Add hadolint

[janjagusch]

Checklist

• Title of this PR is meaningful: e.g. "Adding my_nifty_package", not "updated meta.yaml".
• License file is packaged (see here for an example).
• Source is from official source.
• Package does not vendor other packages. (If a package uses the source of another package, they should be separate packages or the licenses of all packages need to be packaged).
• If static libraries are linked in, the license of the static library is packaged.
• Build number is 0.
• A tarball (url) rather than a repo (e.g. git_url) is used in your recipe (see here for more details).
• GitHub users listed in the maintainer section have posted a comment confirming they are willing to be listed there.
• When in trouble, please check our knowledge base documentation before pinging a team.

This PR adds hadolint to conda-forge.

[conda-forge-linter]

Hi! This is the friendly automated conda-forge-linting service.

I wanted to let you know that I linted all conda-recipes in your PR (recipes/hadolint) and found some lint.

Here's what I've got...

For recipes/hadolint:

• Failed to even lint the recipe, probably because of a conda-smithy bug 😢. This likely indicates a problem in your meta.yaml, though. To get a traceback to help figure out what's going on, install conda-smithy and run conda smithy recipe-lint . from the recipe directory.

[janjagusch]

Hi! This is the friendly automated conda-forge-linting service.

I wanted to let you know that I linted all conda-recipes in your PR (recipes/hadolint) and found some lint.

Here's what I've got...

For recipes/hadolint:

• Failed to even lint the recipe, probably because of a conda-smithy bug 😢. This likely indicates a problem in your meta.yaml, though. To get a traceback to help figure out what's going on, install conda-smithy and run conda smithy recipe-lint . from the recipe directory.

conda smithy recipe-lint .                                                                    ✔  base 
Traceback (most recent call last):
  File "/usr/local/Caskroom/miniforge/base/bin/conda-smithy", line 10, in <module>
    sys.exit(main())
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/conda_smithy/cli.py", line 613, in main
    args.subcommand_func(args)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/conda_smithy/cli.py", line 446, in __call__
    lints, hints = lint_recipe.main(
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/conda_smithy/lint_recipe.py", line 820, in main
    meta = get_yaml().load(content)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/main.py", line 343, in load
    return constructor.get_single_data()
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/constructor.py", line 111, in get_single_data
    node = self.composer.get_single_node()
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 78, in get_single_node
    document = self.compose_document()
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 101, in compose_document
    node = self.compose_node(None, None)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 138, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 218, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 138, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 218, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/composer.py", line 111, in compose_node
    if self.parser.check_event(AliasEvent):
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/parser.py", line 140, in check_event
    self.current_event = self.state()
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/parser.py", line 603, in parse_block_mapping_value
    if self.scanner.check_token(ValueToken):
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/scanner.py", line 1764, in check_token
    self._gather_comments()
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/scanner.py", line 1806, in _gather_comments
    self.fetch_more_tokens()
  File "/usr/local/Caskroom/miniforge/base/lib/python3.8/site-packages/ruamel/yaml/scanner.py", line 318, in fetch_more_tokens
    raise ScannerError(
ruamel.yaml.scanner.ScannerError: while scanning for the next token
found character '\t' that cannot start any token
  in "<unicode string>", line 31, column 24:
      license: GPL-3.0-only

[conda-forge-linter]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipes/hadolint) and found it was in an excellent condition.

[conda-forge-linter]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipes/hadolint) and found it was in an excellent condition.

I do have some suggestions for making it better though...

For recipes/hadolint:

• Jinja2 variable references are suggested to take a {{<one space><variable name><one space>}} form. See lines [24].

[conda-forge-linter]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipes/hadolint) and found it was in an excellent condition.

[janjagusch]

@jakirkham, I saw that you reviewed the shellcheck some time ago. Given that there is no Haskell team, would you be the right person to ask for a review here? I'm not really sure who else to ask.

Would really appreciate your help here. Thanks a lot in advance. :)

Actually, I just realised that the package provides prebuilt binaries for all three operating systems already. So this is less of a Haskell feedstock and more of a "moving binaries into the right location" feedstock. Thanks anyways. :)

[janjagusch]

@conda-forge/staged-recipes, ready to review

[janjagusch]

@dbast, would you feel comfortable reviewing and possibly approving this PR?

[dbast]

@janjagusch I would like to see this merged, but static build haskell binaries have the same issue as other static build binaries like go and rust binaries: The licenses of the compiled-in dependencies and transitive dependencies have to be included... In this case maybe with the help of https://hackage.haskell.org/package/licensor ... Which requires much more setup.... Some go/rust/haskell packages have been merged here in the mast, where this was not taken care of. But this is now slowly done for existing packages of that kind.

See e.g. the micro PR from some days ago, where this was done via go-license as part of building #14539

I don't know of any conda-forge haskell example that could server as template here... Another option would be, that the hadolint upsteam provides an aggregated license file/folder via their CI automated releases.

[janjagusch]

@janjagusch I would like to see this merged, but static build haskell binaries have the same issue as other static build binaries like go and rust binaries: The licenses of the compiled-in dependencies and transitive dependencies have to be included... In this case maybe with the help of https://hackage.haskell.org/package/licensor ... Which requires much more setup.... Some go/rust/haskell packages have been merged here in the mast, where this was not taken care of. But this is now slowly done for existing packages of that kind.

See e.g. the micro PR from some days ago, where this was done via go-license as part of building #14539

I don't know of any conda-forge haskell example that could server as template here... Another option would be, that the hadolint upsteam provides an aggregated license file/folder via their CI automated releases.

Thanks @dbast for your feedback. Honestly, I completely forgot about the licensing issues. I have created a PR in hadolint that adds a ThirdPartyNotices.txt. The file will look like this.

Also, if this is a common issue with Haskell packages, we should consider adding licensor to conda-forge.

[janjagusch]

@dbast, my PR in hadolint has been merged. Starting with the next release, we can retrieve the ThirdPartyNotices.txt directly from the source. Until then, I have added a copy of the dependency license to the recipe.

Is there anything else I should do before we can merge this?

[dbast]

The license list is nice... thought some licenses require that a copy of the license is included with the binaries... that e.g. means parsing the list and aggregating all licenses to included them into the package.

[stale]

Hi friend!

We really, really, really appreciate that you have taken the time to make a PR on conda-forge/staged-recipes! conda-forge only exists because people like you donate their time to build and maintain conda recipes for use by the community.

In an effort to maintain this repository and increase the signal-to-noise for open PRs, the maintainers of staged-recipes close excessively old PRs after six months. This PR will remain open for another month, and then will be closed.

If you'd like to keep it open, please comment/push and we will be happy to oblige! Note that very old PRs will likely need to be rebased on main so that they can be rebuilt with the most recent CI scripts. If you have any trouble, or we missed reviewing this PR in the first place (sorry!), feel free to ping the team using a special command in a comment on the PR to get the attention of the staged-recipes team.

Cheers and thank you for contributing to this community effort!

[xhochy]

We hope to get back to this soon once we have a better Haskell packaging infrastructure!

[stale]

Hi friend!

We really, really, really appreciate that you have taken the time to make a PR on conda-forge/staged-recipes! conda-forge only exists because people like you donate their time to build and maintain conda recipes for use by the community.

In an effort to maintain this repository and increase the signal-to-noise for open PRs, the maintainers of staged-recipes close excessively old PRs after six months. This PR will remain open for another month, and then will be closed.

If you'd like to keep it open, please comment/push and we will be happy to oblige! Note that very old PRs will likely need to be rebased on main so that they can be rebuilt with the most recent CI scripts. If you have any trouble, or we missed reviewing this PR in the first place (sorry!), feel free to ping the team using a special command in a comment on the PR to get the attention of the staged-recipes team.

Cheers and thank you for contributing to this community effort!

[jakirkham]

@xhochy do you recall what is blocking this?

[maresb]

@jakirkham, if I have correctly understood #14581 (comment), then the blocker is that while the vendored licenses are described in ThirdPartyNotices.txt, the actual license files themselves may be missing from the Conda package. (I have not checked this myself.)

[stale]

Hi friend!

We really, really, really appreciate that you have taken the time to make a PR on conda-forge/staged-recipes! conda-forge only exists because people like you donate their time to build and maintain conda recipes for use by the community.

In an effort to maintain this repository and increase the signal-to-noise for open PRs, the maintainers of staged-recipes close excessively old PRs after six months. This PR will remain open for another month, and then will be closed.

If you'd like to keep it open, please comment/push and we will be happy to oblige! Note that very old PRs will likely need to be rebased on main so that they can be rebuilt with the most recent CI scripts. If you have any trouble, or we missed reviewing this PR in the first place (sorry!), feel free to ping the team using a special command in a comment on the PR to get the attention of the staged-recipes team.

Cheers and thank you for contributing to this community effort!

[maresb]

Any updates on Haskell license infrastructure? This would be very nice to have in conda-forge.

[janjagusch]

@xhochy, @dbast, it's been a while. Let's aim to get this merged in 2024. 😋

A quick summary of the stauts quo:

• licensor can now also collect the license files for each dependency (see here). This was required by @dbast in Add hadolint #14581 (comment). If the licensor output is not sufficient, I can build a simple, Python-based utility that retrieves the licenses from a cabal.config file.
• We're currently using a pre-compiled binary in this feedstock. That's problematic, because we can't tell with which versions of the above-mentioned dependencies it was built, which means we cannot guarantee we have collected the correct licenses. As always, it would be better to build the package from source.
• To build Haskell packages from source, we need to update the build dependencies, namely ghc and cabal. There is already an issue for that (see here). Here are the version I'm running locally to build hadolint:

~/projects/personal/hadolint$ ghc --version
The Glorious Glasgow Haskell Compilation System, version 9.2.8
~/projects/personal/hadolint$ cabal --version
cabal-install version 3.6.2.1
compiled using version 3.6.2.0 of the Cabal library