Skip to content

Experiment: Lint Dockerfiles using hadolint #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Experiment: Lint Dockerfiles using hadolint #51

wants to merge 2 commits into from
+66 −0

Conversation

kke
Copy link
Contributor

@kke kke commented Oct 13, 2023

Uses https://github.com/hadolint/hadolint

Seems to create quite a lot of issues locally

@kke kke force-pushed the hadolint-action branch 5 times, most recently from c06f788 to bfa6203 Compare October 13, 2023 05:56
kke added 2 commits October 13, 2023 09:08
@kke
Lint dockerfiles using hadolint
2f20db4 
Signed-off-by: Kimmo Lehto <[email protected]>
Signed-off-by: Kimmo Lehto <[email protected]>
@kke
Dummy change to trigger workflow
45e54d7 
Signed-off-by: Kimmo Lehto <[email protected]>
Signed-off-by: Kimmo Lehto <[email protected]>
@kke kke force-pushed the hadolint-action branch from bfa6203 to 45e54d7 Compare October 13, 2023 06:08
@github-actions
Copy link

Hadolint: failure

images/kube-proxy/v1.28.2/Dockerfile:5 DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
images/kube-proxy/v1.28.2/Dockerfile:12 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
images/kube-proxy/v1.28.2/Dockerfile:12 DL3047 info: Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
images/kube-proxy/v1.28.2/Dockerfile:33 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
images/kube-proxy/v1.28.2/Dockerfile:33 DL3005 error: Do not use apt-get dist-upgrade
images/kube-proxy/v1.28.2/Dockerfile:33 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
images/kube-proxy/v1.28.2/Dockerfile:55 DL3006 warning: Always tag the version of an image explicitly

@kke
Copy link
Contributor Author

kke commented Oct 13, 2023

A bit ugly, I guess it could be scripted to create proper review comments. Maybe https://github.com/reviewdog/action-hadolint would be easier to set up.

twz123
twz123 reviewed Oct 13, 2023
View reviewed changes
Copy link
Member

@twz123 twz123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we disable some warnings?

DL3018 warning: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

You really only want that if you have some bot that maintains the package versions, or if you're using your own mirror. Otherwise, this will break the build, as old packages get garbage collected from the main Alpine repos.

DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check

or disable this check yes, please 😄

DL3008 warning: Pin versions in apt get install. Instead of apt-get install <package> use apt-get install <package>=<version>

Not sure about the Ubuntu package repos. How long do they provide older packages?

images/kube-proxy/v1.28.2/Dockerfile
@@ -1,3 +1,5 @@
# dummy change to trigger workflow
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get this is only for testing the workflow added in this PR, but that will also trigger a rebuild when this PR gets merged, overwriting the already built tag in the registry. We need to remove that before merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twz123 twz123 twz123 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kke @twz123