drevops · AlexSkrypnyk · Jan 22, 2024 · Jan 22, 2024 · Jan 22, 2024
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -314,6 +314,12 @@ jobs:
           name: Build site
           command: ./scripts/drevops/build.sh
           no_output_timeout: 30m
+      - run:
+          name: Lint Dockerfiles with Hadolint
+          command: |
+            for file in $(find . -name 'Dockerfile' -o -name '*.dockerfile'); do
+              echo "Linting ${file}" && cat "${file}" | docker run --rm -i hadolint/hadolint || [ "${DREVOPS_CI_HADOLINT_IGNORE_FAILURE:-0}" -eq 1 ]
+            done
       - run:
           name: Lint code with PHPCS
           command: docker compose exec -T cli vendor/bin/phpcs || [ "${DREVOPS_CI_PHPCS_IGNORE_FAILURE:-0}" -eq 1 ]

diff --git a/.drevops/docs/.utils/.aspell.en.pws b/.drevops/docs/.utils/.aspell.en.pws
@@ -20,6 +20,7 @@ DX
 Deployer
 DevOps
 DockerHub
+Dockerfile
 DrevOps
 Drupal
 DrupalExtension
@@ -32,6 +33,7 @@ GitLab
 GraphQL
 Gruntfile
 HTTPS
+Hadolint
 Hotfix
 Integrations
 JS
@@ -116,6 +118,7 @@ hostname
 integrations
 io
 jira
+linter
 linters
 mariadb
 md

diff --git a/.drevops/docs/.utils/Dockerfile b/.drevops/docs/.utils/Dockerfile
@@ -1,11 +1,11 @@
 FROM squidfunk/mkdocs-material:9.5.4
 
 ENV DOCKERIZE_VERSION v0.7.0
-RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+RUN wget --quiet https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
     && tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
     && rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
-RUN pip install mdx_include mkdocs-same-dir mkdocs-replace-markdown mike==1.1.2
+RUN pip install --no-cache-dir mdx_include==1.4.2 mkdocs-same-dir==0.1.2 mkdocs-replace-markdown==0.1.0 mike==1.1.2
 
 WORKDIR /app
 

diff --git a/.drevops/docs/content/tools/hadolint.md b/.drevops/docs/content/tools/hadolint.md
@@ -0,0 +1,38 @@
+# Hadolint
+
+https://github.com/hadolint/hadolint
+
+> A smarter Dockerfile linter that helps you build best practice Docker images.
+
+DrevOps does not install Hadolint. Please follow the [
+instructions(https://github.com/hadolint/hadolint#install) to install it on your
+system.
+
+## Usage
+
+```shell
+hadolint .docker/*.dockerfile
+```
+
+## Ignoring
+
+To ignore **all Hadolint rules** within a file, place in the file header:
+```Dockerfile
+# hadolint global ignore=DL3003,DL3006,SC1035
+FROM ubuntu
+```
+
+To ignore only the current and the **next line**:
+```Dockerfile
+FROM ubuntu
+
+# hadolint ignore=DL3003,SC1035
+RUN cd /tmp && echo "hello!"
+```
+
+## Ignoring fail in CI
+
+This tool runs in CI by default and fails the build if there are any violations.
+
+Set `DREVOPS_CI_HADOLINT_IGNORE_FAILURE` environment variable to `1` to ignore
+failures. The tool will still run and report violations, if any.
diff --git a/.drevops/docs/mkdocs.yml b/.drevops/docs/mkdocs.yml
@@ -199,6 +199,7 @@ nav:
       - Drush: tools/drush.md
       - Git artifact: tools/git-artifact.md
       - PHPCS: tools/phpcs.md
+      - Hadolint: tools/hadolint.md
       - PHPMD: tools/phpmd.md
       - PHPStan: tools/phpstan.md
       - PHPUnit: tools/phpunit.md