Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DDLS-444 add linting to github actions #1799

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

DDLS-444 add linting to github actions #1799

wants to merge 3 commits into from

Conversation

jamesrwarren
Copy link
Contributor

@jamesrwarren jamesrwarren commented Jan 21, 2025
edited
Loading

Purpose

Add linting to our Dockerfiles

Fixes DDLS-444

Approach

Decided to use hadolint as it's a popular tool and can be used securely. It has a github action but I actually like just using the docker container for a few reasons.

Firstly it's really easy to programmatically get all our dockerfiles in the repo and chevron them through to the docker container. We can also mount the single file for the config.
Secondly I like that it shows how you can recreate the issues locally by using the same command.
Finally as an edge case it's more secure, as a docker image that was compromised still doesn't have access to env vars or the filesystem and we simply push particular files into it at run time. An action on the other hand has a wider scope of things it can do with regards to the file system.

I've fixed most things. I've set a few to ignore. In particular I'm ignoring pinning of certain packages we specify in the dockerfile as I don't think renovate will handle updates for them and we deploy based on fixed images so if something were to break it wouldn't make it to prod and it means we're always up to date with the docker 'os' (so to speak). Will revisit my thinking around this but this is what I've gone for for now.

Learning

NA

Checklist

  • I have performed a self-review of my own code
  • I have updated documentation (Confluence/ADR/tech debt doc) where relevant
  • I have added tests to prove my work
  • The product team have approved these changes
  • I have checked my work for potential security issues and refered to the OWASP top 10

Frontend

  • I have run an in-browser accessibility test (e.g. WAVE, Lighthouse)
  • There are no deprecated CSS classes noted in the profiler
  • Translations are used and the profiler doesn't identify any missing
  • Any links or buttons added are screen reader friendly and contextually complete
  • If adding GA events, I have updated or checked the existing category or label values

@jamesrwarren jamesrwarren force-pushed the DDLS-444 branch 2 times, most recently from 43b7ac1 to a6c796d Compare January 22, 2025 17:32
@jamesrwarren jamesrwarren marked this pull request as ready for review January 23, 2025 09:22
@jamesrwarren jamesrwarren requested review from a team as code owners January 23, 2025 09:22
townxelliot
townxelliot reviewed Jan 23, 2025
View reviewed changes
client/docker/web/Dockerfile Outdated Show resolved Hide resolved
disaster-recovery/backup/Dockerfile Outdated Show resolved Hide resolved
townxelliot
townxelliot previously approved these changes Jan 23, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@townxelliot townxelliot townxelliot approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamesrwarren @townxelliot