packaging: delint kata-deploy dockerfiles

Removed all errors/warnings pointed out by hadolint version 2.7.0, except for the following ignored rules: - "DL3008 warning: Pin versions in apt get install" - "DL3041 warning: Specify version with `dnf install -y <package>-<version>`" - "DL3033 warning: Specify version with `yum install -y <package>-<version>`" - "DL3048 style: Invalid label key" - "DL3003 warning: Use WORKDIR to switch to a directory" - "DL3018 warning: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>" - "DL3037 warning: Specify version with zypper install -y <package>[=]<version>" Fixes #3107 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2025-04-30 12:44:39 +00:00 · 2021-11-19 14:29:09 -05:00 · 2021-11-19 14:29:09 -05:00 · 1ea9b70383
commit 1ea9b70383
parent 3669e1b6d9
3 changed files with 28 additions and 24 deletions
--- a/tools/packaging/kata-deploy/Dockerfile
+++ b/tools/packaging/kata-deploy/Dockerfile
@ -6,7 +6,7 @@ FROM registry.centos.org/centos:7 AS base
 ENV container docker
-RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+RUN (cd /lib/systemd/system/sysinit.target.wants/ && for i in *; do [ "$i" = systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \
 rm -f /lib/systemd/system/multi-user.target.wants/*; \
 rm -f /etc/systemd/system/*.wants/*; \
 rm -f /lib/systemd/system/local-fs.target.wants/*; \
@ -25,7 +25,7 @@ ARG KUBE_ARCH=amd64
 ARG KATA_ARTIFACTS=./kata-static.tar.xz
 ARG DESTINATION=/opt/kata-artifacts
-COPY ${KATA_ARTIFACTS} .
+COPY ${KATA_ARTIFACTS} ${WORKDIR}
 RUN \
 yum -y update && \
@ -37,7 +37,7 @@ tar xvf ${KATA_ARTIFACTS} -C ${DESTINATION}/ && \
 chown -R root:root ${DESTINATION}/
 RUN \
-curl -Lso /bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl && \
+curl -Lso /bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${KUBE_ARCH}/kubectl" && \
 chmod +x /bin/kubectl
 COPY scripts ${DESTINATION}/scripts
--- a/tools/packaging/kata-deploy/action/Dockerfile
+++ b/tools/packaging/kata-deploy/action/Dockerfile
@ -1,7 +1,7 @@
 # Copyright (c) 2019 Intel Corporation
 #
 # SPDX-License-Identifier: Apache-2.0
-FROM mcr.microsoft.com/azure-cli:latest
+FROM mcr.microsoft.com/azure-cli:2.9.1
 LABEL com.github.actions.name="Test kata-deploy in an AKS cluster"
 LABEL com.github.actions.description="Test kata-deploy in an AKS cluster"
@ -16,14 +16,14 @@ ENV GITHUB_ACTION_NAME="Test kata-deploy in an AKS cluster"
 # PKG_SHA environment variable
 ENV PKG_SHA=HEAD
-RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl \
+RUN curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${ARCH}/kubectl" \
  && chmod +x ./kubectl \
  && mv ./kubectl /usr/local/bin/kubectl
-RUN curl -LO https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \
+RUN curl -LO "https://github.com/Azure/aks-engine/releases/download/${AKS_ENGINE_VER}/aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \
-  && tar xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz \
+  && tar "xvf aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz" \
-  && mv aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine /usr/local/bin/aks-engine \
+  && mv "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}/aks-engine" /usr/local/bin/aks-engine \
-  && rm aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz
+  && rm "aks-engine-${AKS_ENGINE_VER}-linux-${ARCH}.tar.gz"
 COPY kubernetes-containerd.json /
 COPY setup-aks.sh test-kata.sh entrypoint.sh /
--- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
+++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
@ -6,17 +6,19 @@ FROM ubuntu:20.04
 ENV DEBIAN_FRONTEND=noninteractive
 ENV INSTALL_IN_GOPATH=false
-ADD install_yq.sh /usr/bin/install_yq.sh
+COPY install_yq.sh /usr/bin/install_yq.sh
-# yq installer deps
+# Install yq and docker
-RUN apt update && apt-get install -y curl sudo
+RUN apt-get update && \
-
+    apt-get install -y --no-install-recommends \
-# Install yq
+        ca-certificates \
-RUN install_yq.sh
+        curl \
-
+        sudo && \
-RUN curl -fsSL https://get.docker.com -o get-docker.sh
+    apt-get clean && rm -rf /var/lib/apt/lists/ && \
-RUN sh get-docker.sh
+    install_yq.sh && \
    curl -fsSL https://get.docker.com -o get-docker.sh && \
    sh get-docker.sh
 ARG IMG_USER=kata-builder
 ARG UID=1000
@ -27,12 +29,14 @@ RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers"
 #FIXME: gcc is required as agent is build out of a container build.
 RUN apt-get update && \
-    apt install --no-install-recommends -y \
+  apt-get install --no-install-recommends -y \
-    cpio \
+  build-essential \
-    gcc \
+  cpio \
-    git \
+  gcc \
-    make \
+  git \
-    xz-utils
+  make \
  xz-utils && \
  apt-get clean && rm -rf /var/lib/apt/lists
 ENV USER ${IMG_USER}
 USER ${UID}:${GID}