DDLS-444 fix all the hadolint suggestions

.github/workflows/_unit-tests-miscellaneous.yml → .github/workflows/_tests-miscellaneous.yml

@@ -47,7 +47,8 @@ jobs:
         run: |
           find . -type f -name "*Dockerfile*" -exec sh -c 'for file; \
           do echo "Processing $file"; \
-          docker run --rm -i hadolint/hadolint < "$file"; \
+          docker run --rm -i -v ./hadolint.yaml:/.config/hadolint.yaml \
+          hadolint/hadolint < "$file"; \
           done' sh {} +
 
           if [ $? -ne 0 ]; then

.github/workflows/workflow-path-to-live.yml

@@ -117,9 +117,9 @@ jobs:
       - api_unit_tests_2
       - api_unit_tests_3
 
-  miscellaneous_unit_tests:
-    name: miscellaneous unit tests
-    uses: ./.github/workflows/_unit-tests-miscellaneous.yml
+  miscellaneous_tests:
+    name: miscellaneous tests
+    uses: ./.github/workflows/_tests-miscellaneous.yml
     needs:
       - workflow_variables
 
@@ -144,7 +144,7 @@ jobs:
       - workflow_variables
       - terraform_apply_account_development
       - docker_build_scan_push
-      - miscellaneous_unit_tests
+      - miscellaneous_tests
       - client_unit_tests
       - api_unit_tests_1
       - api_unit_tests_2

.github/workflows/workflow-pull-request-path.yml

@@ -139,24 +139,24 @@ jobs:
       - workflow_variables
       - build_web_resources
 
+  miscellaneous_tests:
+    name: miscellaneous tests
+    uses: ./.github/workflows/_tests-miscellaneous.yml
+    needs:
+      - workflow_variables
+
   codecov:
     name: upload to codecov
     uses: ./.github/workflows/_codecov.yml
     secrets:
       codecov_token: ${{ secrets.CODECOV_TOKEN }}
     needs:
       - client_unit_tests
-      - miscellaneous_unit_tests
+      - miscellaneous_tests
       - api_unit_tests_1
       - api_unit_tests_2
       - api_unit_tests_3
 
-  miscellaneous_unit_tests:
-    name: miscellaneous unit tests
-    uses: ./.github/workflows/_unit-tests-miscellaneous.yml
-    needs:
-      - workflow_variables
-
   terraform_plan_account_development:
     name: account plan terraform development
     uses: ./.github/workflows/_run-terraform.yml

api/app/tests/pa11y/Dockerfile

@@ -23,6 +23,6 @@ RUN npm -g config set user root
 
 ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD = false
 
-RUN npm install -g pa11y-ci
+RUN npm install -g pa11y-ci@3.1.0
 
 COPY .pa11yci .

api/docker/app/Dockerfile

@@ -95,20 +95,20 @@ RUN mkdir certs && chmod 755 certs && wget -O certs/eu-west-1-bundle.pem https:/
 
 FROM application AS ci-tests
 # We use this setup for certain commands as part of the CI processing of unit tests
-CMD confd -onetime -backend env \
+CMD ["sh", "-c", "confd -onetime -backend env \
     && waitforit -address=tcp://$DATABASE_HOSTNAME:$DATABASE_PORT -timeout=$TIMEOUT \
     && php app/console doctrine:migrations:migrate --allow-no-migration --no-interaction \
     && php app/console doctrine:migrations:up-to-date \
-    && php-fpm
+    && php-fpm"]
 
 FROM application AS production
 COPY scripts/hardening/harden.sh /harden.sh
 RUN /harden.sh www-data && rm /harden.sh
 
 USER www-data
 
-CMD confd -onetime -backend env \
+CMD ["sh", "-c", "confd -onetime -backend env \
     && waitforit -address=tcp://$DATABASE_HOSTNAME:$DATABASE_PORT -timeout=$TIMEOUT \
     && php app/console doctrine:migrations:migrate --allow-no-migration --no-interaction \
     && php app/console doctrine:migrations:up-to-date \
-    && php-fpm
+    && php-fpm"]

api/docker/web/Dockerfile

@@ -24,5 +24,5 @@ RUN /harden-nginx.sh && rm /harden-nginx.sh
 
 USER nginx
 
-CMD confd -onetime -backend env \
-  && nginx -g "daemon off;"
+CMD ["sh", "-c", "confd -onetime -backend env \
+  && nginx -g \"daemon off;\""]

client/docker/app/Dockerfile

@@ -98,14 +98,14 @@ RUN su-exec www-data php -d memory_limit=-1 app/console cache:warmup
 
 FROM application as ci-tests
 # We use this setup for certain commands as part of the CI processing of unit tests
-CMD confd -onetime -backend env \
-    && php-fpm
+CMD ["sh", "-c", "confd -onetime -backend env \
+    && php-fpm"]
 
 FROM application as production
 COPY scripts/hardening/harden.sh /harden.sh
 RUN /harden.sh www-data && rm /harden.sh
 
 USER www-data
 
-CMD confd -onetime -backend env \
-    && php-fpm
+CMD ["sh", "-c", "confd -onetime -backend env \
+    && php-fpm"]

client/docker/app/Dockerfile-dev

@@ -1,2 +1,3 @@
+# hadolint ignore=DL3007
 FROM client-webserver:latest
 COPY client/docker/app/extra/robots.txt /public/robots.txt

client/docker/resources/Dockerfile

@@ -13,6 +13,7 @@ RUN npm audit --production
 RUN NODE_ENV=production npm run build
 
 FROM node-base as testing
+# hadolint ignore=DL3016
 RUN npm install -g jest jest-environment-jsdom
 RUN npm run build
 

client/docker/web/Dockerfile

@@ -15,7 +15,7 @@ RUN wget -q -O /usr/local/bin/waitforit https://github.com/maxclaus/waitforit/re
   && chmod +x /usr/local/bin/waitforit
 
 COPY --chown=nginx client/docker/web/confd /etc/confd
-COPY --chown=nginx client/resources/public/ public/
+COPY --chown=nginx client/resources/public/ /public/
 
 RUN apk --no-cache add libcap && \
     setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx && \
@@ -29,5 +29,5 @@ RUN /harden-nginx.sh && rm /harden-nginx.sh
 
 USER nginx
 
-CMD confd -onetime -backend env \
-  && nginx -g "daemon off;"
+CMD ["sh", "-c", "confd -onetime -backend env \
+  && nginx -g \"daemon off;\""]

disaster-recovery/backup/Dockerfile

@@ -2,8 +2,8 @@ FROM python:3.12-alpine3.20
 
 COPY requirements.txt /requirements.txt
 RUN apk update && apk upgrade
-RUN pip install --upgrade pip
-RUN pip install -r /requirements.txt
+RUN pip install --no-cache-dir --upgrade pip
+RUN pip install --no-cache-dir -r /requirements.txt
 RUN pip uninstall -y wheel setuptools
 COPY ./cross_account_backup.py /cross_account_backup.py
 RUN chmod 755 cross_account_backup.py

disaster-recovery/restore/Dockerfile

@@ -1,7 +1,7 @@
 FROM python:3.12-alpine3.20
 
 COPY requirements.txt /requirements.txt
-RUN apk update && apk upgrade && pip install --upgrade pip \
+RUN apk update && apk upgrade && pip install --no-cache-dir --upgrade pip \
     \ pip install -r /requirements.txt
 COPY ./database_restore.py /database_restore.py
 RUN pip uninstall -y wheel setuptools

file-scanner/Dockerfile

@@ -1,8 +1,9 @@
 FROM golang:1.22.9-alpine3.20 AS build
 
 # Build go package
-ADD file-scanner/. /go/src/clamav-rest/
-RUN cd /go/src/clamav-rest && go mod vendor && go build -v
+COPY file-scanner/. /go/src/clamav-rest/
+WORKDIR /go/src/clamav-rest
+RUN go mod vendor && go build -v
 
 FROM alpine:3.20
 

hadolint.yaml

@@ -0,0 +1,7 @@
+failure-threshold: error # name of threshold level (error | warning | info | style | ignore | none)
+format: tty # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
+ignored:
+  - DL3018
+  - DL3013
+  - DL4006
+  - DL3008

htmltopdf/Dockerfile

@@ -1,5 +1,5 @@
 FROM python:3.12-alpine3.20
-
+WORKDIR /
 ENV PYTHONUNBUFFERED 1
 
 RUN addgroup -S htmltopdf && adduser -S htmltopdf -G htmltopdf
@@ -12,19 +12,20 @@ RUN apk --update --upgrade --no-cache add fontconfig ttf-freefont font-noto term
     && fc-list | sort
 
 COPY htmltopdf/requirements.txt .
-COPY client/resources/public/assets/*/stylesheets/formatted-report.css ./tmp/
-COPY client/resources/public/assets/*/stylesheets/fonts.css ./tmp/
 
-RUN pip3 install --upgrade pip && pip install --upgrade pip
+RUN pip3 install --upgrade --no-cache-dir pip && pip install --upgrade --no-cache-dir pip
 
 RUN set -ex \
 && apk add --no-cache --virtual .build-deps musl-dev gcc g++ zlib-dev libffi-dev \
-&& pip3 install -r requirements.txt \
+&& pip3 install --no-cache-dir -r requirements.txt \
 && apk del .build-deps
 
-ADD --chown=htmltopdf:htmltopdf htmltopdf/docker-entrypoint.sh /docker-entrypoint.sh
-ADD --chown=htmltopdf:htmltopdf htmltopdf/app.py /app.py
-ADD --chown=htmltopdf:htmltopdf htmltopdf/clean-tmp /etc/periodic/hourly/clean-tmp
+COPY --chown=htmltopdf:htmltopdf htmltopdf/docker-entrypoint.sh /docker-entrypoint.sh
+COPY --chown=htmltopdf:htmltopdf htmltopdf/app.py /app.py
+COPY --chown=htmltopdf:htmltopdf htmltopdf/clean-tmp /etc/periodic/hourly/clean-tmp
+
+COPY client/resources/public/assets/*/stylesheets/formatted-report.css ./tmp/
+COPY client/resources/public/assets/*/stylesheets/fonts.css ./tmp/
 
 EXPOSE 80
 

lambdas/functions/custom_sql_query/Dockerfile

@@ -8,7 +8,7 @@ RUN apk update && apk add --no-cache \
     python3-dev \
     musl-dev
 RUN apk upgrade
-RUN pip install --upgrade pip setuptools wheel
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel
 
 # Build image
 FROM python-alpine as build-image
@@ -28,12 +28,14 @@ RUN apk add  --no-cache \
 ARG FUNCTION_DIR
 # Create function directory
 RUN mkdir -p ${FUNCTION_DIR}
+
+WORKDIR /${FUNCTION_DIR}
 # Copy function code
-COPY app ${FUNCTION_DIR}/app
+COPY app app
 COPY requirements.txt requirements.txt
 # Install the runtime interface client
-RUN python -m pip install --upgrade pip
-RUN python -m pip install \
+RUN python -m pip install --no-cache-dir --upgrade pip
+RUN python -m pip install --no-cache-dir \
         --target ${FUNCTION_DIR} \
         --requirement requirements.txt
 

local-resources/local-load-balancer/Dockerfile

@@ -1,5 +1,5 @@
 # Use the official Nginx base image
-FROM nginx:latest
+FROM nginx:1.27
 
 # Copy the nginx.conf file to the container
 COPY nginx.conf /etc/nginx/nginx.conf

local-resources/localstack/Dockerfile

@@ -1,6 +1,6 @@
 FROM localstack/localstack:0.14.5 as localstack
 
-RUN apt -yq install bash-completion bash
+RUN apt-get -yq install bash-completion bash
 
 COPY ./client/app/tests/csv/paProDeputyReport.csv /tmp/paProDeputyReport.csv
 COPY ./client/app/tests/csv/layDeputyReport.csv /tmp/layDeputyReport.csv

orchestration/Dockerfile

@@ -1,10 +1,12 @@
 FROM golang:1.23-alpine3.20 AS builder
-WORKDIR /app
-COPY anonymisation anonymisation
-RUN cd anonymisation && go build -o anonymise main.go
 
-COPY sleep_mode sleep_mode
-RUN cd sleep_mode && go build -o environment_status main.go
+COPY sleep_mode /app/sleep_mode
+WORKDIR /app/sleep_mode
+RUN go build -o environment_status main.go
+
+COPY anonymisation /app/anonymisation
+WORKDIR /app/anonymisation
+RUN go build -o anonymise main.go
 
 FROM alpine:3.20
 RUN apk update && apk upgrade
@@ -30,26 +32,34 @@ RUN apk add --no-cache \
     chromium
 RUN apk update && apk upgrade
 
-ADD tests/package.json tests/package.json
-ADD tests/package-lock.json tests/package-lock.json
-RUN cd tests && npm ci
 RUN mkdir certs && chmod 755 certs && wget -O certs/eu-west-1-bundle.pem https://truststore.pki.rds.amazonaws.com/eu-west-1/eu-west-1-bundle.pem
 
-COPY --from=builder /app/sleep_mode/environment_status .
+COPY backup.sh /backup.sh
+COPY restore.sh /restore.sh
+COPY common.sh /common.sh
+COPY analyse-database.sh /analyse-database.sh
+
+COPY --from=builder /app/sleep_mode/environment_status /
 RUN chmod +x environment_status
-COPY --from=builder /app/anonymisation /anonymisation
+
+COPY --from=builder /app/anonymisation /anonymisation/.
 RUN chmod +x /anonymisation/anonymise
 
-ADD tests/smoke-tests/AdminSmokeTest.js tests/smoke-tests/AdminSmokeTest.js
-ADD tests/smoke-tests/FrontSmokeTest.js tests/smoke-tests/FrontSmokeTest.js
-ADD tests/resilience-tests/FrontLoadTest.js tests/resilience-tests/FrontLoadTest.js
-ADD tests/resilience-tests/Analyse.js tests/resilience-tests/Analyse.js
-ADD tests/resilience-tests/RunExperiments.js tests/resilience-tests/RunExperiments.js
-ADD tests/utility/Utility.js tests/utility/Utility.js
-ADD tests/utility/DataAnalysis.js tests/utility/DataAnalysis.js
-ADD tests/run-smoke-tests.sh tests/run-smoke-tests.sh
-ADD tests/run-resilience-tests.sh tests/run-resilience-tests.sh
-ADD backup.sh backup.sh
-ADD restore.sh restore.sh
-ADD common.sh common.sh
-ADD analyse-database.sh analyse-database.sh
+COPY tests/package.json /tests/package.json
+COPY tests/package-lock.json /tests/package-lock.json
+COPY tests/run-smoke-tests.sh /tests/run-smoke-tests.sh
+COPY tests/run-resilience-tests.sh /tests/run-resilience-tests.sh
+
+COPY tests/smoke-tests/AdminSmokeTest.js /tests/smoke-tests/AdminSmokeTest.js
+COPY tests/smoke-tests/FrontSmokeTest.js /tests/smoke-tests/FrontSmokeTest.js
+
+COPY tests/resilience-tests/FrontLoadTest.js /tests/resilience-tests/FrontLoadTest.js
+COPY tests/resilience-tests/Analyse.js /tests/resilience-tests/Analyse.js
+COPY tests/resilience-tests/RunExperiments.js /tests/resilience-tests/RunExperiments.js
+
+COPY tests/utility/Utility.js /tests/utility/Utility.js
+COPY tests/utility/DataAnalysis.js /tests/utility/DataAnalysis.js
+
+WORKDIR /tests
+RUN npm ci
+WORKDIR /

scripts/custom_sql_query/Dockerfile

@@ -3,7 +3,7 @@ ARG FUNCTION_DIR="/function"
 
 # ===== BASE IMAGE =====
 FROM python:3.12-alpine3.20 AS python-alpine
-RUN pip install --upgrade pip setuptools wheel
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel
 RUN apk update && apk upgrade
 
 # ===== Build image =====
@@ -12,24 +12,23 @@ FROM python-alpine as build-image
 ARG FUNCTION_DIR
 # Create function directory
 RUN mkdir -p ${FUNCTION_DIR}
+
 # Copy function code
-COPY run_custom_query.py ${FUNCTION_DIR}/run_custom_query.py
-COPY _verification.sql ${FUNCTION_DIR}/_verification.sql
-COPY _run.sql ${FUNCTION_DIR}/_run.sql
+COPY run_custom_query.py /${FUNCTION_DIR}/run_custom_query.py
+COPY _verification.sql /${FUNCTION_DIR}/_verification.sql
+COPY _run.sql /${FUNCTION_DIR}/_run.sql
 
-COPY requirements.txt requirements.txt
+COPY requirements.txt /requirements.txt
 # Install the requirements
-RUN python -m pip install --upgrade pip
-RUN python -m pip install \
-        --target ${FUNCTION_DIR} \
+RUN python -m pip install --upgrade --no-cache-dir pip
+RUN python -m pip install --no-cache-dir \
+        --target /${FUNCTION_DIR} \
         --requirement requirements.txt
 
 # ===== FINAL IMAGE =====
 FROM python-alpine
 # Include global arg in this stage of the build
 ARG FUNCTION_DIR
-# Set working directory to function root directory
-WORKDIR ${FUNCTION_DIR}
 # Copy in the build image dependencies
 COPY --from=build-image ${FUNCTION_DIR} ${FUNCTION_DIR}