Dockerfile cleaning (#458)

* Add `Dockerfile` linting with `hadolint` * Fix minor `Dockerfile` issues found by `hadolint`
openstreetmap · Jul 10, 2024 · 3a633e6 · 3a633e6
1 parent 41b882e
commit 3a633e6
Show file tree

Hide file tree

Showing 12 changed files with 143 additions and 94 deletions.
diff --git a/.github/workflows/docker-image-build.yml b/.github/workflows/docker-image-build.yml
@@ -9,9 +9,24 @@ on:
       - ".github/workflows/docker-image-build.yml"
 
 jobs:
+  dockerfile-lint:
+    name: Lint Dockerfiles
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Lint with hadolint
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile*
+          failure-threshold: warning
+          recursive: true
+
   docker-image-build:
     continue-on-error: ${{ matrix.experimental || false }}
     name: Build & Test (${{ matrix.service-name }})
+    needs: dockerfile-lint
     runs-on: ubuntu-latest
     strategy:
       matrix:

diff --git a/docker/archlinux/Dockerfile b/docker/archlinux/Dockerfile
@@ -1,12 +1,17 @@
+# hadolint global ignore=DL3025,DL3059
 # Arguments
+ARG archlinux_version=latest
 ARG runner_additional_packages
 
 # Builder
-FROM archlinux:latest as builder
+FROM archlinux:${archlinux_version} AS builder
+
+## Arguments
+ARG archlinux_version
 
 ## Install builder dependencies
-RUN --mount=id=archlinux:latest-/var/cache/pacman/pkg,sharing=locked,target=/var/cache/pacman/pkg,type=cache \
-    --mount=id=archlinux:latest-/var/lib/pacman/sync,sharing=locked,target=/var/lib/pacman/sync,type=cache \
+RUN --mount=type=cache,sharing=locked,id=archlinux:${archlinux_version}-/var/cache/pacman/pkg,target=/var/cache/pacman/pkg \
+    --mount=type=cache,sharing=locked,id=archlinux:${archlinux_version}-/var/lib/pacman/sync,target=/var/lib/pacman/sync \
     pacman --sync --refresh --sysupgrade --noconfirm \
         apache \
         apr \
@@ -29,7 +34,7 @@ RUN --mount=id=archlinux:latest-/var/cache/pacman/pkg,sharing=locked,target=/var
 ## Build, Test & Install `mod_tile`
 COPY . /tmp/mod_tile_src
 WORKDIR /tmp/mod_tile_build
-RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
+RUN CMAKE_BUILD_PARALLEL_LEVEL="$(nproc)" && export CMAKE_BUILD_PARALLEL_LEVEL && \
     cmake -B . -S /tmp/mod_tile_src \
         -DCMAKE_BUILD_TYPE:STRING=Release \
         -DCMAKE_CXX_STANDARD:STRING=17 \
@@ -39,20 +44,21 @@ RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
         -DCMAKE_INSTALL_SYSCONFDIR:PATH=/etc \
         -DENABLE_TESTS:BOOL=ON && \
     cmake --build .
-RUN export CTEST_PARALLEL_LEVEL=$(nproc) && \
+RUN CTEST_PARALLEL_LEVEL="$(nproc)" && export CTEST_PARALLEL_LEVEL && \
     ctest --output-on-failure
 RUN export DESTDIR=/tmp/mod_tile && \
     cmake --install . --strip
 
 # Runner
-FROM archlinux:latest as runner
+FROM archlinux:${archlinux_version} AS runner
 
 ## Arguments
+ARG archlinux_version
 ARG runner_additional_packages
 
 ## Install runner dependencies
-RUN --mount=id=archlinux:latest-/var/cache/pacman/pkg,sharing=locked,target=/var/cache/pacman/pkg,type=cache \
-    --mount=id=archlinux:latest-/var/lib/pacman/sync,sharing=locked,target=/var/lib/pacman/sync,type=cache \
+RUN --mount=type=cache,sharing=locked,id=archlinux:${archlinux_version}-/var/cache/pacman/pkg,target=/var/cache/pacman/pkg \
+    --mount=type=cache,sharing=locked,id=archlinux:${archlinux_version}-/var/lib/pacman/sync,target=/var/lib/pacman/sync \
     pacman --sync --refresh --sysupgrade --noconfirm ${runner_additional_packages} \
         apache \
         cairo \

diff --git a/docker/centos/stream/Dockerfile b/docker/centos/stream/Dockerfile
@@ -1,18 +1,19 @@
+# hadolint global ignore=DL3025,DL3040,DL3041,DL3059
 # Arguments
 ARG centos_stream_version=9
 ARG extra_repository=crb
 ARG mapnik_version=4.0.0
 
 # Mapnik Builder
-FROM quay.io/centos/centos:stream${centos_stream_version} as mapnik-builder
+FROM quay.io/centos/centos:stream${centos_stream_version} AS mapnik-builder
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 ARG mapnik_version
 
 ## Install mapnik-builder dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -43,14 +44,14 @@ RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/
 
 ## Download, Build & Install `Mapnik`
 WORKDIR /tmp/mapnik_src
-RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src,type=cache \
+RUN --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src \
     if [ ! -f CMakeLists.txt ]; then \
         git clone --branch v${mapnik_version} --depth 1 --jobs 8 --recurse-submodules https://github.com/mapnik/mapnik.git /tmp/mapnik_src; \
     fi
 WORKDIR /tmp/mapnik_build
-RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src,type=cache \
-    --mount=id=centos:stream${centos_stream_version}-mapnik-build:${mapnik_version},target=/tmp/mapnik_build,type=cache \
-    export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
+RUN --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src \
+    --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-build:${mapnik_version},target=/tmp/mapnik_build \
+    CMAKE_BUILD_PARALLEL_LEVEL="$(nproc)" && export CMAKE_BUILD_PARALLEL_LEVEL && \
     export DESTDIR=/tmp/mapnik && \
     cmake -B . -S /tmp/mapnik_src \
         -DBUILD_BENCHMARK:BOOL=OFF \
@@ -70,14 +71,14 @@ RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version
     cmake --install . --strip
 
 # Builder
-FROM quay.io/centos/centos:stream${centos_stream_version} as builder
+FROM quay.io/centos/centos:stream${centos_stream_version} AS builder
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install builder dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -117,7 +118,7 @@ COPY --from=mapnik-builder /tmp/mapnik /
 ## Build, Test & Install `mod_tile`
 COPY . /tmp/mod_tile_src
 WORKDIR /tmp/mod_tile_build
-RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
+RUN CMAKE_BUILD_PARALLEL_LEVEL="$(nproc)" && export CMAKE_BUILD_PARALLEL_LEVEL && \
     cmake -B . -S /tmp/mod_tile_src \
         -DCMAKE_BUILD_TYPE:STRING=Release \
         -DCMAKE_INSTALL_LOCALSTATEDIR:PATH=/var \
@@ -126,20 +127,20 @@ RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
         -DCMAKE_INSTALL_SYSCONFDIR:PATH=/etc \
         -DENABLE_TESTS:BOOL=ON && \
     cmake --build .
-RUN export CTEST_PARALLEL_LEVEL=$(nproc) && \
+RUN CTEST_PARALLEL_LEVEL="$(nproc)" && export CTEST_PARALLEL_LEVEL && \
     ctest --output-on-failure
 RUN export DESTDIR=/tmp/mod_tile && \
     cmake --install . --strip
 
 # Runner
-FROM quay.io/centos/centos:stream${centos_stream_version} as runner
+FROM quay.io/centos/centos:stream${centos_stream_version} AS runner
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install runner dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \

diff --git a/docker/centos/stream/Dockerfile.autotools b/docker/centos/stream/Dockerfile.autotools
@@ -1,18 +1,19 @@
+# hadolint global ignore=DL3025,DL3040,DL3041,DL3059
 # Arguments
 ARG centos_stream_version=9
 ARG extra_repository=crb
 ARG mapnik_version=4.0.0
 
 # Mapnik Builder
-FROM quay.io/centos/centos:stream${centos_stream_version} as mapnik-builder
+FROM quay.io/centos/centos:stream${centos_stream_version} AS mapnik-builder
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 ARG mapnik_version
 
 ## Install mapnik-builder dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -43,14 +44,14 @@ RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/
 
 ## Download, Build & Install `Mapnik`
 WORKDIR /tmp/mapnik_src
-RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src,type=cache \
+RUN --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src \
     if [ ! -f CMakeLists.txt ]; then \
         git clone --branch v${mapnik_version} --depth 1 --jobs 8 --recurse-submodules https://github.com/mapnik/mapnik.git /tmp/mapnik_src; \
     fi
 WORKDIR /tmp/mapnik_build
-RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src,type=cache \
-    --mount=id=centos:stream${centos_stream_version}-mapnik-build:${mapnik_version},target=/tmp/mapnik_build,type=cache \
-    export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
+RUN --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version},target=/tmp/mapnik_src \
+    --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-build:${mapnik_version},target=/tmp/mapnik_build \
+    CMAKE_BUILD_PARALLEL_LEVEL="$(nproc)" && export CMAKE_BUILD_PARALLEL_LEVEL && \
     export DESTDIR=/tmp/mapnik && \
     cmake -B . -S /tmp/mapnik_src \
         -DBUILD_BENCHMARK:BOOL=OFF \
@@ -70,14 +71,14 @@ RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:${mapnik_version
     cmake --install . --strip
 
 # Builder
-FROM quay.io/centos/centos:stream${centos_stream_version} as builder
+FROM quay.io/centos/centos:stream${centos_stream_version} AS builder
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install builder dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -121,14 +122,14 @@ RUN export DESTDIR=/tmp/mod_tile && \
 RUN make test
 
 # Runner
-FROM quay.io/centos/centos:stream${centos_stream_version} as runner
+FROM quay.io/centos/centos:stream${centos_stream_version} AS runner
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install runner dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -162,13 +163,15 @@ COPY --from=builder \
     /etc/httpd/conf.d/renderd-example-map.conf
 
 ## Fix mapnik directories
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN sed \
         --expression "s#/usr/lib/mapnik/3.1/input#$(find /usr -mindepth 1 -type d -name input | grep mapnik)#g" \
         --expression "s#/usr/share/fonts/truetype#/usr/share/fonts#g" \
         /usr/local/etc/renderd.conf > /etc/renderd.conf
+SHELL ["/bin/sh", "-c"]
 
 ## Add configuration
-RUN printf "LoadModule tile_module $(find /usr -name mod_tile.so)\n" > /etc/httpd/conf.modules.d/11-tile.conf
+RUN printf "LoadModule tile_module %s\n" "$(find /usr -name mod_tile.so)" > /etc/httpd/conf.modules.d/11-tile.conf
 RUN printf '\n[example-map]\nMAXZOOM=20\nMINZOOM=0\nURI=/tiles/renderd-example\nXML=/usr/share/renderd/example-map/mapnik.xml\n' >> /etc/renderd.conf
 RUN printf '\n[example-map-jpg]\nMAXZOOM=20\nMINZOOM=0\nTYPE=jpg image/jpeg jpeg\nURI=/tiles/renderd-example-jpg\nXML=/usr/share/renderd/example-map/mapnik.xml\n' >> /etc/renderd.conf
 RUN printf '\n[example-map-png256]\nMAXZOOM=20\nMINZOOM=0\nTYPE=png image/png png256\nURI=/tiles/renderd-example-png256\nXML=/usr/share/renderd/example-map/mapnik.xml\n' >> /etc/renderd.conf

diff --git a/docker/centos/stream/Dockerfile.mapnik-latest b/docker/centos/stream/Dockerfile.mapnik-latest
@@ -1,16 +1,17 @@
+# hadolint global ignore=DL3025,DL3040,DL3041,DL3059
 # Arguments
 ARG centos_stream_version=9
 ARG extra_repository=crb
 
 # Mapnik Builder
-FROM quay.io/centos/centos:stream${centos_stream_version} as mapnik-builder
+FROM quay.io/centos/centos:stream${centos_stream_version} AS mapnik-builder
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install mapnik-builder dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -41,14 +42,14 @@ RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/
 
 ## Download, Build & Install `Mapnik`
 WORKDIR /tmp/mapnik_src
-RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:latest,target=/tmp/mapnik_src,type=cache \
+RUN --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-src:latest,target=/tmp/mapnik_src \
     if [ ! -f CMakeLists.txt ]; then \
         git clone --depth 1 --jobs 8 --recurse-submodules https://github.com/mapnik/mapnik.git /tmp/mapnik_src; \
     fi
 WORKDIR /tmp/mapnik_build
-RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:latest,target=/tmp/mapnik_src,type=cache \
-    --mount=id=centos:stream${centos_stream_version}-mapnik-build:latest,target=/tmp/mapnik_build,type=cache \
-    export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
+RUN --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-src:latest,target=/tmp/mapnik_src \
+    --mount=type=cache,id=centos:stream${centos_stream_version}-mapnik-build:latest,target=/tmp/mapnik_build \
+    CMAKE_BUILD_PARALLEL_LEVEL="$(nproc)" && export CMAKE_BUILD_PARALLEL_LEVEL && \
     export DESTDIR=/tmp/mapnik && \
     cmake -B . -S /tmp/mapnik_src \
         -DBUILD_BENCHMARK:BOOL=OFF \
@@ -68,14 +69,14 @@ RUN --mount=id=centos:stream${centos_stream_version}-mapnik-src:latest,target=/t
     cmake --install . --strip
 
 # Builder
-FROM quay.io/centos/centos:stream${centos_stream_version} as builder
+FROM quay.io/centos/centos:stream${centos_stream_version} AS builder
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install builder dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \
@@ -115,7 +116,7 @@ COPY --from=mapnik-builder /tmp/mapnik /
 ## Build & Install `mod_tile`
 COPY . /tmp/mod_tile_src
 WORKDIR /tmp/mod_tile_build
-RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
+RUN CMAKE_BUILD_PARALLEL_LEVEL="$(nproc)" && export CMAKE_BUILD_PARALLEL_LEVEL && \
     cmake -B . -S /tmp/mod_tile_src \
         -DCMAKE_BUILD_TYPE:STRING=Release \
         -DCMAKE_INSTALL_LOCALSTATEDIR:PATH=/var \
@@ -124,20 +125,20 @@ RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) && \
         -DCMAKE_INSTALL_SYSCONFDIR:PATH=/etc \
         -DENABLE_TESTS:BOOL=ON && \
     cmake --build .
-RUN export CTEST_PARALLEL_LEVEL=$(nproc) && \
+RUN CTEST_PARALLEL_LEVEL="$(nproc)" && export CTEST_PARALLEL_LEVEL && \
     ctest --output-on-failure
 RUN export DESTDIR=/tmp/mod_tile && \
     cmake --install . --strip
 
 # Runner
-FROM quay.io/centos/centos:stream${centos_stream_version} as runner
+FROM quay.io/centos/centos:stream${centos_stream_version} AS runner
 
 ## Arguments
 ARG centos_stream_version
 ARG extra_repository
 
 ## Install runner dependencies
-RUN --mount=id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf,type=cache,sharing=locked \
+RUN --mount=type=cache,sharing=locked,id=centos:stream${centos_stream_version}-/var/cache/dnf,target=/var/cache/dnf \
     echo "install_weak_deps=False" >> /etc/dnf/dnf.conf && \
     echo "keepcache=True" >> /etc/dnf/dnf.conf && \
     dnf --assumeyes install "dnf-command(config-manager)" && \