From c11fab132ddd73aac7b14b7faea9f7cc8a39e014 Mon Sep 17 00:00:00 2001
From: Matteo Niccoli <drumbsd@gmail.com>
Date: Fri, 6 Sep 2024 11:34:39 +0200
Subject: [PATCH] Adding hadolint and pinning (#11)

---
 .github/workflows/ci.yml | 6 ++++++
 Dockerfile               | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6bacfe9..59824c8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -79,6 +79,12 @@ jobs:
         run: bin/brakeman -q -w2
       - name: Lint Ruby files
         run: bin/rubocop --parallel
+      - name: Install Hadolint
+        run: |
+          wget -O ./hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
+          chmod +x ./hadolint
+      - name: Lint Dockerfile with Hadolint
+        run: ./hadolint Dockerfile
 
   build:
     needs: [tests, system-tests, lint]
diff --git a/Dockerfile b/Dockerfile
index 9fc4b0a..07dceb0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,7 @@ FROM --platform=$TARGETPLATFORM base as build
 
 # Install packages needed to build gems
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config nodejs
+    apt-get install --no-install-recommends -y build-essential=12* git=1 libpq-dev=15* libvips42=8* pkg-config=1* nodejs=18*
 
 # Install application gems
 COPY Gemfile Gemfile.lock .ruby-version ./
@@ -37,7 +37,7 @@ FROM base
 
 # Install packages needed for deployment
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y curl libjemalloc2 libpq-dev libvips nodejs && \
+    apt-get install --no-install-recommends -y curl=7* libjemalloc2=5* libpq-dev=15* libvips42=8* nodejs=18* && \
     rm -rf /var/lib/apt/lists /var/cache/apt/archives
 
 # Copy built artifacts: gems, application