ci: build locally with kaniko + push to DockerHub

* add hadolint Dockerfile linter step
* update Dockerfile to implement hadolint suggestions (cbp)
* switch to immawanderer/drone-kaniko as the kaniko flavour of choice
* get a typo in README

.drone.yml

@@ -1,44 +1,64 @@
----
-kind: pipeline
-name: dockerhub-build-trigger
-
-platform:
-  arch: amd64
-
-trigger:
-  branch: master
-  exclude:
-    event: pull_request
-
-steps:
-- name: call webhook
-  pull: always
-  image: curlimages/curl:latest
-  environment:
-    ENDPOINT:
-      from_secret: dockerhub_endpoint
-  commands:
-  - curl -s -X POST $ENDPOINT
-
 ---
 kind: pipeline
 type: docker
-name: kaniko-build
+name: testing
 
 platform:
   os: linux
   arch: amd64
 
-depends_on:
-- dockerhub-build-trigger
-
 steps:
-- name: build
+- name: hadolint
   pull: always
-  image: ghcr.io/finitum/drone-kaniko:0.8.2
+  image: hadolint/hadolint:v1.23.0-8-gb01c5a9-alpine
+  commands:
+  - hadolint --version
+  - hadolint Dockerfile
+  when:
+    ref:
+    - refs/heads/master
+    - "refs/heads/feature-**"
+    - "refs/pull/**"
+    - "refs/tags/**"
+    event:
+      exclude: [cron]
+
+- name: kaniko-build
+  pull: always
+  image: immawanderer/drone-kaniko:efd19c50
   settings:
     dockerfile: Dockerfile
     context: .
+  when:
+    ref:
+    - "refs/heads/feature-**"
+    - "refs/pull/**"
+    - "refs/tags/**"
+    event:
+      exclude: [cron]
+
+- name: kaniko-publish
+  pull: always
+  image: immawanderer/drone-kaniko:efd19c50
+  settings:
+    dockerfile: Dockerfile
+    context: .
+    tags:
+    - latest
+    - linux-amd64
+    - ${DRONE_COMMIT_SHA:0:8}
+    repo: immawanderer/archlinux
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    ref:
+    - refs/heads/master
+    event:
+      exclude: [pull_request, tag]
+trigger:
+  event: [push, pull_request, cron, tag]
 
 ---
 kind: pipeline
@@ -63,7 +83,7 @@ trigger:
     - cron
 
 depends_on:
-- kaniko-build
+- testing
 
 steps:
   - name: discord
@@ -99,7 +119,7 @@ trigger:
     - failure
 
 depends_on:
-  - kaniko-build
+- testing
 
 steps:
   - name: discord

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  # ad "DL3007 archlinux is always updating
+  - DL3007

Dockerfile

@@ -21,6 +21,5 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
 RUN pacman --version
 
 RUN pacman -Syu --noconfirm --needed
-RUN pacman --noconfirm -Rn $(pacman -Qdtq) || true
-RUN pacman -Scc && rm -rf /var/cache/pacman/* /var/lib/pacman/sync/* \
-    rm -rv /tmp/* || true
+RUN pacman --noconfirm -Rn "$(pacman -Qdtq)" || true
+RUN pacman -Scc && rm -rf /var/cache/pacman/* /var/lib/pacman/sync/*

README.md

@@ -26,7 +26,7 @@ That's just it. This makes it possible to just grab the image and install whatev
 * Arch Linux image with freshly updated package base to build upon
 
 ## Running the image
-* edit the `yourlocalpath` and `containerpath` variabled or remove them entirely (along with `-v`) if you have *nothing to mount*
+* edit the `yourlocalpath` and `containerpath` variables or remove them entirely (along with `-v`) if you have *nothing to mount*
 
 ```bash
 docker run -it -v yourlocalpath:containerpath immawanderer/archlinux:latest