USHIFT-1050: Add hadolint : Linter for Dockerfiles and Containerfiles

[chiragkyal]

Which issue(s) this PR addresses:

Closes https://issues.redhat.com/browse/USHIFT-1050

This PR adds hadolint as a linter for Dockerfiles and Containerfiles

[openshift-ci-robot]

@chiragkyal: This pull request references USHIFT-1050 which is a valid jira issue.

Details

In response to this:

Which issue(s) this PR addresses:

Closes https://issues.redhat.com/browse/USHIFT-1050

This PR adds hadolint as a linter for Dockerfiles and Containerfiles

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[chiragkyal]

Enabled DL3007 rule to cross-check the linter in CI. Expecting the verify job to fail due to DL3007

[chiragkyal]

As expected, the CI Job failed with error

./docs/config/Containerfile.tinyproxy:1 DL3007 warning: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag
./packaging/images/openshift-ci/Dockerfile.test-runtime:2 DL3007 warning: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag

Disabling the rule back.

[chiragkyal]

DL3002 warning: Last USER should not be root
SC3037 warning: In POSIX sh, echo flags are undefined.
SC2086 info: Double quote to prevent globbing and word splitting.
DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it.

[ggiguash]

I think we may want to move the first warning to the global flags and fix the other 3 in the file.

[ggiguash]

Let's try to avoid having local suppressions.

[chiragkyal]

• DL3002 : Moved to common config
• SC3037 : replaced echo -e with printf with some formatting changes
• SC2086 : Added Double quote
• DL4006: Added SHELL ["/bin/bash", "-o", "pipefail", "-c"] Ref here

[openshift-ci]

@chiragkyal: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[ggiguash]

This is LGTM for me. Let's have someone else review and merge this PR.

[dhellmann]

Does this produce the same output? It seems like we would lose the line breaks between each of the separate values?

Could we put this config file in git as a file and then copy it into the right place in the container at this step?

[dhellmann]

TIL

$ printf "%s\n" foo bar
foo
bar

[dhellmann]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chiragkyal, dhellmann

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [chiragkyal,dhellmann]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment