From 8b82b74f52dc977eda946f2f78f6bb0d9fc5a2bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maxime=20H=C3=A9lias?= <maximehelias16@gmail.com>
Date: Wed, 21 Dec 2022 09:54:34 +0100
Subject: [PATCH] Use hadolint to check dockerfile

---
 .github/workflows/ci.yml | 11 +++++++++++
 Dockerfile               | 33 +++++++++++++++++++--------------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0d8192d..96cd238 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,6 +5,17 @@ on:
     pull_request:
 
 jobs:
+    lint:
+        name: Docker Lint
+        runs-on: ubuntu-latest
+        steps:
+          - name: Checkout
+            uses: actions/checkout@v3
+          - name: Lint Dockerfile
+            uses: hadolint/hadolint-action@master
+            with:
+                dockerfile: Dockerfile
+                ignore: DL3007,DL3018 # Ignore using latest on mlocati/php-extension-installer & version in apk add
     build:
         name: Docker build
         runs-on: ubuntu-latest
diff --git a/Dockerfile b/Dockerfile
index 2db4c96..4977f13 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,20 @@
 # https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
 # https://docs.docker.com/compose/compose-file/#target
 
+# Builder images
+FROM composer/composer:2-bin AS composer
+
+FROM mlocati/php-extension-installer:latest AS php_extension_installer
+
+# Build Caddy with the Mercure and Vulcain modules
+FROM caddy:2.6-builder-alpine AS app_caddy_builder
+
+RUN xcaddy build \
+	--with github.com/dunglas/mercure \
+	--with github.com/dunglas/mercure/caddy \
+	--with github.com/dunglas/vulcain \
+	--with github.com/dunglas/vulcain/caddy
+
 # Prod image
 FROM php:8.2-fpm-alpine AS app_php
 
@@ -20,7 +34,7 @@ ENV APP_ENV=prod
 WORKDIR /srv/app
 
 # php extensions installer: https://github.com/mlocati/docker-php-extension-installer
-COPY --from=mlocati/php-extension-installer --link /usr/bin/install-php-extensions /usr/local/bin/
+COPY --from=php_extension_installer --link /usr/bin/install-php-extensions /usr/local/bin/
 
 # persistent / runtime deps
 RUN apk add --no-cache \
@@ -64,10 +78,10 @@ CMD ["php-fpm"]
 ENV COMPOSER_ALLOW_SUPERUSER=1
 ENV PATH="${PATH}:/root/.composer/vendor/bin"
 
-COPY --from=composer/composer:2-bin --link /composer /usr/bin/composer
+COPY --from=composer --link /composer /usr/bin/composer
 
 # prevent the reinstallation of vendors at every changes in the source code
-COPY composer.* symfony.* ./
+COPY --link composer.* symfony.* ./
 RUN set -eux; \
     if [ -f composer.json ]; then \
 		composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress; \
@@ -75,7 +89,7 @@ RUN set -eux; \
     fi
 
 # copy sources
-COPY --link  . .
+COPY --link  . ./
 RUN rm -Rf docker/
 
 RUN set -eux; \
@@ -93,7 +107,7 @@ FROM app_php AS app_php_dev
 ENV APP_ENV=dev XDEBUG_MODE=off
 VOLUME /srv/app/var/
 
-RUN rm $PHP_INI_DIR/conf.d/app.prod.ini; \
+RUN rm "$PHP_INI_DIR/conf.d/app.prod.ini"; \
 	mv "$PHP_INI_DIR/php.ini" "$PHP_INI_DIR/php.ini-production"; \
 	mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
 
@@ -104,15 +118,6 @@ RUN set -eux; \
 
 RUN rm -f .env.local.php
 
-# Build Caddy with the Mercure and Vulcain modules
-FROM caddy:2.6-builder-alpine AS app_caddy_builder
-
-RUN xcaddy build \
-	--with github.com/dunglas/mercure \
-	--with github.com/dunglas/mercure/caddy \
-	--with github.com/dunglas/vulcain \
-	--with github.com/dunglas/vulcain/caddy
-
 # Caddy image
 FROM caddy:2.6-alpine AS app_caddy