nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2024-09-20 14:56:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3231 from nextcloud/enh/3225/hadolint

Browse source 
adjust docker-lint to use hadolint
This commit is contained in:
Simon L 2023-09-27 12:10:33 +02:00 committed by GitHub
parent ad81f52991 0b1ac3422f
commit 3e25acce24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 21 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
.github/workflows/docker-lint.yml vendored
View file

@ -27,28 +27,20 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Install npm and dockerfilelint
- name: Install hadolint
run: |
sudo apt-get update
sudo apt-get install nodejs npm -y --no-install-recommends
npm install -g dockerfilelint
wget https://github.com/replicatedhq/dockerfilelint/pull/201.patch -O /usr/local/lib/node_modules/dockerfilelint/201.patch
CURRENT_DIR=$PWD
cd /usr/local/lib/node_modules/dockerfilelint/
git apply 201.patch
cd $CURRENT_DIR
cat << RULES > ./.dockerfilelintrc
rules:
sudo_usage: off
RULES
sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint
sudo chmod +x /usr/bin/hadolint
- name: run lint
run: |
DOCKERFILES="$(find ./Containers -name Dockerfile)"
mapfile -t DOCKERFILES <<< "$DOCKERFILES"
for file in "${DOCKERFILES[@]}"; do
dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log
# DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
# DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
hadolint "$file" --ignore DL3018 --ignore DL4006 | tee -a ./hadolint.log
done
if grep "^Issues: [0-9]" ./dockerfilelint.log; then
if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
exit 1
fi

1
Containers/borgbackup/Dockerfile
View file

@ -16,6 +16,7 @@ VOLUME /root
COPY --chmod=770 *.sh /
ENTRYPOINT ["/start.sh"]
# hadolint ignore=DL3002
USER root
LABEL com.centurylinklabs.watchtower.enable="false"

2
Containers/clamav/Dockerfile
View file

@ -5,7 +5,7 @@ COPY clamav.conf /tmp/clamav.conf
RUN set -ex; \
apk add --no-cache tzdata; \
cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
cat /tmp/clamav.conf > /etc/clamav/clamd.conf; \
rm /tmp/clamav.conf; \
mkdir -p /var/run/clamav /run/lock; \
chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \

1
Containers/collabora/Dockerfile
View file

@ -3,6 +3,7 @@ FROM collabora/code:23.05.4.2.1
USER root
# hadolint ignore=DL3008
RUN set -ex; \
\
apt-get update; \

1
Containers/docker-socket-proxy/Dockerfile
View file

@ -1,5 +1,6 @@
FROM haproxy:2.8.3-alpine3.18
# hadolint ignore=DL3002
USER root
ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
RUN set -ex; \

1
Containers/fulltextsearch/Dockerfile
View file

@ -3,6 +3,7 @@ FROM elasticsearch:8.10.2
USER root
# hadolint ignore=DL3008
RUN set -ex; \
\
export DEBIAN_FRONTEND=noninteractive; \

4
Containers/mastercontainer/Dockerfile
View file

@ -16,6 +16,7 @@ COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
WORKDIR /var/www/docker-aio
# hadolint ignore=SC2086,DL3047,DL3003,DL3004
RUN set -ex; \
apk add --no-cache shadow; \
groupmod -g 333 xfs; \
@ -50,7 +51,7 @@ RUN set -ex; \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-aio-rundeps $runDeps; \
apk add --no-cache --virtual .nextcloud-aio-rundeps $runDeps; \
apk del .build-deps; \
grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
@ -120,6 +121,7 @@ COPY --chmod=664 Caddyfile /Caddyfile
COPY --chmod=664 supervisord.conf /supervisord.conf
COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
# hadolint ignore=DL3002
USER root
ENTRYPOINT ["/start.sh"]

6
Containers/nextcloud/Dockerfile
View file

@ -16,6 +16,7 @@ VOLUME /mnt/ncdata
VOLUME /var/www/html
# Custom: change id of www-data user as it needs to be the same like on old installations
# hadolint ignore=SC2086,DL3003
RUN set -ex; \
apk add --no-cache shadow; \
deluser www-data; \
@ -85,7 +86,7 @@ RUN set -ex; \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps; \
\
# set recommended PHP.ini settings
@ -170,7 +171,7 @@ RUN set -ex; \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
apk del .build-deps; \
\
mkdir -p \
@ -219,6 +220,7 @@ RUN set -ex; \
# Give root a random password
echo "root:$(openssl rand -base64 12)" | chpasswd
# hadolint ignore=DL3002
USER root
ENTRYPOINT ["/start.sh"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

2
Containers/talk-recording/Dockerfile
View file

@ -30,7 +30,7 @@ RUN set -ex; \
echo "root:$(openssl rand -base64 12)" | chpasswd; \
git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
python3 -m pip install /src/recording/src; \
python3 -m pip install --no-cache-dir /src/recording/src; \
rm -rf /src; \
touch /etc/recording.conf; \
chown recording:recording -R \

1
Containers/watchtower/Dockerfile
View file

@ -8,6 +8,7 @@ COPY --from=watchtower /watchtower /watchtower
COPY --chmod=775 start.sh /start.sh
# hadolint ignore=DL3002
USER root
ENTRYPOINT ["/start.sh"]