Conversation
kke
force-pushed
the
hadolint-action
branch
5 times, most recently
from
c06f788 to
bfa6203
Compare
Signed-off-by: Kimmo Lehto <kimmo.lehto@gmail.com> Signed-off-by: Kimmo Lehto <klehto@mirantis.com>
Signed-off-by: Kimmo Lehto <kimmo.lehto@gmail.com> Signed-off-by: Kimmo Lehto <klehto@mirantis.com>
Hadolint:
|
|
A bit ugly, I guess it could be scripted to create proper review comments. Maybe https://github.com/reviewdog/action-hadolint would be easier to set up. |
twz123
left a comment
twz123
left a comment
There was a problem hiding this comment.
Can we disable some warnings?
DL3018 warning: Pin versions in apk add. Instead of
apk add <package>useapk add <package>=<version>
You really only want that if you have some bot that maintains the package versions, or if you're using your own mirror. Otherwise, this will break the build, as old packages get garbage collected from the main Alpine repos.
DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
or disable this check yes, please 😄
DL3008 warning: Pin versions in apt get install. Instead of
apt-get install <package>useapt-get install <package>=<version>
Not sure about the Ubuntu package repos. How long do they provide older packages?
| @@ -1,3 +1,5 @@ | |||
| # dummy change to trigger workflow | |||
There was a problem hiding this comment.
I get this is only for testing the workflow added in this PR, but that will also trigger a rebuild when this PR gets merged, overwriting the already built tag in the registry. We need to remove that before merging.
2 participants
Uses https://github.com/hadolint/hadolint
Seems to create quite a lot of issues locally