Merge pull request #1952 from SkynetLabs/hadolint-dockerfiles

Lint dockerfiles with hadolint
2022-03-31 15:24:31 +02:00 · 2022-03-31 15:24:31 +02:00 · 18eb784f26
parent f3ec613a5a dd51ece41b
commit 18eb784f26
7 changed files with 40 additions and 12 deletions
--- a/.github/workflows/lint-dockerfiles.yml
+++ b/.github/workflows/lint-dockerfiles.yml
@ -0,0 +1,27 @@
 name: Dockerfile Lint
 on:
  push:
    branches:
      - master
  pull_request:
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        dockerfile:
          - docker/nginx/Dockerfile
          - docker/sia/Dockerfile
          - packages/dashboard/Dockerfile
          - packages/dnslink-api/Dockerfile
          - packages/handshake-api/Dockerfile
          - packages/health-check/Dockerfile
          - packages/website/Dockerfile
    steps:
      - uses: actions/checkout@v3
      - uses: hadolint/hadolint-action@v2.0.0
        with:
          dockerfile: ${{ matrix.dockerfile }}
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@ -1,5 +1,7 @@
 FROM openresty/openresty:1.19.9.1-focal
 WORKDIR /
 RUN luarocks install lua-resty-http && \
    luarocks install hasher && \
    openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
--- a/docker/sia/Dockerfile
+++ b/docker/sia/Dockerfile
@ -5,12 +5,12 @@ ENV GOARCH amd64
 ARG branch=portal-latest
-RUN git clone https://gitlab.com/SkynetLabs/skyd.git Sia --single-branch --branch ${branch}
+RUN git clone https://gitlab.com/SkynetLabs/skyd.git Sia --single-branch --branch ${branch} && \
-RUN make release --directory Sia
+    make release --directory Sia
-FROM nebulouslabs/sia:latest
+FROM nebulouslabs/sia:1.5.6
 COPY --from=sia-builder /go/bin/ /usr/bin/
-RUN mv /usr/bin/skyd /usr/bin/siad || true && \
+RUN if [ -f "/usr/bin/skyd" ]; then mv /usr/bin/skyd /usr/bin/siad; fi && \
-    mv /usr/bin/skyc /usr/bin/siac || true
+    if [ -f "/usr/bin/skyc" ]; then mv /usr/bin/skyc /usr/bin/siac; fi
--- a/packages/dnslink-api/Dockerfile
+++ b/packages/dnslink-api/Dockerfile
@ -9,4 +9,4 @@ RUN yarn --frozen-lockfile
 COPY src/* src/
 EXPOSE 3100
-CMD node src/index.js
+CMD ["node", "src/index.js"]
--- a/packages/handshake-api/Dockerfile
+++ b/packages/handshake-api/Dockerfile
@ -15,4 +15,4 @@ ENV HSD_API_KEY="foo"
 EXPOSE 3100
 ENV NODE_ENV production
-CMD node src/index.js
+CMD ["node", "src/index.js"]
--- a/packages/health-check/Dockerfile
+++ b/packages/health-check/Dockerfile
@ -1,16 +1,15 @@
 FROM node:16.14.2-alpine
-RUN apk update && apk add dnsmasq
+RUN apk add --no-cache dnsmasq=2.86-r0
 WORKDIR /usr/app
 ENV PATH="/usr/app/bin:${PATH}"
 # schedule critical checks to run every 5 minutes (any failures will disable server)
 RUN echo '*/5 * * * * source /etc/environment ; /usr/app/bin/cli run critical >> /proc/1/fd/1' >> /etc/crontabs/root
 # schedule extended checks to run on every hour (optional checks, report only)
-RUN echo '0 * * * * source /etc/environment ; /usr/app/bin/cli run extended >> /proc/1/fd/1' >> /etc/crontabs/root
+RUN echo '*/5 * * * * source /etc/environment ; /usr/app/bin/cli run critical >> /proc/1/fd/1' >> /etc/crontabs/root && \
    echo '0 * * * * source /etc/environment ; /usr/app/bin/cli run extended >> /proc/1/fd/1' >> /etc/crontabs/root
 COPY package.json yarn.lock ./
--- a/packages/website/Dockerfile
+++ b/packages/website/Dockerfile
@ -1,6 +1,6 @@
 FROM node:16.14.2-alpine
-RUN apk update && apk add autoconf automake build-base libtool nasm pkgconfig
+RUN apk add --no-cache autoconf=2.71-r0 automake=1.16.4-r1 build-base=0.5-r2 libtool=2.4.6-r7 nasm=2.15.05-r0 pkgconf=1.8.0-r0
 WORKDIR /usr/app