diff --git a/.github/workflows/confbatstest-build.yaml b/.github/workflows/confbatstest-build.yaml index ef15e39..9b798f1 100644 --- a/.github/workflows/confbatstest-build.yaml +++ b/.github/workflows/confbatstest-build.yaml @@ -26,6 +26,11 @@ jobs: TAGS+=($(grep "LABEL version" confbatstest/Dockerfile_build | cut -d '"' -f 2)) echo "${TAGS[*]}" + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: confbatstest/Dockerfile_build + ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041 + - name: Build image id: build_image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/disconnected-csv.yaml b/.github/workflows/disconnected-csv.yaml index 5fbae3e..ce1071e 100644 --- a/.github/workflows/disconnected-csv.yaml +++ b/.github/workflows/disconnected-csv.yaml @@ -19,6 +19,11 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: disconnected-csv/Dockerfile + ignore: DL3013 # https://github.com/hadolint/hadolint/wiki/DL3013 + - uses: ./disconnected-csv with: CSV_FILE: ./disconnected-csv/tests/sample-clusterserviceversion.yaml diff --git a/.github/workflows/github-dispatches-build.yaml b/.github/workflows/github-dispatches-build.yaml index 355df21..609ea7c 100644 --- a/.github/workflows/github-dispatches-build.yaml +++ b/.github/workflows/github-dispatches-build.yaml @@ -26,6 +26,10 @@ jobs: TAGS+=($(grep "LABEL version" github-dispatches/Dockerfile_build | cut -d '"' -f 2)) echo "${TAGS[*]}" + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: github-dispatches/Dockerfile_build + - name: Build image id: build_image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/kyverno-cli-build.yaml b/.github/workflows/kyverno-cli-build.yaml index 30ca870..60d538e 100644 --- a/.github/workflows/kyverno-cli-build.yaml +++ b/.github/workflows/kyverno-cli-build.yaml @@ -26,6 +26,11 @@ jobs: TAGS+=($(grep "LABEL version" kyverno-cli/Dockerfile_build | cut -d '"' -f 2)) echo "${TAGS[*]}" + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: kyverno-cli/Dockerfile_build + ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041 + - name: Build image id: build_image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/redhat-csp-download-build.yaml b/.github/workflows/redhat-csp-download-build.yaml index aabdccf..d6157be 100644 --- a/.github/workflows/redhat-csp-download-build.yaml +++ b/.github/workflows/redhat-csp-download-build.yaml @@ -26,6 +26,10 @@ jobs: TAGS+=($(grep "LABEL version" redhat-csp-download/Dockerfile_build | cut -d '"' -f 2)) echo "${TAGS[*]}" + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: redhat-csp-download/Dockerfile_build + - name: Build image id: build_image uses: redhat-actions/buildah-build@v2 diff --git a/.github/workflows/set-helm-version.yaml b/.github/workflows/set-helm-version.yaml index 7368cd7..4e5b476 100644 --- a/.github/workflows/set-helm-version.yaml +++ b/.github/workflows/set-helm-version.yaml @@ -19,6 +19,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: set-helm-version/Dockerfile + - name: set-helm-version uses: ./set-helm-version with: diff --git a/confbatstest/Dockerfile_build b/confbatstest/Dockerfile_build index 8815253..bc7fe80 100644 --- a/confbatstest/Dockerfile_build +++ b/confbatstest/Dockerfile_build @@ -100,7 +100,7 @@ RUN export BATS_VERSION=master && \ USER 1001 COPY requirements.txt /requirements.txt -RUN pip3 install -r /requirements.txt && \ +RUN pip3 install --no-cache-dir -r /requirements.txt && \ yq --version COPY entrypoint.sh /entrypoint.sh diff --git a/disconnected-csv/Dockerfile b/disconnected-csv/Dockerfile index 9681bd6..b219cda 100644 --- a/disconnected-csv/Dockerfile +++ b/disconnected-csv/Dockerfile @@ -17,12 +17,13 @@ COPY ./add_related_image.py /add_related_image.py RUN curl -sL https://github.com/mikefarah/yq/releases/download/v4.35.2/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq && \ curl -sL https://github.com/stedolan/jq/releases/download/jq-1.7/jq-linux64 -o /usr/bin/jq && chmod +x /usr/bin/jq && \ dnf install -qy python3-pip && \ + dnf clean all && \ useradd -m github -d /home/github -u 1001 -g 0 && \ chmod +x /attach_image_digests.sh USER 1001 -RUN pip3 install --user ruamel.yaml +RUN pip3 install --no-cache-dir --user ruamel.yaml WORKDIR /github/workspace diff --git a/kyverno-cli/Dockerfile_build b/kyverno-cli/Dockerfile_build index 7b7ba24..30127f7 100644 --- a/kyverno-cli/Dockerfile_build +++ b/kyverno-cli/Dockerfile_build @@ -67,7 +67,7 @@ RUN export BATS_VERSION=master && \ USER 1001 COPY requirements.txt /requirements.txt -RUN pip3 install -r /requirements.txt && \ +RUN pip3 install --no-cache-dir -r /requirements.txt && \ yq --version COPY entrypoint.sh /entrypoint.sh diff --git a/redhat-csp-download/Dockerfile_build b/redhat-csp-download/Dockerfile_build index ff490fd..6daeae6 100644 --- a/redhat-csp-download/Dockerfile_build +++ b/redhat-csp-download/Dockerfile_build @@ -10,7 +10,7 @@ LABEL "com.github.actions.branding.icon"="monitor" LABEL "com.github.actions.branding.color"="purple" COPY ansible /ansible -RUN pip3 install -r /ansible/requirements.txt && \ +RUN pip3 install --no-cache-dir -r /ansible/requirements.txt && \ ansible --version && \ ansible-galaxy --version && \ ansible-playbook --version diff --git a/set-helm-version/Dockerfile b/set-helm-version/Dockerfile index d19bdc6..1bb0294 100644 --- a/set-helm-version/Dockerfile +++ b/set-helm-version/Dockerfile @@ -9,8 +9,9 @@ LABEL "com.github.actions.description"="Sets the Helm chart version and appVersi LABEL "com.github.actions.icon"="package" LABEL "com.github.actions.color"="purple" +WORKDIR / COPY requirements.txt ./ RUN pip install --no-cache-dir -r requirements.txt -ADD entrypoint.py /entrypoint.py +COPY entrypoint.py /entrypoint.py ENTRYPOINT [ "python", "/entrypoint.py" ]