Skip to content

Address some dockerfile lint errors and warnings #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Aug 16, 2025
Merged

Address some dockerfile lint errors and warnings #120

merged 8 commits into from
Aug 16, 2025

Conversation

jonasbardino
Copy link
Contributor

The recently added hadolint Action should help identify various suboptimal or directly broken constructs in our Dockerfiles before they come back to bite us.
One can also manually test e.g. with the docker version using:

docker run --rm -i hadolint/hadolint < Dockerfile

@jonasbardino jonasbardino self-assigned this Jul 16, 2025
@jonasbardino jonasbardino added enhancement New feature or request help wanted Extra attention is needed labels Jul 16, 2025
@jonasbardino jonasbardino force-pushed the adjust/address-some-dockerfile-lint-errors-and-warnings branch from 6444508 to ae8c2f3 Compare July 16, 2025 11:55
@jonasbardino jonasbardino requested a review from a team July 16, 2025 12:54
@jonasbardino
Copy link
Contributor Author

There's a sort of related pending task of completely cleaning up after the pylustrequota build, which I better leave to you @Martin-Rehr.
I already added the missing dnf cleanup there but don't know if the lustre checkout and build can just be wiped as well after install. In short we generally don't want any such build and package caches to bloat the resulting images. There may be other similar leftovers from libopkele/mod_auth_openid builds, btw.

Martin-Rehr
Martin-Rehr reviewed Jul 30, 2025
View reviewed changes
Copy link
Contributor

@Martin-Rehr Martin-Rehr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@jonasbardino
Switch local copy operations to use COPY instead of ADD as recommende…
6b79a71 
…d in

docker docs and pointed out by hadolint.
@jonasbardino
Always verify the integrity of downloaded binaries for security. For …
4ce2159 
…`tini` we

use the checksum of the binary that was released and gpg-signed by the author.
Fix a FROM ... AS ... case mismatch as pointed out by docker compose.
@jonasbardino
Add missing clean up after quota-related dnf install to avoid bloatin…
b726bc6 
…g image

with package cache, etc. as pointed out by hadolint.
@jonasbardino
Disable pip caches as recommended by hadolint.
ace0647
@jonasbardino
Silence wget as recommended by hadolint.
7e8df65
@jonasbardino
Add -l to useradd command as suggested by hadolint (DL3046) to avoid
0569a81 
excessive image size.
Properly anchor `*.key` to prevent option interference as recommended by
ShellCheck (SC2035).
@jonasbardino
Switch tiny download verification to use the published gpg signatur…
9f8142f 
…e of the

author for improved integrity assurance.
We could in principle preserve the weaker checksum verification during ADD, but
we disable it for the time being since gpg is sufficient and because `hadolint`
does not yet support the `--checksum` argument to ADD.
@jonasbardino
Prepare to disable the hadolint no-fail workaround, which should on…
36c3294 
…ly make

a difference until we have cleaned up Dockerfiles enough to have nothing worse
than warnings reported.
@jonasbardino jonasbardino force-pushed the adjust/address-some-dockerfile-lint-errors-and-warnings branch from 1390ab7 to 36c3294 Compare August 16, 2025 10:19
@jonasbardino jonasbardino merged commit 760f513 into master Aug 16, 2025
2 of 4 checks passed
@jonasbardino jonasbardino deleted the adjust/address-some-dockerfile-lint-errors-and-warnings branch August 16, 2025 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Martin-Rehr Martin-Rehr Martin-Rehr left review comments

Assignees

@jonasbardino jonasbardino

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonasbardino @Martin-Rehr