Added validate dockerfile (#15)

* Added validate dockerfile * Fixed syntax error in dockerfile * Optimization github action * Optimization github action
text-adi · Apr 4, 2024 · 3b5e79f · 3b5e79f
1 parent c3b51cf
commit 3b5e79f
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 9 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -25,9 +25,18 @@ jobs:
         run: |
           echo "prefix_test=test" >> $GITHUB_OUTPUT
 
+  lint-dockerfile:
+    needs: [ vars ]
+    name: Test dockerfile
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check
+        run: |
+          docker run --rm -i -v ./hadolint.yaml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < Dockerfile
 
   build_and_push:
-    needs: [ vars ]
+    needs: [ vars, lint-dockerfile ]
     name: Build
     runs-on: ubuntu-latest
     steps:
@@ -42,9 +51,9 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Set test prefix
-        id: tag
+        id: image_tag_test
         run: |
-          echo "test=${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ needs.vars.outputs.prefix-test }}" >> $GITHUB_OUTPUT
+          echo "value=${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ needs.vars.outputs.prefix-test }}" >> $GITHUB_OUTPUT
 
       - name: Build docker image
         uses: docker/build-push-action@v5
@@ -56,20 +65,25 @@ jobs:
           provenance: false
           target: local
           tags: |
-            ${{ steps.tag.outputs.test }}
+            ${{ steps.image_tag_test.outputs.value }}
           cache-to: type=gha,mode=max
 
       - name: Get tool version
         id: version
         run: |
-          echo "kubectl=$(docker run --rm ${{ steps.tag.outputs.test }} kubectl version --client -o json | jq '.clientVersion.gitVersion' | tr -d 'v"')" >> $GITHUB_OUTPUT
-          echo "aws=$(docker run --rm ${{ steps.tag.outputs.test }} aws --version | cut -d' ' -f1 | cut -d'/' -f2)" >> $GITHUB_OUTPUT
+          echo "kubectl=$(docker run --rm ${{ steps.image_tag_test.outputs.value }} kubectl version --client -o json | jq '.clientVersion.gitVersion' | tr -d 'v"')" >> $GITHUB_OUTPUT
+          echo "aws=$(docker run --rm ${{ steps.image_tag_test.outputs.value }} aws --version | cut -d' ' -f1 | cut -d'/' -f2)" >> $GITHUB_OUTPUT
 
       - name: Check kubectl and awscli version
         run: |
           echo "kubectl: '${{ steps.version.outputs.kubectl }}'"
           echo "aws: '${{ steps.version.outputs.aws }}'"
 
+      - name: Create image tag
+        id: image_tag_basic
+        run: |
+          echo "value=${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.version.outputs.aws }}-${{ steps.version.outputs.kubectl }}" >> "$GITHUB_OUTPUT"
+
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v5
         with:
@@ -80,5 +94,5 @@ jobs:
           provenance: false
           target: local
           tags: |
-            ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.version.outputs.aws }}-${{ steps.version.outputs.kubectl }}
+            ${{ steps.image_tag_basic.outputs.value }}
           cache-from: type=gha
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,12 @@
 FROM alpine:3.18 as builder
 
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
 ARG GLIBC_VER=2.34-r0
 
 RUN apk --no-cache add \
-        binutils \
-        curl \
+        binutils=2.40-r7 \
+        curl=8.5.0-r0 \
     && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
     && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \
     && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \