Fix Dockerfile lint errors/warnings/info

mjanez · Sep 14, 2023 · 72d7e45 · 72d7e45
1 parent 93b5fad
commit 72d7e45
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 35 deletions.
diff --git a/.github/workflows/docker-dev.yaml b/.github/workflows/docker-dev.yaml
@@ -55,24 +55,24 @@ jobs:
  context: ${{ env.CONTEXT }}
  file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
 
-  - 
-  name: Linting image with hadolint
-  id: hadolint
-  uses: hadolint/[email protected]
-  with:
-  dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
- 
-  -
-  name: Run Trivy vulnerability scanner
-  uses: aquasecurity/trivy-action@master
-  with:
-  image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}'
-  format: 'sarif'
-  output: 'trivy-results.sarif'
-  
-  - 
-  name: Upload Trivy scan results to GitHub Security tab
-  uses: github/codeql-action/upload-sarif@v2
-  if: always()
-  with:
-  sarif_file: 'trivy-results.sarif'
+ - 
+ name: Linting Dockerfile with hadolint
+ id: hadolint
+ uses: hadolint/[email protected]
+ with:
+ dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
+
+ -
+ name: Run Trivy container image vulnerability scanner
+ uses: aquasecurity/trivy-action@0.12.0
+ with:
+ image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}'
+ format: 'sarif'
+ output: 'trivy-results.sarif'
+
+ - 
+ name: Upload Trivy scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v2
+ if: always()
+ with:
+ sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -56,15 +56,15 @@ jobs:
  file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
 
  - 
- name: Linting image with hadolint
+ name: Linting Dockerfile with hadolint
  id: hadolint
  uses: hadolint/[email protected]
  with:
  dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
 
  -
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@master
+ name: Run Trivy container image vulnerability scanner
+ uses: aquasecurity/trivy-action@0.12.0
  with:
  image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}'
  format: 'sarif'

diff --git a/ckan-pycsw/Dockerfile b/ckan-pycsw/Dockerfile
@@ -23,12 +23,12 @@ WORKDIR ${APP_DIR}
 RUN groupadd --gid $USER_GID $USERNAME \
  && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME && \
  chown -R $USERNAME:$USERNAME $APP_DIR && \
- apt-get -q -y update && apt-get install -y \
- wget && \
- DEBIAN_FRONTEND=noninteractive apt-get -yq install gettext-base && \
- wget -O /wait-for https://raw.githubusercontent.com/eficode/wait-for/v2.2.3/wait-for && \
+ apt-get -q -y update && apt-get install -y --no-install-recommends && \
+  wget=1.21-1+deb11u1 \
+   gettext-base=0.21-4 && \
+ wget --progress=dot:mega -O /wait-for https://raw.githubusercontent.com/eficode/wait-for/v2.2.4/wait-for && \
  chmod +x /wait-for && \
- python3 -m pip install pdm && \
+ python3 -m pip install --no-cache-dir pdm==2.9.2 && \
  rm -rf /var/lib/apt/lists/*
 
 COPY pyproject.toml pdm.lock ./

diff --git a/ckan-pycsw/Dockerfile.dev b/ckan-pycsw/Dockerfile.dev
@@ -18,13 +18,13 @@ ENV DEV_MODE=True
 ENV PYCSW_DEV_PORT=5678
 ENV TIMEOUT=300
 
-RUN apt-get -q -y update && apt-get install -y \
- wget \
- procps && \
- DEBIAN_FRONTEND=noninteractive apt-get -yq install gettext-base && \
- wget -O /wait-for https://raw.githubusercontent.com/eficode/wait-for/v2.2.4/wait-for && \
+RUN apt-get -q -y update && apt-get install -y --no-install-recommends && \
+  wget=1.21-1+deb11u1 \
+  gettext-base=0.21-4 \
+  procps=2:3.3.17-5 && \
+ wget --progress=dot:mega -O /wait-for https://raw.githubusercontent.com/eficode/wait-for/v2.2.4/wait-for && \
  chmod +x /wait-for && \
- python3 -m pip install pdm debugpy && \
+ python3 -m pip install --no-cache-dir pdm==2.9.2 && \
  rm -rf /var/lib/apt/lists/*
 
 WORKDIR ${APP_DIR}