Add hadolint ci

[Wienerbroed]

Description

Please provide a summary of the change and explain what problem it solves. Include any relevant motivation and context.

Related Issue:
If applicable, please reference the issue number that this pull request fixes:
Fixes #[issue-number]

Type of Change

Please check the type(s) of changes your code introduces:

• Bug fix: Non-breaking change which fixes an issue.
• [x ] New feature: Non-breaking change which adds functionality.
• Breaking change: Fix or feature that would cause existing functionality to change.
• Documentation update: Changes to documentation only.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce the testing environment.

• [x ] Test A
• Checked if ci.yaml ran properly returned expected errors

Include any details regarding your testing environment, test configuration, or steps to reproduce.

Checklist

Before creating this pull request, please ensure that your code meets the following requirements:

• [x ] My code follows the style guidelines of this project.
• [x ] I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have made corresponding changes to the documentation.
• My changes generate no new warnings.
• Any dependent changes have been merged and published in downstream modules.

Summary by CodeRabbit

• New Features

  • Integrated automated Dockerfile linting into the CI process to enhance container configuration quality.
  • Introduced an automation task offering detailed linting for Dockerfiles with clear feedback.

• Chores

  • Updated version control settings to include files that were previously excluded.
  • Added a new dependency to support improved task automation.

• Refactor

  • Streamlined the loading mechanism for automation tasks to simplify management.
  • Consolidated commands in the Dockerfile to reduce layers during the image build process.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The update modifies the CI workflow to install and verify Hadolint, followed by linting both development and production Dockerfiles. The .gitignore has been updated to track the lib/ directory. In the Sinatra project, the Gemfile now includes the rake gem, the Rakefile has been adjusted to dynamically load tasks from the lib/tasks folder, and a new Rake task has been added to lint Dockerfiles using Hadolint.

Changes

File(s)	Change Summary
.github/workflows/ci.yaml	Added steps to install Hadolint, verify its installation, and lint both Dockerfile.dev and Dockerfile.prod.
.gitignore	Removed the lib/ entry so that the directory becomes tracked by version control.
sinatra/{Gemfile, Rakefile, lib/tasks/docker_lint.rake}	Added the rake gem; updated the Rakefile to load tasks from lib/tasks; introduced a new Dockerfile linting task under the lint namespace.
sinatra/Dockerfile.prod	Consolidated commands related to entrypoint script and file ownership into a single RUN command for simplification.

Sequence Diagram(s)

sequenceDiagram
    participant CI as CI Pipeline
    participant Shell as Shell Environment
    participant Hadolint as Hadolint Binary

    CI->>Shell: Run "Install Hadolint"
    Shell->>Hadolint: Download & setup Hadolint binary
    CI->>Shell: Run "Verify Hadolint installation"
    Shell->>Hadolint: Display version
    CI->>Shell: Run "Lint Dockerfile.dev"
    Shell->>Hadolint: Lint Dockerfile.dev
    CI->>Shell: Run "Lint Dockerfile.prod"
    Shell->>Hadolint: Lint Dockerfile.prod

Loading

sequenceDiagram
    participant Dev as Developer
    participant Rake as Rake Task Runner
    participant FS as File System
    participant Hadolint as Hadolint Binary

    Dev->>Rake: Invoke docker_lint task (with optional Dockerfile arg)
    Rake->>FS: Check if specified Dockerfile exists
    alt File exists
        Rake->>Hadolint: Run lint on Dockerfile
        Hadolint-->>Rake: Return lint results
        Rake-->>Dev: Display success or error message based on results
    else File missing
        Rake-->>Dev: Print error and exit with status 1
    end

Loading

Possibly related PRs

• Add hadolint ci #115: The changes in the main PR are directly related to those in the retrieved PR, as both introduce steps for installing and using Hadolint for linting Dockerfiles within the CI workflow.

Poem

Oh, I hopped into the code so bright,
With Dockerfiles in my line of sight.
CI now sings a linting tune,
And Rake tasks prance under the moon.
A bunny’s cheer for changes made,
In code where checks and hops parade!

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

---

📜 Recent review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f521722 and 83e536b.

⛔ Files ignored due to path filters (1)

• sinatra/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• sinatra/Gemfile (1 hunks)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

sinatra/Gemfile (1)

16-16: Add gem 'rake' but maintain alphabetical order.

Adding the rake gem is appropriate for supporting the new rake tasks. However, according to Ruby conventions (and the RuboCop hint), gems should be alphabetically ordered within their sections.

 gem 'puma', '~> 6.6'
 gem 'rackup', '~> 2.2'
+gem 'rake'
 gem 'rubocop', '~> 1.72', require: false
 gem 'sinatra'
 gem 'sinatra-contrib'
 gem 'sinatra-flash'
 gem 'sqlite3'
-gem 'rake'

🧰 Tools

🪛 RuboCop (1.73)

[convention] 16-16: Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem rake should appear before sqlite3.

(Bundler/OrderedGems)

.github/workflows/ci.yaml (2)

47-47: Remove trailing whitespace.

There are trailing spaces on this line that should be removed for cleaner code.

-      
+

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 47-47: trailing spaces

(trailing-spaces)

---

48-67: Good implementation with some suggested improvements.

The Hadolint installation and verification steps look good! A few considerations:

1. Consider using the newly created Rake task rather than calling Hadolint directly in the workflow. This would ensure consistency between CLI usage and CI:

 # Lint Dockerfile.dev
 - name: Lint Dockerfile.dev
+  working-directory: sinatra
   run: |
-    hadolint sinatra/Dockerfile.dev
+    bundle exec rake lint:dockerfile[Dockerfile.dev]

 # Lint Dockerfile.prod
 - name: Lint Dockerfile.prod
+  working-directory: sinatra
   run: |
-    hadolint sinatra/Dockerfile.prod
+    bundle exec rake lint:dockerfile[Dockerfile.prod]

2. For security, consider adding checksum verification for the Hadolint download:

 - name: Install Hadolint
   run: |
+    # Define the expected SHA256 checksum 
+    EXPECTED_SHA="a54216819d5b225b4904f13f3b7710bbf2a2b71404148d8eec85d9cfe2e36b51"
     wget -O hadolint "https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64"
+    # Verify checksum
+    ACTUAL_SHA=$(sha256sum hadolint | cut -d' ' -f1)
+    if [ "$EXPECTED_SHA" != "$ACTUAL_SHA" ]; then
+      echo "Checksum verification failed!"
+      exit 1
+    fi
     chmod +x hadolint
     sudo mv hadolint /usr/local/bin/hadolint

These changes would improve security and maintainability while keeping the original functionality intact.

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7abd01b and d985152.

⛔ Files ignored due to path filters (2)

• sinatra/Gemfile.lock is excluded by !**/*.lock
• sinatra/hadolint.exe is excluded by !**/*.exe

📒 Files selected for processing (5)

• .github/workflows/ci.yaml (1 hunks)
• .gitignore (0 hunks)
• sinatra/Gemfile (1 hunks)
• sinatra/Rakefile (1 hunks)
• sinatra/lib/tasks/docker_lint.rake (1 hunks)

💤 Files with no reviewable changes (1)

• .gitignore

🧰 Additional context used

🪛 RuboCop (1.73)

sinatra/Gemfile

[convention] 16-16: Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem rake should appear before sqlite3.

(Bundler/OrderedGems)

sinatra/lib/tasks/docker_lint.rake

[convention] 14-19: Do not use unless with else. Rewrite these with the positive case first.

(Style/UnlessElse)

🪛 YAMLlint (1.35.1)

.github/workflows/ci.yaml

[error] 47-47: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

sinatra/Rakefile (1)

1-1: LGTM: Good approach for loading Rake tasks.

Dynamically loading all rake tasks from the lib/tasks directory is a clean and maintainable approach. This makes it easy to add new tasks without modifying the Rakefile.

[coderabbitai]

🛠️ Refactor suggestion

Improve platform compatibility and code style in the Docker linting task.

The Rake task functionality is good, but a few improvements would make it more robust:

1. The hardcoded "./hadolint.exe" path is Windows-specific and won't work on Linux/macOS (including GitHub Actions which runs on Ubuntu).

2. Following Ruby conventions, avoid using unless with else (as RuboCop points out).

Here's a suggested improvement:

 namespace :lint do
     desc "Lint a specific Dockerfile using hadolint"
     task :dockerfile, [:dockerfile] do |t, args|
       # Default to 'Dockerfile.dev' if no argument is passed
       dockerfile = args[:dockerfile] || "Dockerfile.dev"
       
       unless File.exist?(dockerfile)
         puts "#{dockerfile} not found in the project root."
         exit 1
       end
   
       # Run Hadolint using the local executable
       puts "Running Hadolint on #{dockerfile}..."
-      unless system("./hadolint.exe #{dockerfile}")
-        puts "Hadolint found issues!"
-        exit 1
-      else
-        puts "No issues found. Good job!"
-      end
+      # Use 'hadolint' command which should be in PATH (platform-agnostic)
+      result = system("hadolint #{dockerfile}", out: $stdout, err: $stderr)
+      if result
+        puts "No issues found. Good job!"
+      else
+        puts "Hadolint found issues!"
+        exit 1
+      end
     end
   end

Additionally, consider capturing and displaying the actual linting output to make debugging easier.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	namespace :lint do
	desc "Lint a specific Dockerfile using hadolint"
	task :dockerfile, [:dockerfile] do |t, args|
	# Default to 'Dockerfile.dev' if no argument is passed
	dockerfile = args[:dockerfile] || "Dockerfile.dev"
	unless File.exist?(dockerfile)
	puts "#{dockerfile} not found in the project root."
	exit 1
	end
	# Run Hadolint using the local executable
	puts "Running Hadolint on #{dockerfile}..."
	unless system("./hadolint.exe #{dockerfile}")
	puts "Hadolint found issues!"
	exit 1
	else
	puts "No issues found. Good job!"
	end
	end
	end
	namespace :lint do
	desc "Lint a specific Dockerfile using hadolint"
	task :dockerfile, [:dockerfile] do |t, args|
	# Default to 'Dockerfile.dev' if no argument is passed
	dockerfile = args[:dockerfile] || "Dockerfile.dev"
	unless File.exist?(dockerfile)
	puts "#{dockerfile} not found in the project root."
	exit 1
	end
	# Run Hadolint using the local executable
	puts "Running Hadolint on #{dockerfile}..."
	# Use 'hadolint' command which should be in PATH (platform-agnostic)
	result = system("hadolint #{dockerfile}", out: $stdout, err: $stderr)
	if result
	puts "No issues found. Good job!"
	else
	puts "Hadolint found issues!"
	exit 1
	end
	end
	end

🧰 Tools

🪛 RuboCop (1.73)

[convention] 14-19: Do not use unless with else. Rewrite these with the positive case first.

(Style/UnlessElse)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

sinatra/Dockerfile.prod (1)

48-50: Consolidated RUN Command for Ownership and Permissions

The merged RUN command effectively reduces image layers by combining the change of ownership for /app and /usr/local/bundle with setting the executable bit for docker-entrypoint.sh. This streamlining is beneficial for maintaining a compact image and clear command sequencing.

A couple of optional suggestions:

• Validation: Ensure that the docker-entrypoint.sh script exists as expected (although it is copied in line 47) so that the chmod operation does not silently fail.
• Security Consideration: As noted in the comments, the container currently runs as root for the sake of modifying file ownership at runtime. In a future enhancement, consider using tools like gosu or su-exec to drop privileges as early as possible, which can further improve container security.

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d985152 and 9aa6270.

📒 Files selected for processing (1)

• sinatra/Dockerfile.prod (1 hunks)

[Aleksandergreg]

Super lækkert 👍

Jeg har lige merged dev ind i branchen for at sikre os at der ikke er nogle merge conflicts.

I forhold til dette fra Coderabbit:

The hardcoded "./hadolint.exe" path is Windows-specific and won't work on Linux/macOS (including GitHub Actions which runs on Ubuntu).

Den skriver hvordan det kan fixes længere oppe i denne Pull Request, men for min skyld kan vi godt lade det være, da os med macOS også bare kan skrive hadolint Dockerfile.prod/dev i vores terminal, hvis vi ønsker at køre det lokalt, så den vil jeg lade være op til dig 😊

[deepsource-io]

Here's the code health analysis summary for commits 531368a..83e536b. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Ruby	✅ Success		View Check ↗
Docker	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.