chore: improve Dockerfiles and update .hadolint.yml rules

- Added a number of rules to be ignored in the `.hadolint.yml` file, including DL3041, DL4006, DL3013, SC2015, DL3006, and DL3018. - Added new variables `PIP_NO_WARN_SCRIPT_LOCATION` and `PIP_ROOT_USER_ACTION` to both `alpine.Dockerfile` and `ubi.Dockerfile` scripts. - Altered the `microdnf` install command in `ubi.Dockerfile` to include `findutils`. Signed-off-by: 陳鈞 <[email protected]>
jim60105 · Jan 8, 2024 · e5e8047 · e5e8047
1 parent 77d7eb4
commit e5e8047
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 4 deletions.
diff --git a/.hadolint.yml b/.hadolint.yml
@@ -1,2 +1,8 @@
 ignored:
-  - DL3042 # Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
+  - DL3041 # Specify version with `dnf install -y <package>-<version>`.
+  - DL3042 # Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
+  - DL4006 # Set the SHELL option -o pipefail before RUN with a pipe in it
+  - DL3013 # Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>`
+  - SC2015 # Note that A && B || C is not if-then-else. C may run when A is true.
+  - DL3006 # Always tag the version of an image explicitly
+  - DL3018 # Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
diff --git a/alpine.Dockerfile b/alpine.Dockerfile
@@ -14,6 +14,8 @@ WORKDIR /app
 
 # Install under /root/.local
 ENV PIP_USER="true"
+ARG PIP_NO_WARN_SCRIPT_LOCATION=0
+ARG PIP_ROOT_USER_ACTION="ignore"
 
 RUN --mount=type=cache,id=pip-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/pip \
     --mount=source=fc2-live-dl/requirements.txt,target=requirements.txt \

diff --git a/distroless.Dockerfile b/distroless.Dockerfile
@@ -10,6 +10,8 @@ WORKDIR /app
 
 # Install under /root/.local
 ENV PIP_USER="true"
+ARG PIP_NO_WARN_SCRIPT_LOCATION=0
+ARG PIP_ROOT_USER_ACTION="ignore"
 
 RUN --mount=type=cache,id=pip-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/pip \
     --mount=source=fc2-live-dl/requirements.txt,target=requirements.txt \

diff --git a/ubi.Dockerfile b/ubi.Dockerfile
@@ -16,7 +16,7 @@ RUN ln -s /usr/bin/python3.11 /usr/bin/python3 && \
 ### Build image
 FROM base AS build
 
-RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs -y install python3.11-pip && \
+RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs -y install python3.11-pip findutils && \
     microdnf -y clean all
 
 # RUN mount cache for multi-arch: https://github.com/docker/buildx/issues/549#issuecomment-1788297892
@@ -27,8 +27,8 @@ WORKDIR /app
 
 # Install under /root/.local
 ENV PIP_USER="true"
-
-ARG PIP_DISABLE_PIP_VERSION_CHECK=1
+ARG PIP_NO_WARN_SCRIPT_LOCATION=0
+ARG PIP_ROOT_USER_ACTION="ignore"
 
 RUN --mount=type=cache,id=pip-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/pip \
     --mount=source=fc2-live-dl/requirements.txt,target=requirements.txt \