Merge branch 'axil-lint-dockerfiles' into 'main'

Use hadolint to lint Dockerfiles

Closes #1179

See merge request gitlab-org/gitlab-docs!2635

10 files changed, 47 insertions, 43 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc64b08e..421b75e0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -412,6 +412,18 @@ test_unlinked_images:
     - cd ../gitlab
     - ./unlinked-images.sh doc
 
+
+lint_dockerfiles:
+  extends:
+    - .rules_site_tests
+  image: hadolint/hadolint:latest-alpine
+  needs: []
+  before_script: []
+  dependencies: []
+  script:
+    - for file in Dockerfile.*; do hadolint $file; done
+    - for file in dockerfiles/Dockerfile.*; do hadolint $file; done
+
 ###############################################
 #               Review Apps                   #
 ###############################################
diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 00000000..4a82d970
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3022
diff --git a/Dockerfile.main b/Dockerfile.main
index 8a744c01..55195aee 100644
--- a/Dockerfile.main
+++ b/Dockerfile.main
@@ -15,17 +15,16 @@ ENV CI_COMMIT_REF_NAME ${CI_COMMIT_REF_NAME:-main}
 
 # Build the docs from this branch
 COPY . /source/
-RUN yarn install
-RUN bundle install
-RUN bundle exec rake setup_git default
-RUN bundle exec nanoc compile -VV
-
-# Compress images
-RUN /scripts/compress_images.sh /source/public ee
+RUN yarn install && \
+    bundle install && \
+    bundle exec rake setup_git default && \
+    bundle exec nanoc compile -VV && \
+    /scripts/compress_images.sh /source/public ee # compress images
 
 # Symlink EE to CE
 # https://gitlab.com/gitlab-org/gitlab-docs/issues/418
-RUN cd /source/public/ && rm -rf ce && ln -s ee ce
+WORKDIR /source/public/
+RUN rm -rf ce && ln -s ee ce
 
 # BUILD OF 'main' DOCS IS NOW DONE!
 
@@ -63,4 +62,5 @@ COPY --from=builder /source/public ${TARGET}
 COPY --from=builder /scripts/minify* /scripts/
 
 # Serve the site (target), which is now all static HTML
+# hadolint ignore=DL3025
 CMD echo -e "GitLab docs are viewable at:\nhttp://0.0.0.0:4000"; exec nginx -g 'daemon off;'
diff --git a/dockerfiles/Dockerfile.archives b/dockerfiles/Dockerfile.archives
index 0ec22256..961d0cfd 100644
--- a/dockerfiles/Dockerfile.archives
+++ b/dockerfiles/Dockerfile.archives
@@ -49,4 +49,5 @@ COPY --from=registry.gitlab.com/gitlab-org/gitlab-docs:10.4 ${TARGET} ${TARGET}
 COPY --from=registry.gitlab.com/gitlab-org/gitlab-docs:10.3 ${TARGET} ${TARGET}
 
 # Serve the site (target), which is now all static HTML
+# hadolint ignore=DL3025
 CMD echo -e "GitLab docs are viewable at:\nhttp://0.0.0.0:4000"; exec nginx -g 'daemon off;'
diff --git a/dockerfiles/Dockerfile.bootstrap b/dockerfiles/Dockerfile.bootstrap
index 65c1483f..aba59541 100644
--- a/dockerfiles/Dockerfile.bootstrap
+++ b/dockerfiles/Dockerfile.bootstrap
@@ -21,15 +21,13 @@ COPY /Gemfile* /source/
 COPY /yarn.lock /source/
 WORKDIR /source
 
-# Install gems
-RUN NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4
-# Install node libraries
-RUN yarn install
+# Install gems and node libraries
+RUN NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4 && \
+    yarn install && \
+    yarn cache clean
 
 # Copy scripts used for static HTML post-processing
 COPY scripts /scripts/
 COPY --from=minifier /minify /usr/local/bin/minify
 
-MAINTAINER GitLab Documentation Team
-
-CMD echo "Nothing to do here. This is the bootstrap image that contains all dependencies to build the docs site."
+CMD ["echo 'Nothing to do here. This is the bootstrap image that contains all dependencies to build the docs site.'"]
diff --git a/dockerfiles/Dockerfile.builder.onbuild b/dockerfiles/Dockerfile.builder.onbuild
index d030abed..94faeb84 100644
--- a/dockerfiles/Dockerfile.builder.onbuild
+++ b/dockerfiles/Dockerfile.builder.onbuild
@@ -13,28 +13,27 @@ ONBUILD ARG BRANCH_CHARTS
 # Build the docs from this branch
 ONBUILD COPY . /source/
 ONBUILD RUN NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4
-ONBUILD RUN yarn install
+ONBUILD RUN yarn install && yarn cache clean
 ONBUILD RUN bundle exec rake setup_git default
-ONBUILD RUN yarn install
 ONBUILD RUN bundle exec nanoc compile -VV
 ## For 13.9 and later, there's a raketask that is run instead of the
 ## manual READMEs symlinking that is defined in scripts/normalize-links.sh.
 ## If the raketask is present, run it.
-ONBUILD RUN [ -f /scripts/check_symlinks.sh ] && /scripts/check_symlinks.sh || "/scripts/check_symlinks.sh not found"
+ONBUILD RUN if [ -f /scripts/check_symlinks.sh ]; then /scripts/check_symlinks.sh; else "/scripts/check_symlinks.sh not found"; fi
 
 # Move generated HTML to /site
 ONBUILD RUN mkdir /site
 ONBUILD RUN mv public /site/${VER}
 
 # Do some HTML post-processing on the archive
-ONBUILD RUN [ -f /scripts/normalize-links.sh ] && /scripts/normalize-links.sh /site ${VER} || "/scripts/normalize-links.sh not found"
+ONBUILD RUN if [ -f /scripts/normalize-links.sh ]; then /scripts/normalize-links.sh /site ${VER}; else "/scripts/normalize-links.sh not found"; fi
 
 # Compress images
-ONBUILD RUN [ -f /scripts/compress_images.sh ] && /scripts/compress_images.sh /site ${VER} || "/scripts/compress_images.sh not found"
+ONBUILD RUN if [ -f /scripts/compress_images.sh ]; then /scripts/compress_images.sh /site ${VER}; else "/scripts/compress_images.sh not found"; fi
 
 # Minify assets
 # ATTENTION: This should be the last script to run
-ONBUILD RUN [ -f /scripts/minify-assets.sh ] && /scripts/minify-assets.sh /site ${VER} || "/scripts/minify-assets.sh not found"
+ONBUILD RUN if [ -f /scripts/minify-assets.sh ]; then /scripts/minify-assets.sh /site ${VER}; else "/scripts/minify-assets.sh not found"; fi
 
 # Make an index.html and 404.html which will redirect / to /${VER}/
 ONBUILD RUN echo "<html><head><title>Redirect for ${VER}</title><meta http-equiv=\"refresh\" content=\"0;url='/${VER}/'\" /></head><body><p>If you are not redirected automatically, click <a href=\"/${VER}/\">here</a>.</p></body></html>" > /site/index.html
diff --git a/dockerfiles/Dockerfile.gitlab-docs-base b/dockerfiles/Dockerfile.gitlab-docs-base
index 1789d541..03009370 100644
--- a/dockerfiles/Dockerfile.gitlab-docs-base
+++ b/dockerfiles/Dockerfile.gitlab-docs-base
@@ -3,7 +3,6 @@
 # are needed to build the docs site and run the tests.
 #
 FROM ruby:2.7.5-alpine3.15
-MAINTAINER GitLab Technical Writing team
 
 # Install dependencies
 RUN apk add --no-cache -U \
@@ -26,10 +25,6 @@ RUN apk add --no-cache -U \
     tar         \
     xz          \
     xz-dev      \
-    yarn
-
-# Do not install rdoc to save some space
-RUN echo 'gem: --no-document' >> /etc/gemrc
-
-# Update RubyGems
-RUN gem update --system 3.3.13
+    yarn        \
+    && echo 'gem: --no-document' >> /etc/gemrc \
+    && gem update --system 3.3.13
diff --git a/dockerfiles/Dockerfile.gitlab-docs-lint-html b/dockerfiles/Dockerfile.gitlab-docs-lint-html
index 12529e2e..003146cd 100644
--- a/dockerfiles/Dockerfile.gitlab-docs-lint-html
+++ b/dockerfiles/Dockerfile.gitlab-docs-lint-html
@@ -12,7 +12,6 @@ ARG RUBY_VERSION
 ARG ALPINE_VERSION
 
 FROM ruby:${RUBY_VERSION}-alpine${ALPINE_VERSION}
-MAINTAINER GitLab Technical Writing team
 
 # Install dependencies
 RUN apk add --no-cache -U \
@@ -33,13 +32,9 @@ RUN apk add --no-cache -U \
     tar         \
     xz          \
     xz-dev      \
-    yarn
-
-# Do not install rdoc to save some space
-RUN echo 'gem: --no-document' >> /etc/gemrc
-
-# Update RubyGems
-RUN gem update --system 3.3.13
+    yarn        \
+    && echo 'gem: --no-document' >> /etc/gemrc \
+    && gem update --system 3.3.13
 
 # Set up needed environment variables that are called with --build-arg when
 # the Docker image is built (see .gitlab-ci.yml).
@@ -49,14 +44,14 @@ ENV CI_COMMIT_REF_NAME ${CI_COMMIT_REF_NAME:-main}
 
 WORKDIR /tmp
 
-RUN wget https://gitlab.com/gitlab-org/gitlab-docs/-/archive/$CI_COMMIT_REF_NAME/gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 \
+RUN wget --quiet https://gitlab.com/gitlab-org/gitlab-docs/-/archive/$CI_COMMIT_REF_NAME/gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 \
   && tar xvjf gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2 \
   && mv gitlab-docs-$CI_COMMIT_REF_NAME gitlab-docs \
   && rm gitlab-docs-$CI_COMMIT_REF_NAME.tar.bz2
 
-RUN cd gitlab-docs \
-  && yarn install --frozen-lockfile \
+WORKDIR /tmp/gitlab-docs/
+
+RUN yarn install --frozen-lockfile \
+  && yarn cache clean --all \
   && bundle update --bundler \
   && NOKOGIRI_USE_SYSTEM_LIBRARIES=1 bundle install --jobs 4
-
-RUN yarn cache clean --all
diff --git a/dockerfiles/Dockerfile.gitlab-docs-lint-markdown b/dockerfiles/Dockerfile.gitlab-docs-lint-markdown
index 29e4f6ba..6d4caa2e 100644
--- a/dockerfiles/Dockerfile.gitlab-docs-lint-markdown
+++ b/dockerfiles/Dockerfile.gitlab-docs-lint-markdown
@@ -8,7 +8,6 @@
 ARG ALPINE_VERSION
 
 FROM alpine:${ALPINE_VERSION}
-MAINTAINER GitLab Technical Writing team
 
 # VALE_VERSION and MARKDOWNLINT_VERSION are defined in .gitlab-ci.yml
 ARG VALE_VERSION
@@ -33,6 +32,7 @@ RUN apk add --no-cache -U \
     yarn
 
 # Install vale
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 RUN curl -sfL https://install.goreleaser.com/github.com/ValeLint/vale.sh | sh -s v${VALE_VERSION}
 
 # Set up needed environment variables that are called with --build-arg when
diff --git a/dockerfiles/Dockerfile.nginx.onbuild b/dockerfiles/Dockerfile.nginx.onbuild
index 74a041ee..585f67c4 100644
--- a/dockerfiles/Dockerfile.nginx.onbuild
+++ b/dockerfiles/Dockerfile.nginx.onbuild
@@ -18,4 +18,5 @@ ONBUILD COPY --from=builder /site /usr/share/nginx/html
 COPY dockerfiles/nginx-overrides.conf /etc/nginx/conf.d/default.conf
 
 # Start Nginx to serve the archive at / (which will redirect to the version-specific dir)
+# hadolint ignore=DL3025
 CMD echo -e "GitLab docs are viewable at:\nhttp://0.0.0.0:4000"; exec nginx -g 'daemon off;'