diff options
author | Evan Read <eread@gitlab.com> | 2022-05-10 02:05:10 +0300 |
---|---|---|
committer | Evan Read <eread@gitlab.com> | 2022-05-10 02:05:10 +0300 |
commit | ff79701b2b6ea0d0d61857f80a64da05b62460c3 (patch) | |
tree | b1c87f988af66722f45f926497691b9db784b78a | |
parent | c411b0a3bd8aeb33f529da53bb84dd8ceaae8ed0 (diff) | |
parent | 9ea654a50765b3666e95398c310e99ad0e6a5d98 (diff) |
Merge branch 'axil-lint-dockerfiles' into 'main'
Use hadolint to lint Dockerfiles
Closes #1179
See merge request gitlab-org/gitlab-docs!2635
-rw-r--r-- | .gitlab-ci.yml | 12 | ||||
-rw-r--r-- | .hadolint.yaml | 3 | ||||
-rw-r--r-- | Dockerfile.main | 16 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.archives | 1 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.bootstrap | 12 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.builder.onbuild | 11 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.gitlab-docs-base | 11 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.gitlab-docs-lint-html | 21 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.gitlab-docs-lint-markdown | 2 | ||||
-rw-r--r-- | dockerfiles/Dockerfile.nginx.onbuild | 1 |
10 files changed, 47 insertions, 43 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cc64b08e..421b75e0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -412,6 +412,18 @@ test_unlinked_images: - cd ../gitlab - ./unlinked-images.sh doc + +lint_dockerfiles: + extends: + - .rules_site_tests + image: hadolint/hadolint:latest-alpine + needs: [] + before_script: [] + dependencies: [] + script: + - for file in Dockerfile.*; do hadolint $file; done + - for file in dockerfiles/Dockerfile.*; do hadolint $file; done + ############################################### # Review Apps # ############################################### diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 00000000..4a82d970 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +ignored: + - DL3018 + - DL3022 diff --git a/Dockerfile.main b/Dockerfile.main index 8a744c01..55195aee 100644 --- a/Dockerfile.main +++ b/Dockerfile.main @@ -15,17 +15,16 @@ ENV CI_COMMIT_REF_NAME ${CI_COMMIT_REF_NAME:-main} # Build the docs from this branch COPY . /source/ -RUN yarn install -RUN bundle install -RUN bundle exec rake setup_git default -RUN bundle exec nanoc compile -VV - -# Compress images -RUN /scripts/compress_images.sh /source/public ee +RUN yarn install && \ + bundle install && \ + bundle exec rake setup_git default && \ + bundle exec nanoc compile -VV && \ + /scripts/compress_images.sh /source/public ee # compress images # Symlink EE to CE # https://gitlab.com/gitlab-org/gitlab-docs/issues/418 -RUN cd /source/public/ && rm -rf ce && ln -s ee ce +WORKDIR /source/public/ +RUN rm -rf ce && ln -s ee ce # BUILD OF 'main' DOCS IS NOW DONE! @@ -63,4 +62,5 @@ COPY --from=builder /source/public ${TARGET} COPY --from=builder /scripts/minify* /scripts/ # Serve the site (target), which is now all static HTML +# hadolint ignore=DL3025 CMD echo -e "GitLab docs are viewable at:\nhttp://0.0.0.0:4000"; exec nginx -g 'daemon off;' diff --git a/dockerfiles/Dockerfile.archives b/dockerfiles/Dockerfile.archives index 0ec22256..961d0cfd 100644 --- a/dockerfiles/Dockerfile.archives +++ b/dockerfiles/Dockerfile.archives @@ -49,4 +49,5 @@ COPY --from=registry.gitlab.com/gitlab-org/gitlab-docs:10.4 ${TARGET} ${TARGET} COPY --from=registry.gitlab.com/gitlab-org/gitlab-docs:10.3 ${TARGET} ${TARGET} # Serve the site (target), which is now all static HTML +# hadolint ignore=DL3025 CMD echo -e "GitLab docs are viewable at:\nhttp://0.0.0.0:4000"; exec nginx -g 'daemon off;' diff --git a/dockerfiles/Dockerfile.bootstrap b/dockerfiles/Dockerfile.bootstrap index 65c1483f..aba59541 100644 --- a/dockerfiles/Dockerfile.bootstrap +++ b/dockerfiles/Dockerfile.bootstrap @@ -21,15 +21,13 @@ COPY /Gemfile* /source/ COPY /yarn.lock /source/ WORKDIR /source -# Install gems -RUN NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4 -# Install node libraries -RUN yarn install +# Install gems and node libraries +RUN NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4 && \ + yarn install && \ + yarn cache clean # Copy scripts used for static HTML post-processing COPY scripts /scripts/ COPY --from=minifier /minify /usr/local/bin/minify -MAINTAINER GitLab Documentation Team - -CMD echo "Nothing to do here. This is the bootstrap image that contains all dependencies to build the docs site." +CMD ["echo 'Nothing to do here. This is the bootstrap image that contains all dependencies to build the docs site.'"] diff --git a/dockerfiles/Dockerfile.builder.onbuild b/dockerfiles/Dockerfile.builder.onbuild index d030abed..94faeb84 100644 --- a/dockerfiles/Dockerfile.builder.onbuild +++ b/dockerfiles/Dockerfile.builder.onbuild @@ -13,28 +13,27 @@ ONBUILD ARG BRANCH_CHARTS # Build the docs from this branch ONBUILD COPY . /source/ ONBUILD RUN NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4 -ONBUILD RUN yarn install +ONBUILD RUN yarn install && yarn cache clean ONBUILD RUN bundle exec rake setup_git default -ONBUILD RUN yarn install ONBUILD RUN bundle exec nanoc compile -VV ## For 13.9 and later, there's a raketask that is run instead of the ## manual READMEs symlinking that is defined in scripts/normalize-links.sh. ## If the raketask is present, run it. -ONBUILD RUN [ -f /scripts/check_symlinks.sh ] && /scripts/check_symlinks.sh || "/scripts/check_symlinks.sh not found" +ONBUILD RUN if [ -f /scripts/check_symlinks.sh ]; then /scripts/check_symlinks.sh; else "/scripts/check_symlinks.sh not found"; fi # Move generated HTML to /site ONBUILD RUN mkdir /site ONBUILD RUN mv public /site/${VER} # Do some HTML post-processing on the archive -ONBUILD RUN [ -f /scripts/normalize-links.sh ] && /scripts/normalize-links.sh /site ${VER} || "/scripts/normalize-links.sh not found" +ONBUILD RUN if [ -f /scripts/normalize-links.sh ]; then /scripts/normalize-links.sh /site ${VER}; else "/scripts/normalize-links.sh not found"; fi # Compress images -ONBUILD RUN [ -f /scripts/compress_images.sh ] && /scripts/compress_images.sh /site ${VER} || "/scripts/compress_images.sh not found" +ONBUILD RUN if [ -f /scripts/compress_images.sh ]; then /scripts/compress_images.sh /site ${VER}; else "/scripts/compress_images.sh not found"; fi # Minify assets # ATTENTION: This should be the last script to run -ONBUILD RUN [ -f /scripts/minify-assets.sh ] && /scripts/minify-assets.sh /site ${VER} || "/scripts/minify-assets.sh not found" +ONBUILD RUN if [ -f /scripts/minify-assets.sh ]; then /scripts/minify-assets.sh /site ${VER}; else "/scripts/minify-assets.sh not found"; fi # Make an index.html and 404.html which will redirect / to /${VER}/ ONBUILD RUN echo "<html><head><title>Redirect for ${VER}</title><meta http-equiv=\"refresh\" content=\"0;url='/${VER}/'\" /></head><body><p>If you are not redirected automatically, click <a href=\"/${VER}/\">here</a>.</p></body></html>" > /site/index.html diff --git a/dockerfiles/Dockerfile.gitlab-docs-base b/dockerfiles/Dockerfile.gitlab-docs-base index 1789d541..03009370 100644 --- a/dockerfiles/Dockerfile.gitlab-docs-base +++ b/dockerfiles/Dockerfile.gitlab-docs-base @@ -3,7 +3,6 @@ # are needed to build the docs site and run the tests. # FROM ruby:2.7.5-alpine3.15 -MAINTAINER GitLab Technical Writing team # Install dependencies RUN apk add --no-cache -U \ @@ -26,10 +25,6 @@ RUN apk add --no-cache -U \ tar \ xz \ xz-dev \ - yarn - -# Do not install rdoc to save some space -RUN echo 'gem: --no-document' >> /etc/gemrc - -# Update RubyGems -RUN gem update --system 3.3.13 + yarn \ + && echo 'gem: --no-document' >> /etc/gemrc \ + && gem update --system 3.3.13 diff --git a/dockerfiles/Dockerfile.gitlab-docs-lint-html b/dockerfiles/Dockerfile.gitlab-docs-lint-html index 12529e2e..003146cd 100644 --- a/dockerfiles/Dockerfile.gitlab-docs-lint-html +++ b/dockerfiles/Dockerfile.gitlab-docs-lint-html @@ -12,7 +12,6 @@ ARG RUBY_VERSION ARG ALPINE_VERSION FROM ruby:${RUBY_VERSION}-alpine${ALPINE_VERSION} -MAINTAINER GitLab Technical Writing team # Install dependencies RUN apk add --no-cache -U \ @@ -33,13 +32,9 @@ RUN apk add --no-cache -U \ tar \ xz \ xz-dev \ - yarn - -# Do not install rdoc to save some space -RUN echo 'gem: --no-document' >> /etc/gemrc - -# Update RubyGems -RUN gem update --system 3.3.13 + yarn \ + && echo 'gem: --no-document' >> /etc/gemrc \ + && gem update --system 3.3.13 # Set up needed environment variables that are called with --build-arg when # the Docker image is built (see .gitlab-ci.yml). @@ -49,14 +44,14 @@ ENV CI_COMMIT_REF_NAME ${CI_COMMIT_REF_NAME:-main} WORKDIR /tmp -RUN wget https://gitlab.com/gitlab-org/gitlab-docs/-/archive/$CI_COMMIT_REF_NAME/gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 \ +RUN wget --quiet https://gitlab.com/gitlab-org/gitlab-docs/-/archive/$CI_COMMIT_REF_NAME/gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 \ && tar xvjf gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 \ && mv gitlab-docs-$CI_COMMIT_REF_NAME gitlab-docs \ && rm gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 -RUN cd gitlab-docs \ - && yarn install --frozen-lockfile \ +WORKDIR /tmp/gitlab-docs/ + +RUN yarn install --frozen-lockfile \ + && yarn cache clean --all \ && bundle update --bundler \ && NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4 - -RUN yarn cache clean --all diff --git a/dockerfiles/Dockerfile.gitlab-docs-lint-markdown b/dockerfiles/Dockerfile.gitlab-docs-lint-markdown index 29e4f6ba..6d4caa2e 100644 --- a/dockerfiles/Dockerfile.gitlab-docs-lint-markdown +++ b/dockerfiles/Dockerfile.gitlab-docs-lint-markdown @@ -8,7 +8,6 @@ ARG ALPINE_VERSION FROM alpine:${ALPINE_VERSION} -MAINTAINER GitLab Technical Writing team # VALE_VERSION and MARKDOWNLINT_VERSION are defined in .gitlab-ci.yml ARG VALE_VERSION @@ -33,6 +32,7 @@ RUN apk add --no-cache -U \ yarn # Install vale +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] RUN curl -sfL https://install.goreleaser.com/github.com/ValeLint/vale.sh | sh -s v${VALE_VERSION} # Set up needed environment variables that are called with --build-arg when diff --git a/dockerfiles/Dockerfile.nginx.onbuild b/dockerfiles/Dockerfile.nginx.onbuild index 74a041ee..585f67c4 100644 --- a/dockerfiles/Dockerfile.nginx.onbuild +++ b/dockerfiles/Dockerfile.nginx.onbuild @@ -18,4 +18,5 @@ ONBUILD COPY --from=builder /site /usr/share/nginx/html COPY dockerfiles/nginx-overrides.conf /etc/nginx/conf.d/default.conf # Start Nginx to serve the archive at / (which will redirect to the version-specific dir) +# hadolint ignore=DL3025 CMD echo -e "GitLab docs are viewable at:\nhttp://0.0.0.0:4000"; exec nginx -g 'daemon off;' |