First lint + fix implemented

e3558be9 · Romain · c76996e2 · e3558be9 · e3558be9 · e3558be9
Commit e3558be9 authored May 28, 2020 by Romain
Showing with 92 additions and 2 deletions

Makefile Makefile +18 -0

base-notebook/Dockerfile base-notebook/Dockerfile +9 -2

docs/contributing/lint.md docs/contributing/lint.md +64 -0

docs/index.rst docs/index.rst +1 -0

No files found.
--- a/Makefile
+++ b/Makefile
@@ -24,6 +24,9 @@ endif

 ALL_IMAGES:=$(ALL_STACKS)

+# Linter
+HADOLINT="${HOME}/hadolint"
+
 help:
 # http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
 	@echo "jupyter/docker-stacks"
@@ -71,6 +74,21 @@ dev/%: ## run a foreground container for a stack
 dev-env: ## install libraries required to build docs and run tests
 	pip install -r requirements-dev.txt

+lint/%: ARGS?=
+lint/%: ## lint the dockerfile(s) for a stack
+	@echo "Linting Dockerfiles in $(notdir $@)..."
+	git ls-files --exclude='Dockerfile*' --ignored $(notdir $@) | grep -v ppc64 | xargs -L 1 $(HADOLINT) $(ARGS)
+	@echo "Linting done!"
+
+lint-all: $(foreach I,$(ALL_IMAGES),lint/$(I) ) ## lint all stacks
+
+lint-install: ## install hadolint
+	@echo "Installing hadolint at $(HADOLINT) ..."
+	@curl -sL -o $(HADOLINT) "https://github.com/hadolint/hadolint/releases/download/v1.17.6/hadolint-$(shell uname -s)-$(shell uname -m)"
+	$(shell chmod 700 ${HADOLINT})
+	@echo "Installation done!"
+	@$(HADOLINT) --version
+
 img-clean: img-rm-dang img-rm ## clean dangling and jupyter images

 img-list: ## list jupyter images

--- a/base-notebook/Dockerfile
+++ b/base-notebook/Dockerfile
@@ -6,6 +6,7 @@
 # OS/ARCH: linux/amd64
 ARG ROOT_CONTAINER=ubuntu:bionic-20200403@sha256:b58746c8a89938b8c9f5b77de3b8cf1fe78210c696ab03a1442e235eea65d84f
 ARG BASE_CONTAINER=$ROOT_CONTAINER
+# hadolint ignore=DL3006
 FROM $BASE_CONTAINER

 LABEL maintainer="Jupyter Project <jupyter@googlegroups.com>"
@@ -13,11 +14,15 @@ ARG NB_USER="jovyan"
 ARG NB_UID="1000"
 ARG NB_GID="100"

+# Fix DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 USER root

 # Install all OS dependencies for notebook server that starts but lacks all
 # features (e.g., download as all possible file formats)
 ENV DEBIAN_FRONTEND noninteractive
+# hadolint ignore=DL3008
 RUN apt-get update \
 && apt-get install -yq --no-install-recommends \
    wget \
@@ -76,8 +81,8 @@ ENV MINICONDA_VERSION=4.8.2 \
    MINICONDA_MD5=87e77f097f6ebb5127c77662dfc3165e \
    CONDA_VERSION=4.8.2

-RUN cd /tmp && \
-    wget --quiet https://repo.continuum.io/miniconda/Miniconda3-py37_${MINICONDA_VERSION}-Linux-x86_64.sh && \
+WORKDIR /tmp
+RUN wget --quiet https://repo.continuum.io/miniconda/Miniconda3-py37_${MINICONDA_VERSION}-Linux-x86_64.sh && \
    echo "${MINICONDA_MD5} *Miniconda3-py37_${MINICONDA_VERSION}-Linux-x86_64.sh" | md5sum -c - && \
    /bin/bash Miniconda3-py37_${MINICONDA_VERSION}-Linux-x86_64.sh -f -b -p $CONDA_DIR && \
    rm Miniconda3-py37_${MINICONDA_VERSION}-Linux-x86_64.sh && \
@@ -137,3 +142,5 @@ RUN fix-permissions /etc/jupyter/

 # Switch back to jovyan to avoid accidental container runs as root
 USER $NB_UID
+
+WORKDIR $HOME
\ No newline at end of file
--- a/docs/contributing/lint.md
+++ b/docs/contributing/lint.md
+# Image Lint
+
+We are using the [Hadolint][LK1] tool to analyse each `Dockerfile` to comply with [Docker best practices][LK2].
+
+## Install
+
+There is a specific make target to install the linter.
+By default `hadolint` will be installed in `${HOME}/hadolint`.
+
+```bash
+$ make lint-install
+
+# Installing hadolint at /Users/romain/hadolint ...
+# Installation done!
+# Haskell Dockerfile Linter v1.17.6-0-gc918759
+```
+
+## Lint
+
+The linter can be run per stack `make lint/<stack>`
+
+```bash
+$ make lint/scipy-notebook  
+
+# Linting Dockerfiles in scipy-notebook...
+# scipy-notebook/Dockerfile:4 DL3006 Always tag the version of an image explicitly
+# scipy-notebook/Dockerfile:11 DL3008 Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+# scipy-notebook/Dockerfile:18 SC2086 Double quote to prevent globbing and word splitting.
+# scipy-notebook/Dockerfile:68 SC2086 Double quote to prevent globbing and word splitting.
+# scipy-notebook/Dockerfile:68 DL3003 Use WORKDIR to switch to a directory
+# scipy-notebook/Dockerfile:79 SC2086 Double quote to prevent globbing and word splitting.
+# make: *** [lint/scipy-notebook] Error 1
+```
+
+Optionally you can pass arguments to the linter.
+
+```bash
+# Use a different export format
+$ make lint/scipy-notebook ARGS="--format codeclimate"  
+```
+
+To lint all the stacks.
+
+```bash
+$ make lint-all
+```
+
+## Ignore Rules
+
+Sometimes it's necessary to ignore [some rules][LK3]. The preferred way is to do it in the `Dockerfile`.
+
+> It is also possible to ignore rules by using a special comment directly above the Dockerfile instruction you want to make an exception for. Ignore rule comments look like `# hadolint ignore=DL3001,SC1081.` For example:
+
+```dockerfile
+# hadolint ignore=DL3006
+FROM ubuntu
+
+# hadolint ignore=DL3003,SC1035
+RUN cd /tmp && echo "hello!"
+```
+
+[LK1]: https://github.com/hadolint/hadolint
+[LK2]: https://docs.docker.com/develop/develop-images/dockerfile_best-practices
+[LK3]: https://github.com/hadolint/hadolint#rules
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -47,6 +47,7 @@ Table of Contents
   contributing/packages
   contributing/recipes
   contributing/translations
+   contributing/lint
   contributing/tests
   contributing/features
   contributing/stacks