From 7da021374ca857ae5dfc07d53e15e03b85ea57df Mon Sep 17 00:00:00 2001 From: Totto16 Date: Tue, 17 Dec 2024 17:56:03 +0100 Subject: [PATCH 1/4] feat: update hadolint-action version this comes with some improvements and a new hadolint version --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1b6b9a4..9e430d1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,6 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: hadolint/hadolint-action@v1.6.0 + - uses: hadolint/hadolint-action@v3.1.0 with: recursive: true From ddc968eaffa424260882f6986f427e3867be76bf Mon Sep 17 00:00:00 2001 From: Totto16 Date: Tue, 17 Dec 2024 17:58:04 +0100 Subject: [PATCH 2/4] fix: use ubuntu-24.04 as image use explicitly tagged image instead of ubuntu-latest, as that may be changed and therefore potentially make the ci fail without any changes and only the passing of time --- .github/workflows/debian.yml | 4 ++-- .github/workflows/lint.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 98df3b8..0222434 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -19,7 +19,7 @@ concurrency: jobs: build-smoke-test: timeout-minutes: 30 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 name: ${{ matrix.ghc }}-${{ matrix.deb }} strategy: fail-fast: false @@ -78,7 +78,7 @@ jobs: emulated-architecture-tests: timeout-minutes: 60 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 name: ${{ matrix.arch }}-${{ matrix.ghc }}-${{ matrix.deb }} strategy: fail-fast: false diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9e430d1..c888f86 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ on: jobs: hadolint: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: hadolint/hadolint-action@v3.1.0 From e75a832f13a2461fd8a255f67f8b60ed9cb7426b Mon Sep 17 00:00:00 2001 From: Totto16 Date: Tue, 17 Dec 2024 18:42:30 +0100 Subject: [PATCH 3/4] ci: make checks into errors instead of warnings skip the check SecretsUsedInArgOrEnv, since it is a false positive in all cases in this repo --- .github/workflows/debian.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 0222434..2b9581d 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -68,7 +68,8 @@ jobs: command: | docker build --pull \ -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ - ${{ matrix.ghc_minor }}/${{ matrix.deb }} + ${{ matrix.ghc_minor }}/${{ matrix.deb }} \ + --build-arg "BUILDKIT_DOCKERFILE_CHECK=skip=SecretsUsedInArgOrEnv;error=true" - uses: actions/checkout@v4 with: repository: docker-library/official-images @@ -135,7 +136,8 @@ jobs: docker build --pull --progress=plain \ --platform "linux/${{ matrix.docker_platform }}" \ -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ - ${{ matrix.ghc_minor }}/${{ matrix.deb }} + ${{ matrix.ghc_minor }}/${{ matrix.deb }} \ + --build-arg "BUILDKIT_DOCKERFILE_CHECK=skip=SecretsUsedInArgOrEnv;error=true" echo 'testing..' docker run \ --platform "linux/${{ matrix.docker_platform }}" \ From e462b9ee14e37895cee97ffc17da6a1b1ee85f4b Mon Sep 17 00:00:00 2001 From: Totto16 Date: Tue, 17 Dec 2024 18:44:31 +0100 Subject: [PATCH 4/4] fix: fix LegacyKeyValueFormat checks in docker files --- 9.0/buster/Dockerfile | 4 ++-- 9.0/slim-buster/Dockerfile | 4 ++-- 9.10/bullseye/Dockerfile | 4 ++-- 9.10/buster/Dockerfile | 4 ++-- 9.10/slim-bullseye/Dockerfile | 4 ++-- 9.10/slim-buster/Dockerfile | 4 ++-- 9.2/buster/Dockerfile | 4 ++-- 9.2/slim-buster/Dockerfile | 4 ++-- 9.4/buster/Dockerfile | 4 ++-- 9.4/slim-buster/Dockerfile | 4 ++-- 9.6/bullseye/Dockerfile | 4 ++-- 9.6/buster/Dockerfile | 4 ++-- 9.6/slim-bullseye/Dockerfile | 4 ++-- 9.6/slim-buster/Dockerfile | 4 ++-- 9.8/bullseye/Dockerfile | 4 ++-- 9.8/buster/Dockerfile | 4 ++-- 9.8/slim-bullseye/Dockerfile | 4 ++-- 9.8/slim-buster/Dockerfile | 4 ++-- 18 files changed, 36 insertions(+), 36 deletions(-) diff --git a/9.0/buster/Dockerfile b/9.0/buster/Dockerfile index e79d0fd..4767759 100644 --- a/9.0/buster/Dockerfile +++ b/9.0/buster/Dockerfile @@ -1,6 +1,6 @@ FROM buildpack-deps:buster -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # additional haskell specific deps RUN apt-get update && \ @@ -132,6 +132,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.0/slim-buster/Dockerfile b/9.0/slim-buster/Dockerfile index e5632c9..d70fd8c 100644 --- a/9.0/slim-buster/Dockerfile +++ b/9.0/slim-buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -148,6 +148,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.10/bullseye/Dockerfile b/9.10/bullseye/Dockerfile index c6d2178..bad343b 100644 --- a/9.10/bullseye/Dockerfile +++ b/9.10/bullseye/Dockerfile @@ -1,6 +1,6 @@ FROM debian:bullseye -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -129,6 +129,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.10/buster/Dockerfile b/9.10/buster/Dockerfile index f75805a..1a1ed08 100644 --- a/9.10/buster/Dockerfile +++ b/9.10/buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -129,6 +129,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.10/slim-bullseye/Dockerfile b/9.10/slim-bullseye/Dockerfile index 1810f81..e62de66 100644 --- a/9.10/slim-bullseye/Dockerfile +++ b/9.10/slim-bullseye/Dockerfile @@ -1,6 +1,6 @@ FROM debian:bullseye-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -129,6 +129,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.10/slim-buster/Dockerfile b/9.10/slim-buster/Dockerfile index 533ef62..5f83fb1 100644 --- a/9.10/slim-buster/Dockerfile +++ b/9.10/slim-buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -131,6 +131,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.2/buster/Dockerfile b/9.2/buster/Dockerfile index 2ec5220..ad468ab 100644 --- a/9.2/buster/Dockerfile +++ b/9.2/buster/Dockerfile @@ -1,6 +1,6 @@ FROM buildpack-deps:buster -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # additional haskell specific deps RUN apt-get update && \ @@ -115,6 +115,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.2/slim-buster/Dockerfile b/9.2/slim-buster/Dockerfile index 7109ebb..9766768 100644 --- a/9.2/slim-buster/Dockerfile +++ b/9.2/slim-buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -131,6 +131,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.4/buster/Dockerfile b/9.4/buster/Dockerfile index 9a0c214..770756f 100644 --- a/9.4/buster/Dockerfile +++ b/9.4/buster/Dockerfile @@ -1,6 +1,6 @@ FROM buildpack-deps:buster -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # additional haskell specific deps RUN apt-get update && \ @@ -115,6 +115,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.4/slim-buster/Dockerfile b/9.4/slim-buster/Dockerfile index 7d6b9bb..8ae51d1 100644 --- a/9.4/slim-buster/Dockerfile +++ b/9.4/slim-buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -131,6 +131,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index fe9ad88..7826d93 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -1,6 +1,6 @@ FROM debian:bullseye -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -132,6 +132,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile index 7edaaff..724b65c 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/buster/Dockerfile @@ -1,6 +1,6 @@ FROM buildpack-deps:buster -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # additional haskell specific deps RUN apt-get update && \ @@ -115,6 +115,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.6/slim-bullseye/Dockerfile b/9.6/slim-bullseye/Dockerfile index fbd978a..0941500 100644 --- a/9.6/slim-bullseye/Dockerfile +++ b/9.6/slim-bullseye/Dockerfile @@ -1,6 +1,6 @@ FROM debian:bullseye-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -134,6 +134,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.6/slim-buster/Dockerfile b/9.6/slim-buster/Dockerfile index 66d2100..0022b69 100644 --- a/9.6/slim-buster/Dockerfile +++ b/9.6/slim-buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -131,6 +131,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.8/bullseye/Dockerfile b/9.8/bullseye/Dockerfile index a2f6194..bb8c3c9 100644 --- a/9.8/bullseye/Dockerfile +++ b/9.8/bullseye/Dockerfile @@ -1,6 +1,6 @@ FROM debian:bullseye -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -129,6 +129,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.8/buster/Dockerfile b/9.8/buster/Dockerfile index aa4ff68..d484841 100644 --- a/9.8/buster/Dockerfile +++ b/9.8/buster/Dockerfile @@ -1,6 +1,6 @@ FROM buildpack-deps:buster -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # additional haskell specific deps RUN apt-get update && \ @@ -115,6 +115,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.8/slim-bullseye/Dockerfile b/9.8/slim-bullseye/Dockerfile index 717dd9e..1f67aaa 100644 --- a/9.8/slim-bullseye/Dockerfile +++ b/9.8/slim-bullseye/Dockerfile @@ -1,6 +1,6 @@ FROM debian:bullseye-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -129,6 +129,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"] diff --git a/9.8/slim-buster/Dockerfile b/9.8/slim-buster/Dockerfile index 336556b..a370fc7 100644 --- a/9.8/slim-buster/Dockerfile +++ b/9.8/slim-buster/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # common haskell + stack dependencies RUN apt-get update && \ @@ -131,6 +131,6 @@ RUN set -eux; \ \ "/opt/ghc/$GHC/bin/ghc" --version -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH +ENV PATH=/root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH CMD ["ghci"]