From 6d0a2dbcc725dff37c05be22effc492fd7240dee Mon Sep 17 00:00:00 2001
From: Victor Morales <v.morales@samsung.com>
Date: Wed, 18 Oct 2023 03:15:55 -0700
Subject: [PATCH] Enable Dockerfile linter tool (#200)

* Improve e2e Dockerfile

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Use fixed distro less version image for generic autobumper

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Improve label_sync dockerfile

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Enable prow dockerfile lint job

---------

Signed-off-by: Victor Morales <v.morales@samsung.com>
---
 .prow.yaml                           | 15 +++++++++++++++
 images/e2e/Dockerfile                | 12 ++++++------
 images/generic-autobumper/Dockerfile |  2 +-
 images/label_sync/Dockerfile         | 18 ++++++++++++------
 4 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/.prow.yaml b/.prow.yaml
index fe48a5fa..98393982 100644
--- a/.prow.yaml
+++ b/.prow.yaml
@@ -29,6 +29,21 @@ presubmits:
           args:
             - "-c"
             - set -eE; cd e2e/provision; /usr/local/bin/tox -e lint
+  - name: images-hadolint
+    annotations:
+    labels:
+    run_if_changed: '^images/'
+    skip_report: false
+    decorate: true
+    cluster: default
+    spec:
+      containers:
+        - image: "hadolint/hadolint:v2.12.0-debian"
+          command:
+            - "/bin/sh"
+          args:
+            - "-c"
+            - set -eE; for dockerfile in images/*/Dockerfile; do hadolint $dockerfile -t warning; done
   - name: bootstrap-integration
     annotations:
     labels:
diff --git a/images/e2e/Dockerfile b/images/e2e/Dockerfile
index 284ce1bd..41714928 100644
--- a/images/e2e/Dockerfile
+++ b/images/e2e/Dockerfile
@@ -1,6 +1,6 @@
-FROM hashicorp/terraform:1.4.5
-RUN apk update && \
-    wget -c https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-427.0.0-linux-x86_64.tar.gz && \
-    tar xf /google-cloud-cli-427.0.0-linux-x86_64.tar.gz && \
-    apk add python3 && \
-    /google-cloud-sdk/install.sh -q
+FROM hashicorp/terraform:1.5.7
+
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+RUN wget -q -c https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-446.0.0-linux-x86_64.tar.gz -O - | tar -xz -C /tmp && \
+    apk add --no-cache python3=3.11.5-r0 && \
+    /tmp/google-cloud-sdk/install.sh -q
diff --git a/images/generic-autobumper/Dockerfile b/images/generic-autobumper/Dockerfile
index e5799176..1d701716 100644
--- a/images/generic-autobumper/Dockerfile
+++ b/images/generic-autobumper/Dockerfile
@@ -4,7 +4,7 @@ RUN git clone --depth 1 https://github.com/kubernetes/test-infra.git /opt/test-i
 WORKDIR /opt/test-infra
 RUN CGO_ENABLED=0 go build -o /tmp/ ./prow/cmd/generic-autobumper/...
 
-FROM gcr.io/distroless/static-debian11
+FROM gcr.io/distroless/static-debian11@sha256:6706c73aae2afaa8201d63cc3dda48753c09bcd6c300762251065c0f7e602b25
 
 COPY --from=builder /tmp/generic-autobumper /
 CMD ["/generic-autobumper"]
diff --git a/images/label_sync/Dockerfile b/images/label_sync/Dockerfile
index 631ec4af..b7557669 100644
--- a/images/label_sync/Dockerfile
+++ b/images/label_sync/Dockerfile
@@ -1,8 +1,14 @@
 FROM golang:1.20.4-alpine3.17 as builder
-RUN apk update && apk add git  && cd src && \
-    git clone https://github.com/kubernetes/test-infra.git && \
-    cd test-infra/label_sync && \
-    go build
 
-FROM golang:1.20.4-alpine3.17
-COPY --from=builder /go/src/test-infra/label_sync/label_sync /go/bin
+WORKDIR /opt
+RUN apk add --no-cache git=2.38.5-r0 && \
+  git clone --depth 1 https://github.com/kubernetes/test-infra.git
+
+WORKDIR /opt/test-infra/label_sync
+RUN go build
+
+FROM gcr.io/distroless/base:nonroot
+
+COPY --from=builder /opt/test-infra/label_sync/label_sync /bin
+
+ENTRYPOINT ["/bin/label_sync"]