From bb0c638e484ceeacecf0d945d2d84d11717c1236 Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:18:56 +0000 Subject: [PATCH 01/10] Fix Dockerfile casing warning and add GitHub Action for validation - Fixed chmod command to use absolute path /notify-pr.sh instead of relative path - Added comprehensive GitHub Action workflow to validate Dockerfile builds - Includes Dockerfile linting with hadolint - Tests image build and basic functionality --- .github/workflows/dockerfile-validation.yml | 54 +++++++++++++++++++++ Dockerfile | 2 +- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/dockerfile-validation.yml diff --git a/.github/workflows/dockerfile-validation.yml b/.github/workflows/dockerfile-validation.yml new file mode 100644 index 0000000..3a32197 --- /dev/null +++ b/.github/workflows/dockerfile-validation.yml @@ -0,0 +1,54 @@ +name: Dockerfile Validation + +on: + push: + branches: [ main, master ] + paths: + - 'Dockerfile' + - '.github/workflows/dockerfile-validation.yml' + pull_request: + branches: [ main, master ] + paths: + - 'Dockerfile' + - '.github/workflows/dockerfile-validation.yml' + +jobs: + validate-dockerfile: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Lint Dockerfile + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + failure-threshold: warning + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: false + tags: test-build:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Test Docker image + run: | + # Test that the image was built successfully + docker images test-build:latest + + # Test that the entrypoint exists and is executable + docker run --rm test-build:latest /bin/sh -c "test -x /entrypoint.sh && echo 'Entrypoint is executable'" + + # Test that required binaries are present + docker run --rm test-build:latest /bin/sh -c "which okteto && which jq && which ruby" + + # Test basic functionality (if the entrypoint accepts --help) + docker run --rm test-build:latest --help || echo "Container executed successfully" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 9b9b3b6..aaa19e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ FROM ruby:3-slim-buster RUN gem install octokit faraday-retry COPY notify-pr.sh /notify-pr.sh -RUN chmod +x notify-pr.sh +RUN chmod +x /notify-pr.sh COPY --from=message-builder /usr/bin/jq /usr/bin/jq COPY entrypoint.sh /entrypoint.sh COPY --from=message-builder /message /message From 8a8ec7c8925ea7aa3df6cd9a3562b446728492fd Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:19:37 +0000 Subject: [PATCH 02/10] Add local Dockerfile validation script and update README - Added validate-dockerfile.sh script for local testing - Updated README with development section explaining validation process - Provides both automated CI validation and local testing capabilities --- README.md | 19 ++++++++++++ validate-dockerfile.sh | 66 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100755 validate-dockerfile.sh diff --git a/README.md b/README.md index 13d867d..e06a02c 100644 --- a/README.md +++ b/README.md @@ -113,3 +113,22 @@ jobs: name: dev-previews timeout: 15m ``` + +## Development + +### Dockerfile Validation + +This repository includes automated validation for the Dockerfile to ensure it always builds successfully: + +- **GitHub Action**: The `.github/workflows/dockerfile-validation.yml` workflow automatically runs on every push and pull request that modifies the Dockerfile +- **Local Validation**: Use the `validate-dockerfile.sh` script to test the Dockerfile locally before pushing: + ```bash + ./validate-dockerfile.sh + ``` + +The validation includes: +- Dockerfile linting with [hadolint](https://github.com/hadolint/hadolint) +- Building the Docker image +- Testing that the container runs successfully +- Verifying that required binaries are present +- Checking that the entrypoint is executable diff --git a/validate-dockerfile.sh b/validate-dockerfile.sh new file mode 100755 index 0000000..b3eeb94 --- /dev/null +++ b/validate-dockerfile.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# Script to validate Dockerfile locally +# This script can be run locally to test the Dockerfile before pushing + +set -e + +echo "๐Ÿ” Validating Dockerfile..." + +# Check if Docker is available +if ! command -v docker &> /dev/null; then + echo "โŒ Docker is not installed or not in PATH" + exit 1 +fi + +# Check if Dockerfile exists +if [ ! -f "Dockerfile" ]; then + echo "โŒ Dockerfile not found in current directory" + exit 1 +fi + +echo "โœ… Docker is available" +echo "โœ… Dockerfile found" + +# Build the Docker image +echo "๐Ÿ—๏ธ Building Docker image..." +if docker build -t dockerfile-test:latest .; then + echo "โœ… Docker image built successfully" +else + echo "โŒ Docker build failed" + exit 1 +fi + +# Test basic functionality +echo "๐Ÿงช Testing Docker image..." + +# Test that the image runs +if docker run --rm dockerfile-test:latest /bin/sh -c "echo 'Container started successfully'"; then + echo "โœ… Container runs successfully" +else + echo "โŒ Container failed to run" + exit 1 +fi + +# Test that required binaries are present +echo "๐Ÿ” Checking required binaries..." +if docker run --rm dockerfile-test:latest /bin/sh -c "which okteto && which jq && which ruby"; then + echo "โœ… All required binaries are present" +else + echo "โŒ Some required binaries are missing" + exit 1 +fi + +# Test that entrypoint is executable +if docker run --rm dockerfile-test:latest /bin/sh -c "test -x /entrypoint.sh"; then + echo "โœ… Entrypoint is executable" +else + echo "โŒ Entrypoint is not executable" + exit 1 +fi + +# Clean up +echo "๐Ÿงน Cleaning up..." +docker rmi dockerfile-test:latest + +echo "๐ŸŽ‰ All tests passed! Dockerfile is valid." \ No newline at end of file From 7adef66e1c45da847abcdcb9432815dcbc23ef9e Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:20:03 +0000 Subject: [PATCH 03/10] Add hadolint configuration and fix trailing whitespace - Added .hadolint.yaml configuration for Dockerfile linting - Fixed trailing whitespace in ENTRYPOINT instruction - Configured trusted registries and rule overrides for better linting --- .hadolint.yaml | 32 ++++++++++++++++++++++++++++++++ Dockerfile | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 .hadolint.yaml diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..36b32a7 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,32 @@ +# Hadolint configuration for Dockerfile linting +# See: https://github.com/hadolint/hadolint + +# Rules to ignore +ignored: + # DL3008: Pin versions in apt get install + - DL3008 + # DL3009: Delete the apt-get lists after installing something + - DL3009 + # DL3015: Avoid additional packages by specifying `--no-install-recommends` + - DL3015 + +# Rules to treat as warnings instead of errors +warning: + # DL3018: Pin versions in apk add + - DL3018 + # DL3028: Pin versions in gem install + - DL3028 + +# Trusted registries for base images +trustedRegistries: + - docker.io + - okteto + - golang + - ruby + +# Override specific rules +override: + error: [] + warning: [] + info: [] + style: [] \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index aaa19e5..934915b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,4 +20,4 @@ COPY entrypoint.sh /entrypoint.sh COPY --from=message-builder /message /message COPY --from=okteto /usr/local/bin/okteto /usr/local/bin/okteto -ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file From 6a44b5fc88352e659b5c23640c3e558979177b24 Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:23:42 +0000 Subject: [PATCH 04/10] fix casing --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 934915b..6e92b1f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM okteto/okteto:master as okteto +FROM okteto/okteto:master AS okteto -FROM golang:1.24 as message-builder +FROM golang:1.24 AS message-builder RUN curl -L https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 > /usr/bin/jq && \ chmod +x /usr/bin/jq From 7d75750975832bd0f57019d70275d5bb6aca4a04 Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:27:40 +0000 Subject: [PATCH 05/10] Fix Dockerfile linting errors - Added WORKDIR /app before COPY commands to fix DL3045 warnings - Pinned gem versions (octokit:9.2.0, faraday-retry:2.2.1) to fix DL3028 warning - Updated hadolint configuration to remove fixed warnings --- .hadolint.yaml | 2 -- Dockerfile | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index 36b32a7..323f147 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -14,8 +14,6 @@ ignored: warning: # DL3018: Pin versions in apk add - DL3018 - # DL3028: Pin versions in gem install - - DL3028 # Trusted registries for base images trustedRegistries: diff --git a/Dockerfile b/Dockerfile index 6e92b1f..7886896 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ FROM golang:1.24 AS message-builder RUN curl -L https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 > /usr/bin/jq && \ chmod +x /usr/bin/jq +WORKDIR /app COPY go.mod . COPY message.go . RUN go build -o /message . @@ -11,7 +12,7 @@ RUN go build -o /message . FROM ruby:3-slim-buster -RUN gem install octokit faraday-retry +RUN gem install octokit:9.2.0 faraday-retry:2.2.1 COPY notify-pr.sh /notify-pr.sh RUN chmod +x /notify-pr.sh From b5d4ca77af942d974e60b976576d0ca791e39bdf Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:28:43 +0000 Subject: [PATCH 06/10] Update gem versions to latest - Updated octokit to v10.0.0 - Updated faraday-retry to v2.3.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7886896..40d5d47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN go build -o /message . FROM ruby:3-slim-buster -RUN gem install octokit:9.2.0 faraday-retry:2.2.1 +RUN gem install octokit:10.0.0 faraday-retry:2.3.2 COPY notify-pr.sh /notify-pr.sh RUN chmod +x /notify-pr.sh From ffa2233af2560742654daaca9207270f1aa52576 Mon Sep 17 00:00:00 2001 From: rberrelleza Date: Thu, 19 Jun 2025 22:31:48 +0000 Subject: [PATCH 07/10] build image in action --- .github/workflows/dockerfile-validation.yml | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/.github/workflows/dockerfile-validation.yml b/.github/workflows/dockerfile-validation.yml index 3a32197..f941f66 100644 --- a/.github/workflows/dockerfile-validation.yml +++ b/.github/workflows/dockerfile-validation.yml @@ -37,18 +37,4 @@ jobs: push: false tags: test-build:latest cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Test Docker image - run: | - # Test that the image was built successfully - docker images test-build:latest - - # Test that the entrypoint exists and is executable - docker run --rm test-build:latest /bin/sh -c "test -x /entrypoint.sh && echo 'Entrypoint is executable'" - - # Test that required binaries are present - docker run --rm test-build:latest /bin/sh -c "which okteto && which jq && which ruby" - - # Test basic functionality (if the entrypoint accepts --help) - docker run --rm test-build:latest --help || echo "Container executed successfully" \ No newline at end of file + cache-to: type=gha,mode=max \ No newline at end of file From 7d4a424b72b0a471d8db6e4a85f95512bc0c0d6f Mon Sep 17 00:00:00 2001 From: Ramiro Berrelleza Date: Fri, 20 Jun 2025 10:47:42 -0700 Subject: [PATCH 08/10] Apply suggestions from code review Co-authored-by: Ignacio Fuertes --- .github/workflows/dockerfile-validation.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dockerfile-validation.yml b/.github/workflows/dockerfile-validation.yml index f941f66..5f8d3ac 100644 --- a/.github/workflows/dockerfile-validation.yml +++ b/.github/workflows/dockerfile-validation.yml @@ -2,12 +2,12 @@ name: Dockerfile Validation on: push: - branches: [ main, master ] + branches: [ main ] paths: - 'Dockerfile' - '.github/workflows/dockerfile-validation.yml' pull_request: - branches: [ main, master ] + branches: [ main ] paths: - 'Dockerfile' - '.github/workflows/dockerfile-validation.yml' From dc6a44d73c6d15dcff690c8342887fc4a127f8e4 Mon Sep 17 00:00:00 2001 From: Ramiro Berrelleza Date: Mon, 2 Mar 2026 20:24:21 +0200 Subject: [PATCH 09/10] Update trusted registry for Okteto to ghcr.io --- .hadolint.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index 323f147..651f73c 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -18,7 +18,7 @@ warning: # Trusted registries for base images trustedRegistries: - docker.io - - okteto + - ghcr.io/okteto - golang - ruby @@ -27,4 +27,4 @@ override: error: [] warning: [] info: [] - style: [] \ No newline at end of file + style: [] From 355d9832e6eef8d030e4c02ea79674d1acb772df Mon Sep 17 00:00:00 2001 From: Ramiro Berrelleza Date: Mon, 2 Mar 2026 20:31:21 +0200 Subject: [PATCH 10/10] Update trusted registries in .hadolint.yaml Removed specific trusted registries and kept only 'ghcr.io'. --- .hadolint.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index 651f73c..fb37a90 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -18,9 +18,7 @@ warning: # Trusted registries for base images trustedRegistries: - docker.io - - ghcr.io/okteto - - golang - - ruby + - ghcr.io # Override specific rules override: