diff --git a/.drone.yml b/.drone.yml index c852d11..71635bf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,4 +1,35 @@ --- +############################################################################### +kind: pipeline +type: docker +name: lint + +steps: + - name: Lint Dockerfiles + image: hadolint/hadolint + commands: + - hadolint */Dockerfile* + when: + status: + - failure + - success + + - name: Lint entrypoint scripts + image: koalaman/shellcheck-alpine + commands: + - shellcheck entrypoint*.sh + when: + status: + - failure + - success + +trigger: + event: + - pull_request + - push + +--- +############################################################################### kind: pipeline type: docker name: test_1.6 @@ -15,7 +46,11 @@ trigger: event: - pull_request +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.6 @@ -62,7 +97,11 @@ trigger: event: - push +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: test_1.6-prod @@ -79,7 +118,11 @@ trigger: event: - pull_request +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.6-prod @@ -126,7 +169,11 @@ trigger: event: - push +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: test_1.7 @@ -143,7 +190,11 @@ trigger: event: - pull_request +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.7 @@ -190,7 +241,11 @@ trigger: event: - push +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: test_1.7-prod @@ -207,7 +262,11 @@ trigger: event: - pull_request +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.7-prod @@ -253,3 +312,6 @@ trigger: - master event: - push + +depends_on: + - lint diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..8b20658 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,6 @@ +--- +ignored: + - DL3008 + - DL3003 + - SC2164 + - SC2086 diff --git a/1.6/Dockerfile b/1.6/Dockerfile index 0d8f79d..0686b3c 100644 --- a/1.6/Dockerfile +++ b/1.6/Dockerfile @@ -1,6 +1,6 @@ FROM php:7.3.26-fpm-buster@sha256:6bc677764c7f94da7c93a45e2831a6c1774001ff61e822011844fd79ae07b533 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.6.31 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --system foo; \ +RUN groupadd --system foo; \ useradd --no-log-init --system --gid foo --create-home foo; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/1.6/Dockerfile.prod b/1.6/Dockerfile.prod index 012932b..ff42a5f 100644 --- a/1.6/Dockerfile.prod +++ b/1.6/Dockerfile.prod @@ -1,6 +1,6 @@ FROM php:7.3.26-fpm-buster@sha256:6bc677764c7f94da7c93a45e2831a6c1774001ff61e822011844fd79ae07b533 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.6.31 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --force --system --gid 33 www-data; \ +RUN groupadd --force --system --gid 33 www-data; \ useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/1.7/Dockerfile b/1.7/Dockerfile index 8e06543..32b6c21 100644 --- a/1.7/Dockerfile +++ b/1.7/Dockerfile @@ -1,6 +1,6 @@ FROM php:7.4.14-fpm-buster@sha256:e9efa237664ac68793c62a7eb202a0383cce7e82ac43fb7f71347c23f1b6d3c7 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.7.5 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --system foo; \ +RUN groupadd --system foo; \ useradd --no-log-init --system --gid foo --create-home foo; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -44,7 +40,7 @@ RUN set -ex; \ ; \ \ pecl install apcu-${PHP_APCU_VERSION:1}; \ - pecl install yaml-$PHP_YAML_VERSION; \ + pecl install yaml $PHP_YAML_VERSION; \ \ docker-php-ext-enable \ apcu \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/1.7/Dockerfile.prod b/1.7/Dockerfile.prod index 761797a..352c467 100644 --- a/1.7/Dockerfile.prod +++ b/1.7/Dockerfile.prod @@ -1,6 +1,6 @@ FROM php:7.4.14-fpm-buster@sha256:e9efa237664ac68793c62a7eb202a0383cce7e82ac43fb7f71347c23f1b6d3c7 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.7.3 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --force --system --gid 33 www-data; \ +RUN groupadd --force --system --gid 33 www-data; \ useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/entrypoint.prod.sh b/entrypoint.prod.sh index c1e8caa..ca71186 100755 --- a/entrypoint.prod.sh +++ b/entrypoint.prod.sh @@ -3,8 +3,8 @@ set -eu GRAV_FOLDER=${GRAV_FOLDER:-html} -mkdir -p /var/www/$GRAV_FOLDER -cd /var/www/$GRAV_FOLDER +mkdir -p /var/www/"$GRAV_FOLDER" +cd /var/www/"$GRAV_FOLDER" rsync -rlD --delete \ --exclude /backup/ \ @@ -12,7 +12,7 @@ rsync -rlD --delete \ --exclude /tmp/ \ --exclude /vendor/ \ --exclude /user/ \ - /usr/share/grav/ /var/www/$GRAV_FOLDER + /usr/share/grav/ /var/www/"$GRAV_FOLDER" mkdir -p assets backup cache images logs tmp @@ -20,6 +20,6 @@ bin/grav install bin/grav clearcache chown www-data /proc/self/fd/1 /proc/self/fd/2 -chown -R --from=root:root www-data:www-data /var/www/$GRAV_FOLDER +chown -R --from=root:root www-data:www-data /var/www/"$GRAV_FOLDER" exec gosu www-data "$@" diff --git a/entrypoint.sh b/entrypoint.sh index de47561..d23fc62 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,8 +8,8 @@ GRAV_FOLDER=${GRAV_FOLDER:-html} usermod -o -u "$UID" foo groupmod -o -g "$GID" foo -mkdir -p /var/www/$GRAV_FOLDER -cd /var/www/$GRAV_FOLDER +mkdir -p /var/www/"$GRAV_FOLDER" +cd /var/www/"$GRAV_FOLDER" rsync -rlD --delete \ --exclude /backup/ \ @@ -17,7 +17,7 @@ rsync -rlD --delete \ --exclude /tmp/ \ --exclude /vendor/ \ --exclude /user/ \ - /usr/share/grav/ /var/www/$GRAV_FOLDER + /usr/share/grav/ /var/www/"$GRAV_FOLDER" mkdir -p assets backup cache images logs tmp @@ -25,6 +25,6 @@ bin/grav install bin/grav clearcache chown foo /proc/self/fd/1 /proc/self/fd/2 -chown -R --from=root:root foo:foo /var/www/$GRAV_FOLDER +chown -R --from=root:root foo:foo /var/www/"$GRAV_FOLDER" exec gosu foo "$@"