From 5115fd3e6f03f4f991c9c6d512bc261c7d455db7 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Tue, 2 Feb 2021 17:28:06 +0100 Subject: [PATCH 1/9] Lint Dockerfiles with hadolint --- .hadolint.yaml | 6 ++++++ 1.6/Dockerfile | 14 ++++---------- 1.6/Dockerfile.prod | 14 ++++---------- 1.7/Dockerfile | 16 +++++----------- 1.7/Dockerfile.prod | 14 ++++---------- 5 files changed, 23 insertions(+), 41 deletions(-) create mode 100644 .hadolint.yaml diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..8b20658 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,6 @@ +--- +ignored: + - DL3008 + - DL3003 + - SC2164 + - SC2086 diff --git a/1.6/Dockerfile b/1.6/Dockerfile index 0d8f79d..0686b3c 100644 --- a/1.6/Dockerfile +++ b/1.6/Dockerfile @@ -1,6 +1,6 @@ FROM php:7.3.26-fpm-buster@sha256:6bc677764c7f94da7c93a45e2831a6c1774001ff61e822011844fd79ae07b533 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.6.31 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --system foo; \ +RUN groupadd --system foo; \ useradd --no-log-init --system --gid foo --create-home foo; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/1.6/Dockerfile.prod b/1.6/Dockerfile.prod index 012932b..ff42a5f 100644 --- a/1.6/Dockerfile.prod +++ b/1.6/Dockerfile.prod @@ -1,6 +1,6 @@ FROM php:7.3.26-fpm-buster@sha256:6bc677764c7f94da7c93a45e2831a6c1774001ff61e822011844fd79ae07b533 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.6.31 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --force --system --gid 33 www-data; \ +RUN groupadd --force --system --gid 33 www-data; \ useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/1.7/Dockerfile b/1.7/Dockerfile index 8e06543..32b6c21 100644 --- a/1.7/Dockerfile +++ b/1.7/Dockerfile @@ -1,6 +1,6 @@ FROM php:7.4.14-fpm-buster@sha256:e9efa237664ac68793c62a7eb202a0383cce7e82ac43fb7f71347c23f1b6d3c7 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.7.5 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --system foo; \ +RUN groupadd --system foo; \ useradd --no-log-init --system --gid foo --create-home foo; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -44,7 +40,7 @@ RUN set -ex; \ ; \ \ pecl install apcu-${PHP_APCU_VERSION:1}; \ - pecl install yaml-$PHP_YAML_VERSION; \ + pecl install yaml $PHP_YAML_VERSION; \ \ docker-php-ext-enable \ apcu \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ diff --git a/1.7/Dockerfile.prod b/1.7/Dockerfile.prod index 761797a..352c467 100644 --- a/1.7/Dockerfile.prod +++ b/1.7/Dockerfile.prod @@ -1,6 +1,6 @@ FROM php:7.4.14-fpm-buster@sha256:e9efa237664ac68793c62a7eb202a0383cce7e82ac43fb7f71347c23f1b6d3c7 -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ] # renovate: datasource=github-tags depName=getgrav/grav versioning=semver ENV GRAV_VERSION 1.7.3 @@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver ENV PHP_YAML_VERSION 2.2.1 -RUN set -ex; \ - \ - groupadd --force --system --gid 33 www-data; \ +RUN groupadd --force --system --gid 33 www-data; \ useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \ \ apt-get update; \ @@ -23,9 +21,7 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/*; -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ +RUN savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -63,9 +59,7 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/* -RUN set -ex; \ - \ - git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ +RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \ cd /usr/share/grav; \ rm -rf \ .editorconfig \ -- 2.40.1 From a1ef3d4359323aa2deb636d9280af7ba1744ab8c Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Tue, 2 Feb 2021 18:46:29 +0100 Subject: [PATCH 2/9] Add lint pipeline --- .drone.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.drone.yml b/.drone.yml index c852d11..e9b7ef1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,3 +1,21 @@ +--- +kind: pipeline +type: docker +name: lint + +steps: + - name: Lint Dockerfiles + image: hadolint/hadolint + commands: + - hadolint 1.6/Dockerfile + - hadolint 1.6/Dockerfile.prod + - hadolint 1.7/Dockerfile + - hadolint 1.7/Dockerfile.prod + +trigger: + event: + - pull_request + --- kind: pipeline type: docker -- 2.40.1 From a384dfc3f43d6402f215e0c0d110bf44d4c67fe5 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 12:00:49 +0100 Subject: [PATCH 3/9] Test 1.6 depends_on lint --- .drone.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.drone.yml b/.drone.yml index e9b7ef1..0ef93d7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -29,6 +29,9 @@ steps: repo: mwalbeck/getgrav dry_run: true +depends_on: + - lint + trigger: event: - pull_request -- 2.40.1 From 225f4b99a2f635b38d6c68e9deeabec12edde41d Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 12:16:12 +0100 Subject: [PATCH 4/9] Make test builds depend on lint --- .drone.yml | 56 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 19 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0ef93d7..055c5c7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,3 +1,4 @@ +############################################################################### --- kind: pipeline type: docker @@ -16,11 +17,19 @@ trigger: event: - pull_request +############################################################################### --- kind: pipeline type: docker name: test_1.6 +depends_on: + - lint + +trigger: + event: + - pull_request + steps: - name: build test image: plugins/docker @@ -29,13 +38,7 @@ steps: repo: mwalbeck/getgrav dry_run: true -depends_on: - - lint - -trigger: - event: - - pull_request - +############################################################################### --- kind: pipeline type: docker @@ -83,11 +86,19 @@ trigger: event: - push +############################################################################### --- kind: pipeline type: docker name: test_1.6-prod +depends_on: + - lint + +trigger: + event: + - pull_request + steps: - name: build test image: plugins/docker @@ -96,10 +107,7 @@ steps: repo: mwalbeck/getgrav dry_run: true -trigger: - event: - - pull_request - +############################################################################### --- kind: pipeline type: docker @@ -147,11 +155,19 @@ trigger: event: - push +############################################################################### --- kind: pipeline type: docker name: test_1.7 +depends_on: + - lint + +trigger: + event: + - pull_request + steps: - name: build test image: plugins/docker @@ -160,10 +176,7 @@ steps: repo: mwalbeck/getgrav dry_run: true -trigger: - event: - - pull_request - +############################################################################### --- kind: pipeline type: docker @@ -211,11 +224,19 @@ trigger: event: - push +############################################################################### --- kind: pipeline type: docker name: test_1.7-prod +depends_on: + - lint + +trigger: + event: + - pull_request + steps: - name: build test image: plugins/docker @@ -224,10 +245,7 @@ steps: repo: mwalbeck/getgrav dry_run: true -trigger: - event: - - pull_request - +############################################################################### --- kind: pipeline type: docker -- 2.40.1 From eee2d652e81fee909b5d5788f143bc27782fc05e Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 12:16:45 +0100 Subject: [PATCH 5/9] Try and make lint fail --- .hadolint.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index 8b20658..e1640cf 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -2,5 +2,3 @@ ignored: - DL3008 - DL3003 - - SC2164 - - SC2086 -- 2.40.1 From 5e33b37b657a78d6be33b8733d2deb2d86f2d177 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 12:17:59 +0100 Subject: [PATCH 6/9] Remove comments --- .drone.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index 055c5c7..97e3dee 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,4 +1,3 @@ -############################################################################### --- kind: pipeline type: docker @@ -17,7 +16,6 @@ trigger: event: - pull_request -############################################################################### --- kind: pipeline type: docker @@ -38,7 +36,6 @@ steps: repo: mwalbeck/getgrav dry_run: true -############################################################################### --- kind: pipeline type: docker @@ -86,7 +83,6 @@ trigger: event: - push -############################################################################### --- kind: pipeline type: docker @@ -107,7 +103,6 @@ steps: repo: mwalbeck/getgrav dry_run: true -############################################################################### --- kind: pipeline type: docker @@ -155,7 +150,6 @@ trigger: event: - push -############################################################################### --- kind: pipeline type: docker @@ -176,7 +170,6 @@ steps: repo: mwalbeck/getgrav dry_run: true -############################################################################### --- kind: pipeline type: docker @@ -224,7 +217,6 @@ trigger: event: - push -############################################################################### --- kind: pipeline type: docker @@ -245,7 +237,6 @@ steps: repo: mwalbeck/getgrav dry_run: true -############################################################################### --- kind: pipeline type: docker -- 2.40.1 From b6669565d7d92dce86643743ec1e210caa07a532 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 12:57:07 +0100 Subject: [PATCH 7/9] Test --- .drone.yml | 22 ++++++++++++---------- .hadolint.yaml | 2 ++ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.drone.yml b/.drone.yml index 97e3dee..f0946ee 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,4 +1,5 @@ --- +############################################################################### kind: pipeline type: docker name: lint @@ -12,11 +13,8 @@ steps: - hadolint 1.7/Dockerfile - hadolint 1.7/Dockerfile.prod -trigger: - event: - - pull_request - --- +############################################################################### kind: pipeline type: docker name: test_1.6 @@ -37,10 +35,20 @@ steps: dry_run: true --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.6 +depends_on: + - lint + +trigger: + branch: + - master + event: + - push + steps: - name: determine tags image: mwalbeck/determine-docker-tags @@ -77,12 +85,6 @@ steps: - success - failure -trigger: - branch: - - master - event: - - push - --- kind: pipeline type: docker diff --git a/.hadolint.yaml b/.hadolint.yaml index e1640cf..8b20658 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -2,3 +2,5 @@ ignored: - DL3008 - DL3003 + - SC2164 + - SC2086 -- 2.40.1 From 8768bd952c9d5776227864e608600d8d2af12765 Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 13:10:07 +0100 Subject: [PATCH 8/9] Make all pipelines depend on lint --- .drone.yml | 98 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 59 insertions(+), 39 deletions(-) diff --git a/.drone.yml b/.drone.yml index f0946ee..9ee020d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,19 +13,17 @@ steps: - hadolint 1.7/Dockerfile - hadolint 1.7/Dockerfile.prod +trigger: + event: + - pull_request + - push + --- ############################################################################### kind: pipeline type: docker name: test_1.6 -depends_on: - - lint - -trigger: - event: - - pull_request - steps: - name: build test image: plugins/docker @@ -34,21 +32,19 @@ steps: repo: mwalbeck/getgrav dry_run: true +trigger: + event: + - pull_request + +depends_on: + - lint + --- ############################################################################### kind: pipeline type: docker name: build_and_release_1.6 -depends_on: - - lint - -trigger: - branch: - - master - event: - - push - steps: - name: determine tags image: mwalbeck/determine-docker-tags @@ -85,17 +81,20 @@ steps: - success - failure ---- -kind: pipeline -type: docker -name: test_1.6-prod +trigger: + branch: + - master + event: + - push depends_on: - lint -trigger: - event: - - pull_request +--- +############################################################################### +kind: pipeline +type: docker +name: test_1.6-prod steps: - name: build test @@ -105,7 +104,15 @@ steps: repo: mwalbeck/getgrav dry_run: true +trigger: + event: + - pull_request + +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.6-prod @@ -152,17 +159,14 @@ trigger: event: - push ---- -kind: pipeline -type: docker -name: test_1.7 - depends_on: - lint -trigger: - event: - - pull_request +--- +############################################################################### +kind: pipeline +type: docker +name: test_1.7 steps: - name: build test @@ -172,7 +176,15 @@ steps: repo: mwalbeck/getgrav dry_run: true +trigger: + event: + - pull_request + +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.7 @@ -219,17 +231,14 @@ trigger: event: - push ---- -kind: pipeline -type: docker -name: test_1.7-prod - depends_on: - lint -trigger: - event: - - pull_request +--- +############################################################################### +kind: pipeline +type: docker +name: test_1.7-prod steps: - name: build test @@ -239,7 +248,15 @@ steps: repo: mwalbeck/getgrav dry_run: true +trigger: + event: + - pull_request + +depends_on: + - lint + --- +############################################################################### kind: pipeline type: docker name: build_and_release_1.7-prod @@ -285,3 +302,6 @@ trigger: - master event: - push + +depends_on: + - lint -- 2.40.1 From 3073d6f018b9fb294487f588ea97a95b0fbfc22b Mon Sep 17 00:00:00 2001 From: Magnus Walbeck Date: Wed, 3 Feb 2021 13:30:01 +0100 Subject: [PATCH 9/9] Add shellcheck linting for entrypoint scripts --- .drone.yml | 18 ++++++++++++++---- entrypoint.prod.sh | 8 ++++---- entrypoint.sh | 8 ++++---- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9ee020d..71635bf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,10 +8,20 @@ steps: - name: Lint Dockerfiles image: hadolint/hadolint commands: - - hadolint 1.6/Dockerfile - - hadolint 1.6/Dockerfile.prod - - hadolint 1.7/Dockerfile - - hadolint 1.7/Dockerfile.prod + - hadolint */Dockerfile* + when: + status: + - failure + - success + + - name: Lint entrypoint scripts + image: koalaman/shellcheck-alpine + commands: + - shellcheck entrypoint*.sh + when: + status: + - failure + - success trigger: event: diff --git a/entrypoint.prod.sh b/entrypoint.prod.sh index c1e8caa..ca71186 100755 --- a/entrypoint.prod.sh +++ b/entrypoint.prod.sh @@ -3,8 +3,8 @@ set -eu GRAV_FOLDER=${GRAV_FOLDER:-html} -mkdir -p /var/www/$GRAV_FOLDER -cd /var/www/$GRAV_FOLDER +mkdir -p /var/www/"$GRAV_FOLDER" +cd /var/www/"$GRAV_FOLDER" rsync -rlD --delete \ --exclude /backup/ \ @@ -12,7 +12,7 @@ rsync -rlD --delete \ --exclude /tmp/ \ --exclude /vendor/ \ --exclude /user/ \ - /usr/share/grav/ /var/www/$GRAV_FOLDER + /usr/share/grav/ /var/www/"$GRAV_FOLDER" mkdir -p assets backup cache images logs tmp @@ -20,6 +20,6 @@ bin/grav install bin/grav clearcache chown www-data /proc/self/fd/1 /proc/self/fd/2 -chown -R --from=root:root www-data:www-data /var/www/$GRAV_FOLDER +chown -R --from=root:root www-data:www-data /var/www/"$GRAV_FOLDER" exec gosu www-data "$@" diff --git a/entrypoint.sh b/entrypoint.sh index de47561..d23fc62 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,8 +8,8 @@ GRAV_FOLDER=${GRAV_FOLDER:-html} usermod -o -u "$UID" foo groupmod -o -g "$GID" foo -mkdir -p /var/www/$GRAV_FOLDER -cd /var/www/$GRAV_FOLDER +mkdir -p /var/www/"$GRAV_FOLDER" +cd /var/www/"$GRAV_FOLDER" rsync -rlD --delete \ --exclude /backup/ \ @@ -17,7 +17,7 @@ rsync -rlD --delete \ --exclude /tmp/ \ --exclude /vendor/ \ --exclude /user/ \ - /usr/share/grav/ /var/www/$GRAV_FOLDER + /usr/share/grav/ /var/www/"$GRAV_FOLDER" mkdir -p assets backup cache images logs tmp @@ -25,6 +25,6 @@ bin/grav install bin/grav clearcache chown foo /proc/self/fd/1 /proc/self/fd/2 -chown -R --from=root:root foo:foo /var/www/$GRAV_FOLDER +chown -R --from=root:root foo:foo /var/www/"$GRAV_FOLDER" exec gosu foo "$@" -- 2.40.1