Integrates Hadolint for Dockerfile linting (nebari-dev#917)

* CI: Add Hadolint configuration and GitHub Action to lint Dockerfiles

* Fixing working directory path to run Hadolint

* fix hadolint file path

* DOCS: Add Hadolint specific docs in testing guide

* DOCS: Fix Vale errors

* Add a pre-commit hook for Hadolint

* Update hadolint pre-commit hooks

Co-authored-by: iameskild <eskild@doublee.io>

.github/workflows/image.yaml

@@ -80,3 +80,10 @@ jobs:
             quay.io/${{ steps.meta.outputs.tags }}
           push: ${{ github.event_name != 'pull_request' }}
           labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Lint Dockerfiles
+        uses: jbergstroem/hadolint-gh-action@v1
+        with:
+          dockerfile: ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.${{ matrix.dockerfile }}
+          output_format: tty
+          error_level: 0

.hadolint.yaml

@@ -0,0 +1,6 @@
+---
+ignored:
+  - DL3048
+  - DL3008
+  - DL3013
+  - DL3003

.pre-commit-config.yaml

@@ -1,15 +1,26 @@
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v2.3.0
     hooks:
     -   id: check-yaml
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
--   repo: https://github.com/psf/black
+  - repo: https://github.com/psf/black
     rev: 20.8b1
     hooks:
     -   id: black
--   repo: https://github.com/pycqa/flake8
+  - repo: https://github.com/pycqa/flake8
     rev: 3.8.4
     hooks:
     -   id: flake8
+  - repo: https://github.com/hadolint/hadolint.git
+    rev: v2.3.0
+    hooks:
+      - id: hadolint-docker
+        entry: hadolint/hadolint:v2.3.0 hadolint
+        args: [
+            "--ignore", "DL3048",
+            "--ignore", "DL3008",
+            "--ignore", "DL3013",
+            "--ignore", "DL3003",
+        ]

docs/source/dev_guide/testing.md

@@ -62,6 +62,22 @@ Then open the localhost (127.0.0.1) link that is in the terminal
 [I 2021-04-05 17:37:17.346 ServerApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation).
 ```
 
+## Linting Dockerfiles
+
+To lint Dockerfiles, developers use a tool called [Hadolint](https://github.com/hadolint/hadolint). Hadolint is a Dockerfile linter that allows to discover issues with the Dockerfiles and recommends [best practices to be followed](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/). QHub CI automates Hadolint code reviews on every commit and pull request, reporting code style and error prone issues.
+
+To run Hadolint locally you can either install it locally or use a container image. Instructions are available on the [install documentation for HadoLint](https://github.com/hadolint/hadolint#install). The `.hadolint.yml` on the root directory defines the ignored rules. To run Hadolint on Dockerfiles run:
+
+```shell
+hadolint ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.conda-store
+hadolint ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.dask-gateway
+hadolint ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.dask-worker
+hadolint ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.jupyterhub
+hadolint ./qhub/template/\{\{\ cookiecutter.repo_directory\ \}\}/image/Dockerfile.jupyterlab
+```
+
+Hadolint will report `error`, `warning`, `info` and `style` while linting Dockerfiles. In case of an error, the CI fails.
+
 ## Debug Kubernetes clusters
 
  To debug Kubernetes clusters, we advise you to use [K9s](https://k9scli.io/), a terminal-based UI that aims to

tests/vale/styles/Google/Headings.yml

@@ -36,3 +36,4 @@ exceptions:
   - Digital Ocean
   - Spot
   - Amazon Web Services
+  - Dockerfiles

tests/vale/styles/vocab.txt

@@ -127,3 +127,5 @@ walkthrough
 webapp
 yaml
 ClearML
+Hadolint
+Dockerfiles