From bb189cac7fa0f737fd7e6b81ad2280609ad7259e Mon Sep 17 00:00:00 2001
From: surtur <a_mirre@utb.cz>
Date: Tue, 26 Jan 2021 17:35:44 +0100
Subject: [PATCH] feat: add hadolint Dockerfile linting

commit 5acb4e2ba773d312c6b5159011ef415af53f8f71
Author: surtur <a_mirre@utb.cz>
Date:   Tue Jan 26 16:28:10 2021 +0100

    chore: rework ci pipeline logic

    * run {debug,release} builds after clone, then lint Dockerfile{,.dev}
      and finally run kaniko builds ({debug,release}) in parallel

commit 1e16f72eb4957b14c7fb316282d4cefae0811871
Author: surtur <a_mirre@utb.cz>
Date:   Tue Jan 26 16:19:50 2021 +0100

    feat: add hadolint Dockerfile linting

    to conform the linter and best practices:
    * add a FROM alias
    * quote variables (even though they're single-word and known in
      advance, might actually change it to ignore the warning)
---
 .drone.yml     | 18 ++++++++++++++++++
 .hadolint.yaml |  3 +++
 Dockerfile     |  6 +++---
 Dockerfile.dev |  2 +-
 4 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 .hadolint.yaml

diff --git a/.drone.yml b/.drone.yml
index 15d6a8d..7b4e2da 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -18,6 +18,7 @@ steps:
 - name: debug
   pull: always
   image: mcr.microsoft.com/dotnet/core/sdk:3.1-alpine
+  depends_on: [clone]
   commands:
     - dotnet restore
     - dotnet build .
@@ -25,13 +26,29 @@ steps:
 - name: release
   pull: always
   image: mcr.microsoft.com/dotnet/core/sdk:3.1-alpine
+  depends_on: [clone]
   commands:
     - dotnet restore
     - dotnet publish -c Release -o out
 
+- name: hadolint release
+  image: hadolint/hadolint:latest
+  depends_on: [clone]
+  commands:
+  - hadolint --version
+  - hadolint Dockerfile
+
+- name: hadolint debug
+  image: hadolint/hadolint:latest
+  depends_on: [clone]
+  commands:
+  - hadolint --version
+  - hadolint Dockerfile.dev
+
 - name: docker-release-build
   pull: always
   image: ghcr.io/finitum/drone-kaniko:0.7.0
+  depends_on: [release, hadolint release]
   settings:
     dockerfile: Dockerfile
     context: .
@@ -39,6 +56,7 @@ steps:
 - name: docker-debug-build
   pull: always
   image: ghcr.io/finitum/drone-kaniko:0.7.0
+  depends_on: [debug, hadolint debug]
   settings:
     dockerfile: Dockerfile.dev
     context: .
diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 0000000..f9d702e
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,3 @@
+ignored:
+  # ad "SC2039 In POSIX sh, UID is undefined." - it's a var defined by us
+  - SC2039
diff --git a/Dockerfile b/Dockerfile
index 6e0cc77..412ee95 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine
+FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine AS base
 ENV UID 1000
 ENV GID 1000
 ENV UNAME unpriv
@@ -13,8 +13,8 @@ RUN dotnet publish -c Release -o bin/out
 
 FROM mcr.microsoft.com/dotnet/aspnet:3.1
 WORKDIR /App
-COPY --from=0 /src/bin/out/ .
-RUN chown -R ${UID}:${GID} ./
+COPY --from=base /src/bin/out/ .
+RUN chown -R "${UID}":"${GID}" ./
 USER ${UNAME}
 ENV ASPNETCORE_ENVIRONMENT=Release
 ENTRYPOINT ["dotnet", "pwt-0x01-ng.dll"]
diff --git a/Dockerfile.dev b/Dockerfile.dev
index 9aa1753..1ddd1d6 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -10,7 +10,7 @@ RUN dotnet restore
 
 COPY . ./
 RUN dotnet build -c Debug -o bin/out
-RUN chown -R ${UID}:${GID} ./ /root/
+RUN chown -R "${UID}":"${GID}" ./ /root/
 USER ${UNAME}
 
 ENV ASPNETCORE_ENVIRONMENT=Development