From b5d07f0f7ed2c8930f7b22a47a65bc6ca3e30913 Mon Sep 17 00:00:00 2001 From: Jonatan Antoni Date: Wed, 14 Jul 2021 12:50:57 +0200 Subject: [PATCH] Jenkins/Docker: Update hadolint version. - Ignore hadolint warnings about not pinned version. --- Jenkinsfile | 23 ++++++++++------------- docker/dockerfile | 2 ++ docker/dockerfile.gnu | 2 ++ 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d54a315f70..8e2ef733a2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -19,6 +19,7 @@ DOCKERINFO = [ 'label': 'latest' ] ] +HADOLINT_VERSION = '2.6.0-alpine' dockerinfo = DOCKERINFO['production'] @@ -135,9 +136,7 @@ pipeline { echo "VERSION: '${VERSION}'" } - dir('docker') { - stash name: 'dockerfile', includes: '**' - } + stash name: 'dockerfile', includes: 'docker/**' } } @@ -206,7 +205,7 @@ echo """Stage schedule: runAsGroup: 1000 containers: - name: hadolint - image: mcu--docker.eu-west-1.artifactory.aws.arm.com/hadolint/hadolint:v1.19.0-alpine + image: mcu--docker.eu-west-1.artifactory.aws.arm.com/hadolint/hadolint:${HADOLINT_VERSION} alwaysPullImage: true imagePullPolicy: Always command: @@ -221,15 +220,13 @@ echo """Stage schedule: } } steps { - dir('docker') { - unstash 'dockerfile' + unstash 'dockerfile' - sh 'hadolint --format json dockerfile | tee hadolint.log' + sh 'hadolint --format json docker/dockerfile* | tee hadolint.log' - recordIssues tools: [hadoLint(id: 'hadolint', pattern: 'hadolint.log')], - qualityGates: [[threshold: 1, type: 'DELTA', unstable: true]], - referenceJobName: 'nightly', ignoreQualityGate: true - } + recordIssues tools: [hadoLint(id: 'hadolint', pattern: 'hadolint.log')], + qualityGates: [[threshold: 1, type: 'DELTA', unstable: true]], + referenceJobName: 'nightly', ignoreQualityGate: true } } @@ -265,9 +262,9 @@ echo """Stage schedule: steps { sh('apk add bash curl git') script { - dir('docker') { - unstash 'dockerfile' + unstash 'dockerfile' + dir('docker') { dockerinfo = DOCKERINFO['staging'] withCredentials([sshUserPrivateKey(credentialsId: 'grasci_with_pk', keyFileVariable: 'grasciPk', diff --git a/docker/dockerfile b/docker/dockerfile index 6b6013e355..bc7ed21a62 100644 --- a/docker/dockerfile +++ b/docker/dockerfile @@ -10,6 +10,7 @@ RUN useradd -u 1000 -U -m -c Jenkins jenkins # install packages from official Ubuntu repo ENV DEBIAN_FRONTEND=noninteractive +# hadolint ignore=DL3008 RUN apt-get update && \ apt-get install --no-install-recommends -y \ bc \ @@ -84,6 +85,7 @@ RUN chmod +x /usr/local/bin/PackChk # install Python requirements COPY requirements.txt ${INSTALLER_PATH}/ +# hadolint ignore=DL3013 RUN python3 -m pip install -U --no-cache-dir pip && \ python3 -m pip install -U --no-cache-dir -r ${INSTALLER_PATH}/requirements.txt diff --git a/docker/dockerfile.gnu b/docker/dockerfile.gnu index dee7f4a518..9c8e13e35f 100644 --- a/docker/dockerfile.gnu +++ b/docker/dockerfile.gnu @@ -6,6 +6,7 @@ FROM ${DOCKER_REGISTRY}/ubuntu:focal # install packages from official Ubuntu repo ENV DEBIAN_FRONTEND=noninteractive +# hadolint ignore=DL3008 RUN apt-get update && \ apt-get install --no-install-recommends -y \ bc \ @@ -48,6 +49,7 @@ WORKDIR / # install Python requirements COPY requirements.txt ${INSTALLER_PATH}/ +# hadolint ignore=DL3013 RUN python3 -m pip install -U --no-cache-dir pip && \ python3 -m pip install -U --no-cache-dir -r ${INSTALLER_PATH}/requirements.txt