feat: add hadolint (#40)

.gitlab-ci.yml

@@ -1,6 +1,7 @@
 include:
   - /curl/.gitlab-ci.yml
   - /git-deploy/.gitlab-ci.yml
+  - /git-tag-release/.gitlab-ci.yml
   - /helm/.gitlab-ci.yml
   - /k8s-ns-killer/.gitlab-ci.yml
   - /kubectl/.gitlab-ci.yml
@@ -33,6 +34,7 @@ variables:
     - docker login  $CI_REGISTRY -u gitlab-ci-token -p $CI_JOB_TOKEN
 
 stages:
+  - "Quality"
   - "Build"
   - "Test"
   - "Release"

curl/.gitlab-ci.yml

@@ -16,3 +16,9 @@ Publish socialgouv/docker/curl to Github Registry:
   extends: .base_publish_to_github_stage
   variables:
     IMAGE_NAME: socialgouv/docker/curl
+
+Hadolint curl:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./curl/Dockerfile

curl/Dockerfile

@@ -1,3 +1,3 @@
 FROM alpine:3.10
 
-RUN apk --no-cache --update add curl
+RUN apk --no-cache --update add curl=7.66.0-r0

git-deploy/.gitlab-ci.yml

@@ -22,3 +22,9 @@ Publish socialgouv/docker/git-deploy to Github Registry:
   extends: .base_publish_to_github_stage
   variables:
     IMAGE_NAME: socialgouv/docker/git-deploy
+
+Hadolint git-deploy:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./git-deploy/Dockerfile

git-deploy/Dockerfile

@@ -2,7 +2,7 @@ FROM python:3.8.0b1-alpine3.10
 
 ## Install envsubst and curl
 RUN apk update
-RUN apk add --no-cache gettext-dev curl
+RUN apk add --no-cache gettext-dev=0.19.8.1-r4 curl=7.66.0-r0
 
 ## Copy git deployment scripts
 COPY ./bin /bin

git-tag-release/.gitlab-ci.yml

@@ -0,0 +1,5 @@
+Hadolint git-tag-release:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./git-tag-release/Dockerfile

git-tag-release/Dockerfile

@@ -2,5 +2,5 @@ FROM alpine:3.10
 
 ## Install git & openssh-client
 RUN apk update
-RUN apk add --no-cache git openssh-client
+RUN apk add --no-cache git=2.22.0-r0 openssh-client=8.1_p1-r0
 

helm/.gitlab-ci.yml

@@ -19,3 +19,9 @@ Publish socialgouv/docker/helm to Github Registry:
   extends: .base_publish_to_github_stage
   variables:
     IMAGE_NAME: socialgouv/docker/helm
+
+Hadolint helm:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./helm/Dockerfile

helm/Dockerfile

@@ -4,21 +4,23 @@ FROM alpine/helm:2.14.3
 
 ## Install envsubst & coreutils
 RUN apk add --update --no-cache \
-  bash \
-  coreutils \
-  curl \
-  gettext-dev \
-  git \
-  sudo
+  bash=5.0.11-r0 \
+  coreutils=8.31-r0 \
+  curl=7.67.0-r0 \
+  gettext-dev=0.20.1-r1 \
+  git=2.24.0-r0 \
+  sudo=1.8.29-r0
 
 ENV HOME=/config
 
 COPY --from=kubectl-image /usr/local/bin/kubectl /usr/local/bin/kubectl
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 RUN set -x && \
     adduser kubectl -Du 2342 -h /config && \
     chgrp -R kubectl /usr/local; \
-    find /usr/local -type d | xargs chmod g+w; \
+    find /usr/local -type d -exec chmod g+w {} \; && \
     echo "kubectl ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/kubectl; \
     chmod 0440 /etc/sudoers.d/kubectl; \
     # Create non-root user (with a randomly chosen UID/GUI).

k8s-ns-killer/.gitlab-ci.yml

@@ -37,3 +37,9 @@ Publish socialgouv/docker/k8s-ns-killer to Github Registry:
   extends: .base_publish_to_github_stage
   variables:
     IMAGE_NAME: socialgouv/docker/k8s-ns-killer
+
+Hadolint k8s-ns-killer:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./k8s-ns-killer/Dockerfile

k8s-ns-killer/Dockerfile

@@ -2,7 +2,7 @@ FROM registry.gitlab.factory.social.gouv.fr/socialgouv/docker/helm:0.12.0
 
 USER root
 
-RUN apk add --update --no-cache git less openssh
+RUN apk add --update --no-cache git=2.23.0-r1 less=551-r0 openssh=8.1_p1-r0
 
 USER kubectl
 

kubectl/.gitlab-ci.yml

@@ -17,3 +17,9 @@ Publish socialgouv/docker/kubectl to Github Registry:
   extends: .base_publish_to_github_stage
   variables:
     IMAGE_NAME: socialgouv/docker/kubectl
+
+Hadolint kubectl:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./kubectl/Dockerfile

kubectl/Dockerfile

@@ -2,11 +2,13 @@ FROM alpine:3.10
 
 ## Install envsubst & coreutils
 RUN apk add --update --no-cache \
-  bash \
-  coreutils \
-  curl \
-  gettext-dev \
-  sudo
+  bash=5.0.0-r0 \
+  coreutils=8.31-r0 \
+  curl=7.66.0-r0 \
+  gettext-dev=0.19.8.1-r4  \
+  sudo=1.8.27-r0 \
+  ca-certificates=20190108-r0
+
 
 ENV K8S_LATEST_VERSION="v1.16.2"
 ## Install kubectl
@@ -17,7 +19,6 @@ ADD https://storage.googleapis.com/kubernetes-release/release/${K8S_LATEST_VERSI
 ENV HOME=/config
 
 RUN set -x && \
-    apk add --no-cache curl ca-certificates && \
     chmod +x /usr/local/bin/kubectl && \
     \
     # Create non-root user (with a randomly chosen UID/GUI).

nginx4spa/.gitlab-ci.yml

@@ -12,27 +12,33 @@ Test socialgouv/docker/nginx4spa:
     - docker:18-dind
   script:
     - docker run
-        --detach
-        --env VERSION=x.y.z
-        --name nginx4spa_test
-        --publish 8888:80
-        --rm
-        --volume ${CI_PROJECT_DIR}/nginx4spa/test:/usr/share/nginx/html
-        ${CI_REGISTRY_IMAGE}/nginx4spa:${CI_COMMIT_SHA}
+      --detach
+      --env VERSION=x.y.z
+      --name nginx4spa_test
+      --publish 8888:80
+      --rm
+      --volume ${CI_PROJECT_DIR}/nginx4spa/test:/usr/share/nginx/html
+      ${CI_REGISTRY_IMAGE}/nginx4spa:${CI_COMMIT_SHA}
     - docker ps
     - docker logs nginx4spa_test
     #
     - apk --update add curl
     - curl localhost:8888
     - curl -s localhost:8888 |
-        grep "nginx4spa/test/index.html with VERSION=x.y.z"
+      grep "nginx4spa/test/index.html with VERSION=x.y.z"
     - curl -s localhost:8888/foo/bar/bar.js
     - curl -s localhost:8888/foo/bar/bar.js |
-        grep "// nginx4spa/test/foo/bar/bar.js with VERSION=x.y.z"
+      grep "// nginx4spa/test/foo/bar/bar.js with VERSION=x.y.z"
   after_script:
     - docker stop nginx4spa_test || true
 
 Publish socialgouv/docker/nginx4spa to Github Registry:
   extends: .base_publish_to_github_stage
   variables:
     IMAGE_NAME: socialgouv/docker/nginx4spa
+
+Hadolint nginx4spa:
+  stage: "Quality"
+  image: hadolint/hadolint:latest-debian
+  script:
+    - hadolint ./nginx4spa/Dockerfile