Added hadolint and cleanup tekton images

redhat-cop · Dec 13, 2023 · 1511d1b · 1511d1b
1 parent c3ed6d8
commit 1511d1b
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 25 deletions.
diff --git a/.github/workflows/tekton-task-images-conftest-pr.yaml b/.github/workflows/tekton-task-images-conftest-pr.yaml
@@ -28,6 +28,11 @@ jobs:
         with:
           IMAGE_CONTEXT_DIR: ${{ env.context }}
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

diff --git a/.github/workflows/tekton-task-images-helm-pr.yaml b/.github/workflows/tekton-task-images-helm-pr.yaml
@@ -28,6 +28,11 @@ jobs:
         with:
           IMAGE_CONTEXT_DIR: ${{ env.context }}
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

diff --git a/tekton-task-images/conftest/Dockerfile b/tekton-task-images/conftest/Dockerfile
@@ -1,14 +1,15 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1475@sha256:a340f4b9fb261a75c84666a3dccb88e193a116da3cebabaf9bcdc33609b61172
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1475@sha256:a340f4b9fb261a75c84666a3dccb88e193a116da3cebabaf9bcdc33609b61172 AS builder
 
-RUN microdnf install -y --nodocs tar gzip && \
-    microdnf update -y && \
-    microdnf clean all 
+SHELL ["/bin/bash", "-c"]
 
-ADD VERSION /tmp/version
+COPY VERSION /tmp/version
 RUN source /tmp/version && \
-    curl -LJ -o conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz && \
-    tar -xzf conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
+    curl -L https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz -o /tmp/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
+    tar -xzf /tmp/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz && \
     mv conftest /usr/local/bin/conftest && \
-    rm conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz
+    conftest --version
 
-USER 1001
+# Runnable
+FROM registry.access.redhat.com/ubi9/ubi-micro:9.3
+
+COPY --from=builder /usr/local/bin/conftest /usr/local/bin/conftest
diff --git a/tekton-task-images/helm/Dockerfile b/tekton-task-images/helm/Dockerfile
@@ -1,24 +1,29 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1475@sha256:a340f4b9fb261a75c84666a3dccb88e193a116da3cebabaf9bcdc33609b61172
-
-USER root
+# Builder
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1475@sha256:a340f4b9fb261a75c84666a3dccb88e193a116da3cebabaf9bcdc33609b61172 AS builder
 
 # renovate: datasource=github-releases depName=mikefarah/yq
 ARG YQ_VERSION=v4.40.5
+RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq && \
+    chmod +x /usr/local/bin/yq && \
+    yq --version
 
-RUN microdnf install -y --nodocs openssl tar git findutils gzip && \
-    microdnf update -y && \
-    microdnf clean all
-
-ADD VERSION /tmp/version
-# helm
+COPY VERSION /tmp/version
 RUN source /tmp/version && \
-    curl -sL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | \
-    tar zxf - -C /usr/local/bin --strip-components 1 linux-amd64/helm && \
-    echo "⚓️⚓️⚓️⚓️⚓️"
+    curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -o /tmp/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    tar -xzf /tmp/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    helm version
 
-# yq
-RUN curl -sLo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 && \
-    chmod +x /usr/local/bin/yq && \
-    echo "🦨🦨🦨🦨🦨"
+# Runnable
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3
+
+USER root
+
+RUN microdnf update -y && \
+    microdnf install -y --nodocs openssl git findutils && \
+    microdnf clean all
 
 USER 1001
+
+COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
+COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm