential=12* git=1 libpq-dev=15* libvips42=8* pkg-config=1* nodejs=18*
 
 # Install application gems
 COPY Gemfile Gemfile.lock .ruby-version ./
@@ -37,7 +37,7 @@ FROM base
 
 # Install packages needed for deployment
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y curl libjemalloc2 libpq-dev libvips nodejs && \
+    apt-get install --no-install-recommends -y curl=7* libjemalloc2=5* libpq-dev=15* libvips42=8* nodejs=18* && \
     rm -rf /var/lib/apt/lists /var/cache/apt/archives
 
 # Copy built artifacts: gems, application