Use hadolint to check dockerfile

2022-12-21 09:54:34 +01:00 · 2022-12-21 09:54:34 +01:00 · 8b82b74f52
commit 8b82b74f52
parent f464553da4
2 changed files with 30 additions and 14 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -5,6 +5,17 @@ on:
    pull_request:

 jobs:
+    lint:
+        name: Docker Lint
+        runs-on: ubuntu-latest
+        steps:
+          - name: Checkout
+            uses: actions/checkout@v3
+          - name: Lint Dockerfile
+            uses: hadolint/hadolint-action@master
+            with:
+                dockerfile: Dockerfile
+                ignore: DL3007,DL3018 # Ignore using latest on mlocati/php-extension-installer & version in apk add
    build:
        name: Docker build
        runs-on: ubuntu-latest
--- a/33
+++ b/33
@ -4,6 +4,20 @@
 # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
 # https://docs.docker.com/compose/compose-file/#target

+# Builder images
+FROM composer/composer:2-bin AS composer
+
+FROM mlocati/php-extension-installer:latest AS php_extension_installer
+
+# Build Caddy with the Mercure and Vulcain modules
+FROM caddy:2.6-builder-alpine AS app_caddy_builder
+
+RUN xcaddy build \
+	--with github.com/dunglas/mercure \
+	--with github.com/dunglas/mercure/caddy \
+	--with github.com/dunglas/vulcain \
+	--with github.com/dunglas/vulcain/caddy
+
 # Prod image
 FROM php:8.2-fpm-alpine AS app_php

@ -20,7 +34,7 @@ ENV APP_ENV=prod
 WORKDIR /srv/app

 # php extensions installer: https://github.com/mlocati/docker-php-extension-installer
-COPY --from=mlocati/php-extension-installer --link /usr/bin/install-php-extensions /usr/local/bin/
+COPY --from=php_extension_installer --link /usr/bin/install-php-extensions /usr/local/bin/

 # persistent / runtime deps
 RUN apk add --no-cache \
@ -64,10 +78,10 @@ CMD ["php-fpm"]
 ENV COMPOSER_ALLOW_SUPERUSER=1
 ENV PATH="${PATH}:/root/.composer/vendor/bin"

-COPY --from=composer/composer:2-bin --link /composer /usr/bin/composer
+COPY --from=composer --link /composer /usr/bin/composer

 # prevent the reinstallation of vendors at every changes in the source code
-COPY composer.* symfony.* ./
+COPY --link composer.* symfony.* ./
 RUN set -eux; \
    if [ -f composer.json ]; then \
 		composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress; \
@ -75,7 +89,7 @@ RUN set -eux; \
    fi

 # copy sources
-COPY --link  . .
+COPY --link  . ./
 RUN rm -Rf docker/

 RUN set -eux; \
@ -93,7 +107,7 @@ FROM app_php AS app_php_dev
 ENV APP_ENV=dev XDEBUG_MODE=off
 VOLUME /srv/app/var/

-RUN rm $PHP_INI_DIR/conf.d/app.prod.ini; \
+RUN rm "$PHP_INI_DIR/conf.d/app.prod.ini"; \
 	mv "$PHP_INI_DIR/php.ini" "$PHP_INI_DIR/php.ini-production"; \
 	mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"

@ -104,15 +118,6 @@ RUN set -eux; \

 RUN rm -f .env.local.php

-# Build Caddy with the Mercure and Vulcain modules
-FROM caddy:2.6-builder-alpine AS app_caddy_builder
-
-RUN xcaddy build \
-	--with github.com/dunglas/mercure \
-	--with github.com/dunglas/mercure/caddy \
-	--with github.com/dunglas/vulcain \
-	--with github.com/dunglas/vulcain/caddy
-
 # Caddy image
 FROM caddy:2.6-alpine AS app_caddy