Unverified Commit 72c4cdb7 authored by Douglas Duteil's avatar Douglas Duteil Committed by GitHub
Browse files

chore(hadolint): prefer using ghcr.io/hadolint/hadolint image (#648)

parent a1920997
let GithubActions =
https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/github-actions/package.dhall sha256:327d499ebf1ec63e5c3b0b0d5285b78a07be4ad1a941556eb35f67547004545f
let {- renovate: datasource=docker depName=hadolint/hadolint -}
let {- renovate: datasource=docker depName=ghcr.io/hadolint/hadolint -}
HADOLINT_VERSION =
"v2.4.0"
"2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
let HadolintJob =
λ(package : Text) →
GithubActions.Job::{
, name = Some "Lint"
, runs-on = GithubActions.RunsOn.Type.ubuntu-latest
, container = Some "hadolint/hadolint:${HADOLINT_VERSION}"
, steps =
[ GithubActions.steps.actions/checkout
, GithubActions.Step::{
, run = Some "hadolint ./Dockerfile"
, working-directory = Some package
, uses = Some
"docker://ghcr.io/hadolint/hadolint:${HADOLINT_VERSION}"
, `with` = Some
(toMap { args = "hadolint ./${package}/Dockerfile" })
}
]
}
......@@ -26,12 +27,12 @@ let __test__foo =
≡ GithubActions.Job::{
, name = Some "Lint"
, runs-on = GithubActions.RunsOn.Type.ubuntu-latest
, container = Some "hadolint/hadolint:${HADOLINT_VERSION}"
, steps =
[ GithubActions.steps.actions/checkout
, GithubActions.Step::{
, run = Some "hadolint ./Dockerfile"
, working-directory = Some "foo"
, uses = Some
"docker://ghcr.io/hadolint/hadolint:${HADOLINT_VERSION}"
, `with` = Some (toMap { args = "hadolint ./foo/Dockerfile" })
}
]
}
......
......@@ -14,7 +14,7 @@ let DockerBuildJob =
../jobs/DockerBuild.dhall sha256:c7fb5c22101c47af7907cabf6ed1ad872586f8082cf55880f7b3b0a3a7fd40e9
let HadolintJob =
../jobs/Hadolint.dhall sha256:6857d03b50ed49cbecf4815eb54cea4bcb1b6a706ae07b5bee3297148d58f859
../jobs/Hadolint.dhall sha256:1d4f5d3df464f83d02f4a281a10a205731b08ee2d10c5fd23888cc4f9e9fa8be
let Worklflow =
λ ( args
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config azure-cli/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/azure-cli@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: azure-cli
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./azure-cli/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config azure-cli/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/azure-cli@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: azure-cli
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./azure-cli/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: azure-db
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: azure-db
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./azure-db/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: azure-db
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: azure-db
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./azure-db/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: bats
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: bats
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./bats/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: bats
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: bats
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./bats/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config curl/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/curl@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: curl
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./curl/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config curl/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/curl@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: curl
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./curl/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config dhall/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/dhall@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: dhall
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./dhall/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config dhall/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/dhall@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: dhall
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./dhall/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: git-deploy
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: git-deploy
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./git-deploy/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: git-deploy
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: git-deploy
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./git-deploy/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config kosko/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/kosko@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: kosko
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./kosko/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config kosko/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/kosko@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: kosko
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./kosko/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config kubectl/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/kubectl@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: kubectl
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./kubectl/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config kubectl/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/kubectl@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: kubectl
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./kubectl/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: nginx4spa
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: nginx4spa
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./nginx4spa/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: nginx4spa
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: nginx4spa
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./nginx4spa/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config no-k8s/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/no-k8s@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: no-k8s
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./no-k8s/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config no-k8s/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/no-k8s@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: no-k8s
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./no-k8s/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config puppeteer/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/puppeteer@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: puppeteer
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./puppeteer/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -66,13 +66,13 @@ jobs:
with:
args: "test --config puppeteer/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/puppeteer@${{ needs.Build.outputs.digest }} --pull"
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: puppeteer
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./puppeteer/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: wait-for-http
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: wait-for-http
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./wait-for-http/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: wait-for-http
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: wait-for-http
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./wait-for-http/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: wait-for-postgres
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: wait-for-postgres
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./wait-for-postgres/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -76,13 +76,13 @@ jobs:
- run: make e2e
working-directory: wait-for-postgres
lint:
container: hadolint/hadolint:v2.4.0
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: hadolint ./Dockerfile
working-directory: wait-for-postgres
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./wait-for-postgres/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
......
......@@ -60,9 +60,9 @@ $ mkdir foo
### Lint Dockerfiles
```sh
$ docker run --rm -i hadolint/hadolint < ./<image>/Dockerfile
$ docker run --rm -i ghcr.io/hadolint/hadolint < ./<image>/Dockerfile
# example
$ docker run --rm -i hadolint/hadolint < ./helm/Dockerfile
$ docker run --rm -i ghcr.io/hadolint/hadolint < ./helm/Dockerfile
```
## Generate GitLab Workflow
......
let AssemblyLine =
../../.github/dhall/workflows/AssemblyLine.dhall sha256:0d4cc7cc7e697c519998da4981d01be69d64420bf9bb3ea9022b04b0317ece6d
../../.github/dhall/workflows/AssemblyLine.dhall sha256:638cdd618db308020b000732513bffcce357f2bc46ea50eb0a3536e703bfa500
let InceptionJob =
../../.github/dhall/jobs/Inception.dhall sha256:65a7d0afb9febb7af474404b75696831c58e9fe7008b8643fd82b543e37b5a21
......
let On =
../../.github/dhall/workflows/On.dhall sha256:301b261621031aa3430166cce91638e0cb5b8a0fe7c71fb2c8ceddabd82f170e
in ./AssemblyLine.dhall sha256:240ab8caeec2d643eee6fee50e3ef058f7d6fb9582da61bd7832d1618559554c
in ./AssemblyLine.dhall sha256:88c48abb2ae628cd078a1e70c4d5b32a734c57e497cb70e1c08e8d932a311a15
with on = On.match On.Event.FeatureBranches "azure-cli"
with name = "azure-cli (branch)"
let On =
../../.github/dhall/workflows/On.dhall sha256:301b261621031aa3430166cce91638e0cb5b8a0fe7c71fb2c8ceddabd82f170e
in ./AssemblyLine.dhall sha256:240ab8caeec2d643eee6fee50e3ef058f7d6fb9582da61bd7832d1618559554c
in ./AssemblyLine.dhall sha256:88c48abb2ae628cd078a1e70c4d5b32a734c57e497cb70e1c08e8d932a311a15
with on = On.match On.Event.ReleasesBranches "azure-cli"
with name = "azure-cli (main)"
......@@ -6,7 +6,7 @@ services:
replicas: 0
lint:
image: hadolint/hadolint:v2.4.0-alpine
image: ghcr.io/hadolint/hadolint:2.4.0-alpine
entrypoint: hadolint
command: Dockerfile
volumes:
......
let AssemblyLine =
../../.github/dhall/workflows/AssemblyLine.dhall sha256:0d4cc7cc7e697c519998da4981d01be69d64420bf9bb3ea9022b04b0317ece6d
../../.github/dhall/workflows/AssemblyLine.dhall sha256:638cdd618db308020b000732513bffcce357f2bc46ea50eb0a3536e703bfa500
let InceptionJob =
../../.github/dhall/jobs/Inception.dhall sha256:65a7d0afb9febb7af474404b75696831c58e9fe7008b8643fd82b543e37b5a21
......
let On =
../../.github/dhall/workflows/On.dhall sha256:301b261621031aa3430166cce91638e0cb5b8a0fe7c71fb2c8ceddabd82f170e
in ./AssemblyLine.dhall sha256:b0fb90107b39d378f79709b26b49554c665f6ccd47012e9a30d5c565db165eb4
in ./AssemblyLine.dhall sha256:74c98273e82cee344559dde78ebb4d67a9691786eceec72a885c409a2a1728dc
with on = On.match On.Event.FeatureBranches "azure-db"
with name = "azure-db (branch)"