diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..12da54b --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,18 @@ +name: lint + +on: + # yamllint disable-line rule:truthy + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: hadolint/hadolint-action@v3.1.0 + with: + recursive: true + failure-threshold: warning # info is usually ok diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..c3dd257 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,12 @@ +ignored: + - DL3007 # we don't want to pin versions + - DL3008 # we don't want to pin versions + - DL3013 # we don't want to pin versions + - DL3018 # we don't want to pin versions + - DL3033 # we don't want to pin versions + - DL3041 # we don't want to pin versions + - DL3037 # we don't want to pin versions + - SC2028 # using echo is ok for our case + - SC3009 # we don't care about POSIX compatibility + - SC3010 # we don't care about POSIX compatibility + - SC3037 # we don't care about POSIX compatibility diff --git a/amazon2023-ansible-latest/Dockerfile b/amazon2023-ansible-latest/Dockerfile index c828bbf..043ed19 100644 --- a/amazon2023-ansible-latest/Dockerfile +++ b/amazon2023-ansible-latest/Dockerfile @@ -13,7 +13,7 @@ RUN yum makecache --timer && \ python3-pip && \ yum clean all -RUN pip3 install ansible +RUN pip3 install --no-cache-dir ansible # Disable requiretty. RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers diff --git a/arch-ansible-latest/Dockerfile b/arch-ansible-latest/Dockerfile index 462860e..09c8370 100644 --- a/arch-ansible-latest/Dockerfile +++ b/arch-ansible-latest/Dockerfile @@ -7,13 +7,13 @@ RUN pacman -S -y \ sudo \ systemd \ && \ - (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -vf $i; done); \ - rm -vf /lib/systemd/system/multi-user.target.wants/*; \ - rm -vf /etc/systemd/system/*.wants/*; \ - rm -vf /lib/systemd/system/local-fs.target.wants/*; \ - rm -vf /lib/systemd/system/sockets.target.wants/*udev*; \ - rm -vf /lib/systemd/system/sockets.target.wants/*initctl*; \ - rm -vf /lib/systemd/system/basic.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -vf $i; done; \ + rm -vf /lib/systemd/system/multi-user.target.wants/*; \ + rm -vf /etc/systemd/system/*.wants/*; \ + rm -vf /lib/systemd/system/local-fs.target.wants/*; \ + rm -vf /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -vf /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -vf /lib/systemd/system/basic.target.wants/*; # Update archlinux-keyring. RUN pacman -S -y \ @@ -26,7 +26,7 @@ RUN pacman -S -y \ glibc \ python \ ansible \ - && yes | pacman -Scc || true + && pacman -Scc --noconfirm || true # Install Ansible inventory file. RUN mkdir /etc/ansible \ diff --git a/centos7-ansible-latest/Dockerfile b/centos7-ansible-latest/Dockerfile index 03742d9..8debb08 100644 --- a/centos7-ansible-latest/Dockerfile +++ b/centos7-ansible-latest/Dockerfile @@ -6,14 +6,14 @@ ENV LC_ALL en_US.UTF-8 # Install systemd -- See https://hub.docker.com/_/centos/ RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*;\ -rm -f /etc/systemd/system/*.wants/*;\ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*;\ -rm -f /lib/systemd/system/anaconda.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; # Install requirements. RUN yum makecache fast && \ @@ -37,8 +37,8 @@ RUN yum -y install yum-plugin-copr libseccomp && \ RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers # Upgrade pip so cryptography package works. -RUN python3 -m pip install --upgrade pip && \ - pip3 install ansible +RUN python3 -m pip install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user # Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` diff --git a/centos8-ansible-latest/Dockerfile b/centos8-ansible-latest/Dockerfile index 8a746fa..812f953 100644 --- a/centos8-ansible-latest/Dockerfile +++ b/centos8-ansible-latest/Dockerfile @@ -4,14 +4,14 @@ ENV container=docker # Install systemd -- See https://hub.docker.com/_/centos/ RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*;\ -rm -f /etc/systemd/system/*.wants/*;\ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*;\ -rm -f /lib/systemd/system/anaconda.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; # Install Ansible and other requirements. RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-Linux-* \ @@ -27,8 +27,8 @@ RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" -e "s|#baseurl=http://mirror.centos && yum clean all # upgrade pip because of the rust dependency error -RUN python3 -m pip install --upgrade pip && \ - pip3 install ansible +RUN python3 -m pip install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # Disable requiretty. RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers diff --git a/centosstream8-ansible-latest/Dockerfile b/centosstream8-ansible-latest/Dockerfile index 56d7bc0..39a9587 100644 --- a/centosstream8-ansible-latest/Dockerfile +++ b/centosstream8-ansible-latest/Dockerfile @@ -4,14 +4,14 @@ ENV container=docker # Install systemd -- See https://hub.docker.com/_/centos/ RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*;\ -rm -f /etc/systemd/system/*.wants/*;\ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*;\ -rm -f /lib/systemd/system/anaconda.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; # Install Ansible and other requirements. RUN yum makecache --timer \ @@ -27,8 +27,8 @@ RUN yum makecache --timer \ && yum clean all # upgrade pip because of the rust dependency error -RUN python3 -m pip install --upgrade pip && \ - pip3 install ansible +RUN python3 -m pip install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # Disable requiretty. RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers diff --git a/centosstream9-ansible-latest/Dockerfile b/centosstream9-ansible-latest/Dockerfile index a0b63f4..33b1bb6 100644 --- a/centosstream9-ansible-latest/Dockerfile +++ b/centosstream9-ansible-latest/Dockerfile @@ -25,8 +25,8 @@ RUN yum makecache --timer \ && yum clean all # upgrade pip because of the rust dependency error -RUN python3 -m pip install --upgrade pip && \ - pip3 install ansible +RUN python3 -m pip install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # Disable requiretty. RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers diff --git a/debian10-ansible-latest/Dockerfile b/debian10-ansible-latest/Dockerfile index a27fe2b..b7f5bc1 100644 --- a/debian10-ansible-latest/Dockerfile +++ b/debian10-ansible-latest/Dockerfile @@ -1,13 +1,16 @@ FROM debian:buster LABEL maintainer="Sebastian Gumprich" -RUN apt-get update -y && apt-get install --fix-missing && \ +RUN apt-get update -y && apt-get install -y --fix-missing && \ DEBIAN_FRONTEND=noninteractive \ apt-get install -y \ python python-yaml sudo \ - curl gcc python-pip python-dev libffi-dev libssl-dev systemd -RUN pip install --upgrade cffi && \ - pip install ansible + curl gcc python-pip python-dev libffi-dev libssl-dev systemd && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +RUN pip install --no-cache-dir --upgrade cffi && \ + pip install --no-cache-dir ansible RUN apt-get -f -y --auto-remove remove \ gcc python-pip python-dev libffi-dev libssl-dev && \ diff --git a/debian11-ansible-latest/Dockerfile b/debian11-ansible-latest/Dockerfile index e4af5ef..7eaeb12 100644 --- a/debian11-ansible-latest/Dockerfile +++ b/debian11-ansible-latest/Dockerfile @@ -5,7 +5,10 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missin DEBIAN_FRONTEND=noninteractive \ apt-get install -y --no-install-recommends \ python3 python3-yaml sudo \ - curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd + curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + RUN pip install --no-cache-dir --upgrade cffi && \ pip install --no-cache-dir ansible diff --git a/debian12-ansible-latest/Dockerfile b/debian12-ansible-latest/Dockerfile index dfd2e14..81674c4 100644 --- a/debian12-ansible-latest/Dockerfile +++ b/debian12-ansible-latest/Dockerfile @@ -5,7 +5,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missin DEBIAN_FRONTEND=noninteractive \ apt-get install -y --no-install-recommends \ python3 python3-yaml sudo \ - curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd + curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # Allow installing stuff to system Python. RUN rm -f /usr/lib/python3.11/EXTERNALLY-MANAGED diff --git a/fedora37-ansible-latest/Dockerfile b/fedora37-ansible-latest/Dockerfile index 066b06e..c0d6ff4 100644 --- a/fedora37-ansible-latest/Dockerfile +++ b/fedora37-ansible-latest/Dockerfile @@ -3,14 +3,14 @@ LABEL maintainer="Sebastian Gumprich; Nejc Habjan; Diego Louzan; Max Wittig" # Enable systemd. RUN dnf -y install systemd && dnf clean all && \ - (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ - rm -f /lib/systemd/system/multi-user.target.wants/*;\ - rm -f /etc/systemd/system/*.wants/*;\ - rm -f /lib/systemd/system/local-fs.target.wants/*; \ - rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ - rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ - rm -f /lib/systemd/system/basic.target.wants/*;\ - rm -f /lib/systemd/system/anaconda.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; RUN dnf -y update \ && dnf -y install ansible python python3-libselinux \ diff --git a/fedora38-ansible-latest/Dockerfile b/fedora38-ansible-latest/Dockerfile index f361587..cc6ccea 100644 --- a/fedora38-ansible-latest/Dockerfile +++ b/fedora38-ansible-latest/Dockerfile @@ -3,14 +3,14 @@ LABEL maintainer="Sebastian Gumprich, Nejc Habjan, Diego Louzan, Max Wittig" # Enable systemd. RUN dnf -y install systemd && dnf clean all && \ - (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ - rm -f /lib/systemd/system/multi-user.target.wants/*;\ - rm -f /etc/systemd/system/*.wants/*;\ - rm -f /lib/systemd/system/local-fs.target.wants/*; \ - rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ - rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ - rm -f /lib/systemd/system/basic.target.wants/*;\ - rm -f /lib/systemd/system/anaconda.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; RUN dnf -y update \ && dnf -y install ansible python python3-libselinux \ diff --git a/opensuse_tumbleweed-ansible-latest/Dockerfile b/opensuse_tumbleweed-ansible-latest/Dockerfile index ba41262..abb1cb5 100644 --- a/opensuse_tumbleweed-ansible-latest/Dockerfile +++ b/opensuse_tumbleweed-ansible-latest/Dockerfile @@ -2,7 +2,8 @@ FROM opensuse/tumbleweed:latest LABEL maintainer="Sebastian Gumprich" ENV container=docker -RUN zypper install -y python ansible dbus-1 systemd-sysvinit shadow sudo +RUN zypper install -y python ansible dbus-1 systemd-sysvinit shadow sudo && \ + zypper clean RUN cp /usr/lib/systemd/system/dbus.service /etc/systemd/system/; \ sed -i 's/OOMScoreAdjust=-900//' /etc/systemd/system/dbus.service diff --git a/openwrt-ansible-latest/Dockerfile b/openwrt-ansible-latest/Dockerfile index 9298a30..965e94d 100644 --- a/openwrt-ansible-latest/Dockerfile +++ b/openwrt-ansible-latest/Dockerfile @@ -1,14 +1,15 @@ FROM openwrt/rootfs:latest LABEL maintainer="Sebastian Gumprich" +# hadolint ignore=DL4006 RUN mkdir -p /var/lock && \ opkg update && \ if [[ $(opkg list-upgradable) ]]; then opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade; fi && \ opkg install python3 python3-pip python3-cryptography \ sudo bash sed shadow-su shadow-groupadd shadow-useradd shadow-usermod -RUN pip3 install --upgrade pip && \ - pip3 install ansible +RUN pip3 install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # Install Ansible inventory file RUN mkdir -p /etc/ansible \ diff --git a/rocky8-ansible-latest/Dockerfile b/rocky8-ansible-latest/Dockerfile index d5eb5d1..78f780a 100644 --- a/rocky8-ansible-latest/Dockerfile +++ b/rocky8-ansible-latest/Dockerfile @@ -4,14 +4,14 @@ ENV container=docker # Install systemd -- See https://hub.docker.com/_/centos/ RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*;\ -rm -f /etc/systemd/system/*.wants/*;\ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*;\ -rm -f /lib/systemd/system/anaconda.target.wants/*; + for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; # Install Ansible and other requirements. RUN yum makecache --timer \ @@ -26,8 +26,8 @@ RUN yum makecache --timer \ && yum clean all # upgrade pip because of the rust dependency error -RUN pip3 install --upgrade pip && \ - pip3 install ansible +RUN pip3 install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # Disable requiretty. RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers diff --git a/rocky9-ansible-latest/Dockerfile b/rocky9-ansible-latest/Dockerfile index afb16c7..e71fb52 100644 --- a/rocky9-ansible-latest/Dockerfile +++ b/rocky9-ansible-latest/Dockerfile @@ -18,8 +18,8 @@ RUN yum makecache --timer \ && yum clean all # upgrade pip because of the rust dependency error -RUN pip3 install --upgrade pip && \ - pip3 install ansible +RUN pip3 install --no-cache-dir --upgrade pip && \ + pip3 install --no-cache-dir ansible # Disable requiretty. RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers