added hadolint to build pipelines

.github/workflows/confbatstest-build.yaml

@@ -26,6 +26,11 @@ jobs:
           TAGS+=($(grep "LABEL version" confbatstest/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: confbatstest/Dockerfile_build
+          ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
+
       - name: Build image
         id: build_image
         uses: redhat-actions/buildah-build@v2

.github/workflows/disconnected-csv.yaml

@@ -19,6 +19,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: disconnected-csv/Dockerfile
+          ignore: DL3013 # https://github.com/hadolint/hadolint/wiki/DL3013
+
       - uses: ./disconnected-csv
         with:
           CSV_FILE: ./disconnected-csv/tests/sample-clusterserviceversion.yaml

.github/workflows/github-dispatches-build.yaml

@@ -26,6 +26,10 @@ jobs:
           TAGS+=($(grep "LABEL version" github-dispatches/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: github-dispatches/Dockerfile_build
+
       - name: Build image
         id: build_image
         uses: redhat-actions/buildah-build@v2

.github/workflows/kyverno-cli-build.yaml

@@ -26,6 +26,11 @@ jobs:
           TAGS+=($(grep "LABEL version" kyverno-cli/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: kyverno-cli/Dockerfile_build
+          ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
+
       - name: Build image
         id: build_image
         uses: redhat-actions/buildah-build@v2

.github/workflows/redhat-csp-download-build.yaml

@@ -26,6 +26,10 @@ jobs:
           TAGS+=($(grep "LABEL version" redhat-csp-download/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: redhat-csp-download/Dockerfile_build
+
       - name: Build image
         id: build_image
         uses: redhat-actions/buildah-build@v2

.github/workflows/set-helm-version.yaml

@@ -19,6 +19,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: set-helm-version/Dockerfile
+
       - name: set-helm-version
         uses: ./set-helm-version
         with:

confbatstest/Dockerfile_build

@@ -100,7 +100,7 @@ RUN export BATS_VERSION=master && \
 USER 1001
 
 COPY requirements.txt /requirements.txt
-RUN pip3 install -r /requirements.txt && \
+RUN pip3 install --no-cache-dir -r /requirements.txt && \
     yq --version
 
 COPY entrypoint.sh /entrypoint.sh

disconnected-csv/Dockerfile

@@ -17,12 +17,13 @@ COPY ./add_related_image.py /add_related_image.py
 RUN curl -sL https://github.com/mikefarah/yq/releases/download/v4.35.2/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq && \
     curl -sL https://github.com/stedolan/jq/releases/download/jq-1.7/jq-linux64 -o /usr/bin/jq && chmod +x /usr/bin/jq && \
     dnf install -qy python3-pip && \
+    dnf clean all && \
     useradd -m github -d /home/github -u 1001 -g 0 && \
     chmod +x /attach_image_digests.sh
 
 USER 1001
 
-RUN  pip3 install --user ruamel.yaml
+RUN pip3 install --no-cache-dir --user ruamel.yaml
 
 WORKDIR /github/workspace
 

kyverno-cli/Dockerfile_build

@@ -67,7 +67,7 @@ RUN export BATS_VERSION=master && \
 USER 1001
 
 COPY requirements.txt /requirements.txt
-RUN pip3 install -r /requirements.txt && \
+RUN pip3 install --no-cache-dir -r /requirements.txt && \
     yq --version
 
 COPY entrypoint.sh /entrypoint.sh

redhat-csp-download/Dockerfile_build

@@ -10,7 +10,7 @@ LABEL "com.github.actions.branding.icon"="monitor"
 LABEL "com.github.actions.branding.color"="purple"
 
 COPY ansible /ansible
-RUN pip3 install -r /ansible/requirements.txt && \
+RUN pip3 install --no-cache-dir -r /ansible/requirements.txt && \
     ansible --version && \
     ansible-galaxy --version && \
     ansible-playbook --version

set-helm-version/Dockerfile

@@ -9,8 +9,9 @@ LABEL "com.github.actions.description"="Sets the Helm chart version and appVersi
 LABEL "com.github.actions.icon"="package"
 LABEL "com.github.actions.color"="purple"
 
+WORKDIR /
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt
 
-ADD entrypoint.py /entrypoint.py
+COPY entrypoint.py /entrypoint.py
 ENTRYPOINT [ "python", "/entrypoint.py" ]