gitlab-ci.yml: add dockerfile linter

Pipeline is configured to fail, if linter generates warning. Some rules cannot be applied in our specific cases. However, since we don't want to completely ignore these rules, we have lowered the severity of the rules below to the "info" level: - DL3008 (pin versions in apt-get install) - DL3029 (do not use --platform flag with FROM) Related-to: TOR-1566 Signed-off-by: Dejan Jesenko <dejan.jesenko@toradex.com>
2025-06-19 11:21:58 +00:00 · 2022-01-28 14:42:12 +01:00 · 2022-01-28 14:42:12 +01:00 · 98853d997c
commit 98853d997c
parent 881f30fb32
1 changed files with 17 additions and 3 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -25,10 +25,8 @@ variables:
 services:
  - name: docker:dind

-before_script:
-  - docker info
-
 stages:
+  - lint
  - build-rt-tests
  - build-rt-tests-multiarch
  - deploy
@ -44,6 +42,7 @@ stages:
  script:
    # Try to download latest image for cache, but don't fail if it does not exist
    - docker pull ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST} || true
+    - docker info
    - export DATE=$(date +%Y%m%d)
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build --build-arg IMAGE_TAG=${IMAGE_TAG}
@ -64,6 +63,7 @@ stages:

 docker-build-rt-tests:
  extends: .docker-build
+  needs: []
  before_script:
    - export MAJOR="${RT_TESTS_MAJOR}"
    - export MINOR="${RT_TESTS_MINOR}"
@ -77,6 +77,7 @@ docker-build-rt-tests:

 docker-build-stress-tests:
  extends: .docker-build
+  needs: []
  before_script:
    - export MAJOR="${STRESS_TESTS_MAJOR}"
    - export MINOR="${STRESS_TESTS_MINOR}"
@ -90,6 +91,7 @@ docker-build-stress-tests:

 docker-build-rt-tests-arm64:
  extends: .docker-build
+  needs: []
  before_script:
    - export MAJOR="${RT_TESTS_MAJOR}"
    - export MINOR="${RT_TESTS_MINOR}"
@ -104,6 +106,7 @@ docker-build-rt-tests-arm64:

 docker-build-stress-tests-arm64:
  extends: .docker-build
+  needs: []
  before_script:
    - export MAJOR="${STRESS_TESTS_MAJOR}"
    - export MINOR="${STRESS_TESTS_MINOR}"
@ -116,6 +119,17 @@ docker-build-stress-tests-arm64:
    DOCKER_NO_CACHE: ${DOCKER_NO_CACHE_FEEDS}
  stage: build-rt-tests

+lint_dockerfile:
+  stage: lint
+  image: hadolint/hadolint:latest-debian
+  script:
+    # Some rules cannot be applied in our specific cases.
+    # However, since we don't want to completely ignore these rules,
+    # we are changing the following rules to have the level "info":
+    # - DL3008: pin versions in apt-get install
+    # - DL3029 (do not use --platform flag with FROM)
+    - hadolint */Dockerfile --failure-threshold warning --info DL3008 --info DL3029
+
 # Enable experimental features in Docker client (experimental feature are needed for manifest)
 .do_docker_experimental: &do_docker_experimental
    - mkdir -p $HOME/.docker