ci: add hadolint Dockerfile linter (#125)

* ci: add hadolint Dockerfile linter * fix --------- Co-authored-by: very-doge-wow <[email protected]>
very-doge-wow · Oct 20, 2024 · 0c15506 · 0c15506
1 parent d84ad3f
commit 0c15506
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 22 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,24 @@
+name: Lint
+on: [push]
+jobs:
+  markdownlint:
+    name: markdownlint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: lint_markdown
+        uses: docker://avtodev/markdown-lint:v1
+        with:
+          args: './*.md'
+          ignore: './test/output.md ./test/custom-template-keywords.md ./EXAMPLE_OUTPUT.md'
+  hadolint:
+    name: hadolint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: hadolint
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: Dockerfile
diff --git a/.github/workflows/lintmarkdown.yml b/.github/workflows/lintmarkdown.yml
diff --git a/Dockerfile b/Dockerfile
@@ -1,32 +1,37 @@
-FROM python:3.13-alpine3.20 as helper
+FROM python:3.13-alpine3.20@sha256:c38ead8bcf521573dad837d7ecfdebbc87792202e89953ba8b2b83a9c5a520b6 as helper
+
+# renovate: datasource=pypi depName=pipenv versioning=pep440
+ENV PIP_ENV_VERSION=2024.0.3
 
 USER root
 
-WORKDIR app
+WORKDIR /app
 
 COPY Pipfile Pipfile.lock ./
 
 RUN <<EOF
-pip install pipenv --upgrade
+pip install pipenv==${PIP_ENV_VERSION} --no-cache-dir --upgrade
 pipenv requirements --hash > requirements.txt
 EOF
 
-FROM python:3.13-alpine3.20
+USER 1000
+
+FROM python:3.13-alpine3.20@sha256:c38ead8bcf521573dad837d7ecfdebbc87792202e89953ba8b2b83a9c5a520b6
 
 ARG IMAGE_VERSION=latest
 ARG COMMIT_SHA=unknown
 
 USER root
 
-WORKDIR app
+WORKDIR /app
 
 COPY reader/ ./reader
 COPY writer ./writer
 COPY stella.py EXAMPLE/style.css ./
 COPY --from=helper /app/requirements.txt .
 
 RUN <<EOF
-pip install --root-user-action ignore -r requirements.txt
+pip install --no-cache-dir --root-user-action ignore -r requirements.txt
 chmod +x stella.py
 ln -s /app/stella.py /usr/local/bin/stella
 EOF

diff --git a/README.md b/README.md
@@ -200,6 +200,7 @@ Install linters beforehand:
 
 * [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli)
 * [ruff](https://docs.astral.sh/ruff/)
+* [hadolint](https://github.com/hadolint/hadolint)
 
 ```shell
 # Markdown Linter
@@ -212,6 +213,9 @@ markdownlint './*.md' \
 ruff check \
   --fix \
   --config "lint.extend-select=['E','F','B','Q','S','W','DJ']"  .
+
+# Dockerfile Linter
+hadolint Dockerfile
 ```
 
 ### Running Unit Tests

diff --git a/renovate.json b/renovate.json
@@ -1,6 +1,10 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["schedule:daily"],
+  "extends": [
+    "base",
+    "schedule:daily",
+    "customManagers:dockerfileVersions"
+  ],
   "packageRules": [
     {
       "groupName": "All Updates",