From 98853d997cd68c4aefbe38911aaf3c8c480103cd Mon Sep 17 00:00:00 2001
From: Dejan Jesenko <dejan.jesenko@toradex.com>
Date: Fri, 28 Jan 2022 14:42:12 +0100
Subject: [PATCH] gitlab-ci.yml: add dockerfile linter

Pipeline is configured to fail, if linter
generates warning.

Some rules cannot be applied in our specific cases.
However, since we don't want to completely ignore these rules,
we have lowered the severity of the rules below to the "info" level:
- DL3008 (pin versions in apt-get install)
- DL3029 (do not use --platform flag with FROM)

Related-to: TOR-1566

Signed-off-by: Dejan Jesenko <dejan.jesenko@toradex.com>
---
 .gitlab-ci.yml | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 832c2c3..6d94b7b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,10 +25,8 @@ variables:
 services:
   - name: docker:dind
 
-before_script:
-  - docker info
-
 stages:
+  - lint
   - build-rt-tests
   - build-rt-tests-multiarch
   - deploy
@@ -44,6 +42,7 @@ stages:
   script:
     # Try to download latest image for cache, but don't fail if it does not exist
     - docker pull ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST} || true
+    - docker info
     - export DATE=$(date +%Y%m%d)
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
     - docker build --build-arg IMAGE_TAG=${IMAGE_TAG}
@@ -64,6 +63,7 @@ stages:
 
 docker-build-rt-tests:
   extends: .docker-build
+  needs: []
   before_script:
     - export MAJOR="${RT_TESTS_MAJOR}"
     - export MINOR="${RT_TESTS_MINOR}"
@@ -77,6 +77,7 @@ docker-build-rt-tests:
 
 docker-build-stress-tests:
   extends: .docker-build
+  needs: []
   before_script:
     - export MAJOR="${STRESS_TESTS_MAJOR}"
     - export MINOR="${STRESS_TESTS_MINOR}"
@@ -90,6 +91,7 @@ docker-build-stress-tests:
 
 docker-build-rt-tests-arm64:
   extends: .docker-build
+  needs: []
   before_script:
     - export MAJOR="${RT_TESTS_MAJOR}"
     - export MINOR="${RT_TESTS_MINOR}"
@@ -104,6 +106,7 @@ docker-build-rt-tests-arm64:
 
 docker-build-stress-tests-arm64:
   extends: .docker-build
+  needs: []
   before_script:
     - export MAJOR="${STRESS_TESTS_MAJOR}"
     - export MINOR="${STRESS_TESTS_MINOR}"
@@ -116,6 +119,17 @@ docker-build-stress-tests-arm64:
     DOCKER_NO_CACHE: ${DOCKER_NO_CACHE_FEEDS}
   stage: build-rt-tests
 
+lint_dockerfile:
+  stage: lint
+  image: hadolint/hadolint:latest-debian
+  script:
+    # Some rules cannot be applied in our specific cases.
+    # However, since we don't want to completely ignore these rules,
+    # we are changing the following rules to have the level "info":
+    # - DL3008: pin versions in apt-get install
+    # - DL3029 (do not use --platform flag with FROM)
+    - hadolint */Dockerfile --failure-threshold warning --info DL3008 --info DL3029
+
 # Enable experimental features in Docker client (experimental feature are needed for manifest)
 .do_docker_experimental: &do_docker_experimental
     - mkdir -p $HOME/.docker