.drone.yml

@@ -1,4 +1,35 @@
 ---
+###############################################################################
+kind: pipeline
+type: docker
+name: lint
+
+steps:
+  - name: Lint Dockerfiles
+    image: hadolint/hadolint
+    commands:
+      - hadolint */Dockerfile*
+    when:
+      status:
+        - failure
+        - success
+
+  - name: Lint entrypoint scripts
+    image: koalaman/shellcheck-alpine
+    commands:
+      - shellcheck entrypoint*.sh
+    when:
+      status:
+        - failure
+        - success
+
+trigger:
+  event:
+    - pull_request
+    - push
+
+---
+###############################################################################
 kind: pipeline
 type: docker
 name: test_1.6
@@ -15,7 +46,11 @@ trigger:
   event:
     - pull_request
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: build_and_release_1.6
@@ -62,7 +97,11 @@ trigger:
   event:
     - push
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: test_1.6-prod
@@ -79,7 +118,11 @@ trigger:
   event:
     - pull_request
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: build_and_release_1.6-prod
@@ -126,7 +169,11 @@ trigger:
   event:
     - push
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: test_1.7
@@ -143,7 +190,11 @@ trigger:
   event:
     - pull_request
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: build_and_release_1.7
@@ -190,7 +241,11 @@ trigger:
   event:
     - push
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: test_1.7-prod
@@ -207,7 +262,11 @@ trigger:
   event:
     - pull_request
 
+depends_on:
+  - lint
+
 ---
+###############################################################################
 kind: pipeline
 type: docker
 name: build_and_release_1.7-prod
@@ -253,3 +312,6 @@ trigger:
     - master
   event:
     - push
+
+depends_on:
+  - lint

.hadolint.yaml

@@ -0,0 +1,6 @@
+---
+ignored:
+  - DL3008
+  - DL3003
+  - SC2164
+  - SC2086

1.6/Dockerfile

@@ -1,6 +1,6 @@
 FROM php:7.3.26-fpm-buster@sha256:6bc677764c7f94da7c93a45e2831a6c1774001ff61e822011844fd79ae07b533
 
-SHELL [ "/bin/bash", "-c" ]
+SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ]
 
 # renovate: datasource=github-tags depName=getgrav/grav versioning=semver
 ENV GRAV_VERSION 1.6.31
@@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19
 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver
 ENV PHP_YAML_VERSION 2.2.1
 
-RUN set -ex; \
+RUN groupadd --system foo; \
-    \
-    groupadd --system foo; \
     useradd --no-log-init --system --gid foo --create-home foo; \
     \
     apt-get update; \
@@ -23,9 +21,7 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*;
 
-RUN set -ex; \
+RUN savedAptMark="$(apt-mark showmanual)"; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
@@ -63,9 +59,7 @@ RUN set -ex; \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
     rm -rf /var/lib/apt/lists/*
 
-RUN set -ex; \
+RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
-    \
-    git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
     cd /usr/share/grav; \
     rm -rf \
         .editorconfig \

1.6/Dockerfile.prod

@@ -1,6 +1,6 @@
 FROM php:7.3.26-fpm-buster@sha256:6bc677764c7f94da7c93a45e2831a6c1774001ff61e822011844fd79ae07b533
 
-SHELL [ "/bin/bash", "-c" ]
+SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ]
 
 # renovate: datasource=github-tags depName=getgrav/grav versioning=semver
 ENV GRAV_VERSION 1.6.31
@@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19
 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver
 ENV PHP_YAML_VERSION 2.2.1
 
-RUN set -ex; \
+RUN groupadd --force --system --gid 33 www-data; \
-    \
-    groupadd --force --system --gid 33 www-data; \
     useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \
     \
     apt-get update; \
@@ -23,9 +21,7 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*;
 
-RUN set -ex; \
+RUN savedAptMark="$(apt-mark showmanual)"; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
@@ -63,9 +59,7 @@ RUN set -ex; \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
     rm -rf /var/lib/apt/lists/*
 
-RUN set -ex; \
+RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
-    \
-    git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
     cd /usr/share/grav; \
     rm -rf \
         .editorconfig \

1.7/Dockerfile

@@ -1,6 +1,6 @@
 FROM php:7.4.14-fpm-buster@sha256:e9efa237664ac68793c62a7eb202a0383cce7e82ac43fb7f71347c23f1b6d3c7
 
-SHELL [ "/bin/bash", "-c" ]
+SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ]
 
 # renovate: datasource=github-tags depName=getgrav/grav versioning=semver
 ENV GRAV_VERSION 1.7.5
@@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19
 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver
 ENV PHP_YAML_VERSION 2.2.1
 
-RUN set -ex; \
+RUN groupadd --system foo; \
-    \
-    groupadd --system foo; \
     useradd --no-log-init --system --gid foo --create-home foo; \
     \
     apt-get update; \
@@ -23,9 +21,7 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*;
 
-RUN set -ex; \
+RUN savedAptMark="$(apt-mark showmanual)"; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
@@ -44,7 +40,7 @@ RUN set -ex; \
     ; \
     \
     pecl install apcu-${PHP_APCU_VERSION:1}; \
-    pecl install yaml-$PHP_YAML_VERSION; \
+    pecl install yaml $PHP_YAML_VERSION; \
     \
     docker-php-ext-enable \
         apcu \
@@ -63,9 +59,7 @@ RUN set -ex; \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
     rm -rf /var/lib/apt/lists/*
 
-RUN set -ex; \
+RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
-    \
-    git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
     cd /usr/share/grav; \
     rm -rf \
         .editorconfig \

1.7/Dockerfile.prod

@@ -1,6 +1,6 @@
 FROM php:7.4.14-fpm-buster@sha256:e9efa237664ac68793c62a7eb202a0383cce7e82ac43fb7f71347c23f1b6d3c7
 
-SHELL [ "/bin/bash", "-c" ]
+SHELL [ "/bin/bash", "-exo", "pipefail", "-c" ]
 
 # renovate: datasource=github-tags depName=getgrav/grav versioning=semver
 ENV GRAV_VERSION 1.7.3
@@ -9,9 +9,7 @@ ENV PHP_APCU_VERSION v5.1.19
 # renovate: datasource=github-tags depName=php/pecl-file_formats-yaml versioning=semver
 ENV PHP_YAML_VERSION 2.2.1
 
-RUN set -ex; \
+RUN groupadd --force --system --gid 33 www-data; \
-    \
-    groupadd --force --system --gid 33 www-data; \
     useradd --no-log-init --system --gid www-data --no-create-home --uid 33 www-data || true; \
     \
     apt-get update; \
@@ -23,9 +21,7 @@ RUN set -ex; \
     ; \
     rm -rf /var/lib/apt/lists/*;
 
-RUN set -ex; \
+RUN savedAptMark="$(apt-mark showmanual)"; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
@@ -63,9 +59,7 @@ RUN set -ex; \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
     rm -rf /var/lib/apt/lists/*
 
-RUN set -ex; \
+RUN git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
-    \
-    git clone --branch $GRAV_VERSION https://github.com/getgrav/grav.git /usr/share/grav; \
     cd /usr/share/grav; \
     rm -rf \
         .editorconfig \

entrypoint.prod.sh

@@ -3,8 +3,8 @@ set -eu
 
 GRAV_FOLDER=${GRAV_FOLDER:-html}
 
-mkdir -p /var/www/$GRAV_FOLDER
+mkdir -p /var/www/"$GRAV_FOLDER"
-cd /var/www/$GRAV_FOLDER
+cd /var/www/"$GRAV_FOLDER"
 
 rsync -rlD --delete \
            --exclude /backup/ \
@@ -12,7 +12,7 @@ rsync -rlD --delete \
            --exclude /tmp/ \
            --exclude /vendor/ \
            --exclude /user/ \
-           /usr/share/grav/ /var/www/$GRAV_FOLDER
+           /usr/share/grav/ /var/www/"$GRAV_FOLDER"
 
 mkdir -p assets backup cache images logs tmp
 
@@ -20,6 +20,6 @@ bin/grav install
 bin/grav clearcache
 
 chown www-data /proc/self/fd/1 /proc/self/fd/2
-chown -R --from=root:root www-data:www-data /var/www/$GRAV_FOLDER
+chown -R --from=root:root www-data:www-data /var/www/"$GRAV_FOLDER"
 
 exec gosu www-data "$@"

entrypoint.sh

@@ -8,8 +8,8 @@ GRAV_FOLDER=${GRAV_FOLDER:-html}
 usermod -o -u "$UID" foo
 groupmod -o -g "$GID" foo
 
-mkdir -p /var/www/$GRAV_FOLDER
+mkdir -p /var/www/"$GRAV_FOLDER"
-cd /var/www/$GRAV_FOLDER
+cd /var/www/"$GRAV_FOLDER"
 
 rsync -rlD --delete \
            --exclude /backup/ \
@@ -17,7 +17,7 @@ rsync -rlD --delete \
            --exclude /tmp/ \
            --exclude /vendor/ \
            --exclude /user/ \
-           /usr/share/grav/ /var/www/$GRAV_FOLDER
+           /usr/share/grav/ /var/www/"$GRAV_FOLDER"
 
 mkdir -p assets backup cache images logs tmp
 
@@ -25,6 +25,6 @@ bin/grav install
 bin/grav clearcache
 
 chown foo /proc/self/fd/1 /proc/self/fd/2
-chown -R --from=root:root foo:foo /var/www/$GRAV_FOLDER
+chown -R --from=root:root foo:foo /var/www/"$GRAV_FOLDER"
 
 exec gosu foo "$@"