runners
/
docker-gitea-act-runner
mirror of https://github.com/vegardit/docker-gitea-act-runner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add Dockerfile linter

This commit is contained in:
sebthom 2023-05-01 13:28:58 +02:00
parent 0d53de011a
commit f6092289dd
3 changed files with 29 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/build.yml vendored
View File

@ -49,9 +49,14 @@ jobs:
- name: Git Checkout
uses: actions/checkout@v3 #https://github.com/actions/checkout
- name: Check Dockerfile
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: image/${{ matrix.DOCKER_FILE }}
ignore: DL3008,SC1091 # https://github.com/hadolint/hadolint/wiki/DL3008
- name: Cache trivy cache
uses: actions/cache@v3
if: env.ACT != 'true' # https://github.com/nektos/act#skipping-steps
with:
path: ${{ env.TRIVY_CACHE_DIR }}
# https://github.com/actions/cache/issues/342#issuecomment-673371329

31
image/DinD.Dockerfile
View File

@ -15,7 +15,7 @@ LABEL maintainer="Vegard IT GmbH (vegardit.com)"
USER root
SHELL ["/bin/bash", "-c"]
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
ARG DEBIAN_FRONTEND=noninteractive
ARG LC_ALL=C
@ -29,18 +29,17 @@ ARG BASE_LAYER_CACHE_KEY
RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
set -euo pipefail
/mnt/shared/cmd/debian-install-os-updates.sh
/mnt/shared/cmd/debian-install-support-tools.sh
function minimize() {
ls -l $@
echo "Stripping [$@]..."
command strip --strip-unneeded $@
ls -l $@
ls -l "$@"
echo "Stripping [$*]..."
command strip --strip-unneeded "$@"
ls -l "$@"
if [[ $UPX_COMPRESS == "true" ]]; then
echo "Compressing [$@]..."
/opt/upx/upx -9 $@ || true
echo "Compressing [$*]..."
/opt/upx/upx -9 "$@" || true
fi
}
@ -57,7 +56,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
mkdir /opt/upx
upx_download_url=$(curl -fsSL https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
echo "Downloading [$upx_download_url]..."
curl -fL $upx_download_url | tar Jxv -C /opt/upx --strip-components=1
curl -fL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
/opt/upx/upx --version
fi
@ -66,7 +65,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
echo "#################################################"
echo "Downloading Gitea act runner..."
echo "#################################################"
curl -fsSL $ACT_RUNNER_DOWNLOAD_URL -o /usr/local/bin/act_runner
curl -fsSL "$ACT_RUNNER_DOWNLOAD_URL" -o /usr/local/bin/act_runner
chmod 755 /usr/local/bin/act_runner
minimize /usr/local/bin/act_runner
act_runner --version
@ -89,7 +88,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" > /etc/apt/sources.list.d/docker.list
"$(source /etc/os-release && echo "$VERSION_CODENAME")" stable" > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io fuse-overlayfs
@ -103,10 +102,10 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
sudo addgroup --system dockremap
sudo adduser --system --ingroup dockremap dockremap
echo 'dockremap:165536:65536' | sudo tee -a /etc/subuid
echo 'dockremap:165536:65536' | sudo tee -a /etc/subgid
addgroup --system dockremap
adduser --system --ingroup dockremap dockremap
echo 'dockremap:165536:65536' | tee -a /etc/subuid
echo 'dockremap:165536:65536' | tee -a /etc/subgid
usermod -aG docker act
@ -173,8 +172,6 @@ ubuntu-20.04:docker://catthehacker/ubuntu:runner-20.04' \
RUN <<EOF
set -euo pipefail
echo "#################################################"
echo "Writing build_info..."
echo "#################################################"

21
image/Dockerfile
View File

@ -15,7 +15,7 @@ LABEL maintainer="Vegard IT GmbH (vegardit.com)"
USER root
SHELL ["/bin/bash", "-c"]
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
ARG DEBIAN_FRONTEND=noninteractive
ARG LC_ALL=C
@ -29,18 +29,17 @@ ARG BASE_LAYER_CACHE_KEY
RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
set -euo pipefail
/mnt/shared/cmd/debian-install-os-updates.sh
/mnt/shared/cmd/debian-install-support-tools.sh
function minimize() {
ls -l $@
echo "Stripping [$@]..."
command strip --strip-unneeded $@
ls -l $@
ls -l "$@"
echo "Stripping [$*]..."
command strip --strip-unneeded "$@"
ls -l "$@"
if [[ $UPX_COMPRESS == "true" ]]; then
echo "Compressing [$@]..."
/opt/upx/upx -9 $@ || true
echo "Compressing [$*]..."
/opt/upx/upx -9 "$@" || true
fi
}
@ -57,7 +56,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
mkdir /opt/upx
upx_download_url=$(curl -fsSL https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
echo "Downloading [$upx_download_url]..."
curl -fL $upx_download_url | tar Jxv -C /opt/upx --strip-components=1
curl -fL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
/opt/upx/upx --version
fi
@ -66,7 +65,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
echo "#################################################"
echo "Downloading Gitea act runner..."
echo "#################################################"
curl -fsSL $ACT_RUNNER_DOWNLOAD_URL -o /usr/local/bin/act_runner
curl -fsSL "$ACT_RUNNER_DOWNLOAD_URL" -o /usr/local/bin/act_runner
chmod 755 /usr/local/bin/act_runner
minimize /usr/local/bin/act_runner
act_runner --version
@ -140,8 +139,6 @@ ubuntu-20.04:docker://catthehacker/ubuntu:runner-20.04' \
RUN <<EOF
set -euo pipefail
echo "#################################################"
echo "Writing build_info..."
echo "#################################################"