Add dockerfile-lint

16643c18 · Douglas Lagemann · 8d7b8e0f · 16643c18 · 16643c18 · 16643c18
Verified Commit 16643c18 authored 3 months ago by Douglas Lagemann
--- a/docker/pipeline-jobs/docker-compose-dockerfile-lint.yml
+++ b/docker/pipeline-jobs/docker-compose-dockerfile-lint.yml
@@ -10,6 +10,7 @@ services:
      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/dockerfile-lint
      - SCAN_DIR=/app
      - CI_JOB_NAME=dockerfile-lint<<subProject>>
+      - DOCKERFILE_LOC=Dockerfile
    volumes:
      - ./:/root
      - ./<<projectName>><<subProject>>:/app
--- a/formulas/baselines/universal.yml
+++ b/formulas/baselines/universal.yml
@@ -5,6 +5,8 @@ pipeline:
  pipelineJobs:
    trufflehog:
      composeFile: docker/pipeline-jobs/docker-compose-trufflehog.yml
+    dockerfile-lint:
+      composeFile: docker/pipeline-jobs/docker-compose-dockerfile-lint.yml

 getLocalDevDirs:
  - from: root
@@ -13,6 +15,8 @@ getLocalDevDirs:
    to: config
  - from: scripts/trufflehog
    to: scripts/trufflehog
+  - from: scripts/dockerfile-lint
+    to: scripts/dockerfile-lint

 getLocalDevFiles:
  - from: scripts/setup.sh

--- a/scripts/dockerfile-lint/entrypoint.sh
+++ b/scripts/dockerfile-lint/entrypoint.sh
-'${SCRIPTS_DIR}/monitor/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job URL: ${CI_JOB_URL}"'
-echo "removing any existing hadolint config."
-rm -rf .config/hadolint.yml .config/hadolint.yaml
-hadolint $APPROVED_REGISTRY $DOCKERFILE_LOC --failure-threshold warning | tee ${REPORTS_DIR}/${CI_JOB_NAME}.out
+#!/bin/bash
+
+mkdir -p ${REPORTS_DIR}
+rm -f ${REPORTS_DIR}/*
+${SCRIPTS_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job run in local dev"
+set -o pipefail
+hadolint $APPROVED_REGISTRY $SCAN_DIR/$DOCKERFILE_LOC --failure-threshold warning | tee ${REPORTS_DIR}/${CI_JOB_NAME}.out

 if [ "$?" == "0" ]; then
  ${SCRIPTS_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s pass -r pass
 else
  if [ -s "${REPORTS_DIR}/${CI_JOB_NAME}.out" ]; then
-    ${SCRIPTS_DIR}/monitor/monitorstatus.sh -j ${CI_JOB_NAME} -r findings -l "${CI_JOB_NAME} process found findings, check job for details"
+    ${SCRIPTS_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -r findings -l "${CI_JOB_NAME} process found findings, check job for details"
  fi
  exit 1
 fi
--- a/scripts/dockerfile-lint/monitorstatus.sh
+++ b/scripts/dockerfile-lint/monitorstatus.sh
 #!/bin/bash

-LOG_DIR="${REPORTS_DIR}"
+LOG_DIR="${REPORTS_DIR}/"
 LOG_NAME="monitor_status"
 LOG_EXT=".yaml"
 LOG_FILE="${LOG_DIR}${LOG_NAME}${LOG_EXT}"