test(ci): implement tests for linter

Articola-Tools · Oct 19, 2024 · 9f21e75 · 9f21e75
1 parent a0dab8d
commit 9f21e75
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 1 deletion.
diff --git a/.dockerignore b/.dockerignore
@@ -1,6 +1,7 @@
 .idea
 .github
 .git
+tests
 .dockerignore
 Dockerfile
 LICENSE

diff --git a/.github/workflows/validate_new_changes.yml b/.github/workflows/validate_new_changes.yml
@@ -74,7 +74,21 @@ jobs:
                   cache-from: "type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
                   cache-to: "type=inline"
 
-            - name: "Run local Dockerfile linter"
+            - name: "Test correctly setup Dockerfile"
+              run: "docker run --rm -v ${{ github.workspace }}/tests/correct_dockerfile:/linter_workdir/repo
+                    local/dockerfile-linter-pr:latest"
+
+            - name: "Test incorrectly setup Dockerfile"
+              run: "docker run --rm -v ${{ github.workspace }}/tests/incorrect_dockerfile:/linter_workdir/repo
+                    local/dockerfile-linter-pr:latest && { echo 'Incorrectly setup Dockerfile test must fail!' >&2; exit 1; }
+                    || exit 0"
+
+            # HACK: remove `tests` directory before linting repo directory because this is easier than implementing a proper
+            # way to ignore directories in ENTRYPOINT command.
+            - name: "Remove `tests` directory"
+              run: "rm -rf ${{ github.workspace }}/tests"
+
+            - name: "Lint repo directory"
               run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo local/dockerfile-linter-pr:latest"
 
             - name: "Run Trivy vulnerability scanner"

diff --git a/tests/correct_dockerfile/Dockerfile b/tests/correct_dockerfile/Dockerfile
@@ -0,0 +1,21 @@
+FROM alpine:3.20
+
+RUN mkdir /linter_workdir
+
+RUN addgroup -S lintergroup && adduser -S linteruser -G lintergroup && chown -R linteruser:lintergroup /linter_workdir
+
+RUN apk add --no-cache wget=1.24.5-r0 \
+    && wget --progress=dot:mega -O /linter_workdir/hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
+    && chmod +x /linter_workdir/hadolint \
+    && apk del wget
+
+# NOTE: we need to have a separate directory for linter to work only with needed files,
+# not with files from the entire system.
+WORKDIR /linter_workdir
+
+USER linteruser
+
+HEALTHCHECK --timeout=1s --retries=1 CMD /linter_workdir/hadolint --version || exit 1
+
+ENTRYPOINT ["/bin/sh", "-c", "find /linter_workdir/repo -name 'Dockerfile*' -type f | \
+while read -r dockerfile; do /linter_workdir/hadolint \"$dockerfile\"; done"]
diff --git a/tests/incorrect_dockerfile/Dockerfile b/tests/incorrect_dockerfile/Dockerfile
@@ -0,0 +1,17 @@
+FROM alpine:3.20
+
+RUN mkdir /linter_workdir
+
+RUN apk add --no-cache wget \
+    && wget --progress=dot:mega -O /linter_workdir/hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
+    && chmod +x /linter_workdir/hadolint \
+    && apk del wget
+
+# NOTE: we need to have a separate directory for linter to work only with needed files,
+# not with files from the entire system.
+WORKDIR /linter_workdir
+
+HEALTHCHECK --timeout=1s --retries=1 CMD /linter_workdir/hadolint --version || exit 1
+
+ENTRYPOINT ["/bin/sh", "-c", "find /linter_workdir/repo -name 'Dockerfile*' -type f | \
+while read -r dockerfile; do /linter_workdir/hadolint \"$dockerfile\"; done"]