mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-22 00:31:07 -05:00
4d9eaa5c54
Recent versions of dart analyzer don't support the --options configuration option anymore, so we cannot pass an arbitrary configuration file. This commit removes the default dart analyzer configuration file as well, because it's not needed anymore.
417 lines
13 KiB
Docker
417 lines
13 KiB
Docker
###########################################
|
|
###########################################
|
|
## Dockerfile to run GitHub Super-Linter ##
|
|
###########################################
|
|
###########################################
|
|
|
|
ARG GLIBC_VERSION='2.34-r0'
|
|
|
|
#########################################
|
|
# Get dependency images as build stages #
|
|
#########################################
|
|
FROM tenable/terrascan:1.18.11 as terrascan
|
|
FROM alpine/terragrunt:1.6.6 as terragrunt
|
|
FROM ghcr.io/assignuser/chktex-alpine:v0.2.0 as chktex
|
|
FROM dotenvlinter/dotenv-linter:3.3.0 as dotenv-linter
|
|
FROM ghcr.io/awkbar-devops/clang-format:v1.0.2 as clang-format
|
|
FROM ghcr.io/terraform-linters/tflint:v0.50.0 as tflint
|
|
FROM ghcr.io/yannh/kubeconform:v0.6.4 as kubeconfrm
|
|
FROM golang:1.21.5-alpine as golang
|
|
FROM golangci/golangci-lint:v1.55.2 as golangci-lint
|
|
FROM hadolint/hadolint:v2.12.0-alpine as dockerfile-lint
|
|
FROM hashicorp/terraform:1.6.6 as terraform
|
|
FROM koalaman/shellcheck:v0.9.0 as shellcheck
|
|
FROM mstruebing/editorconfig-checker:2.7.2 as editorconfig-checker
|
|
FROM mvdan/shfmt:v3.7.0 as shfmt
|
|
FROM rhysd/actionlint:1.6.26 as actionlint
|
|
FROM scalameta/scalafmt:v3.7.17 as scalafmt
|
|
FROM zricethezav/gitleaks:v8.18.1 as gitleaks
|
|
FROM yoheimuta/protolint:0.47.3 as protolint
|
|
FROM ghcr.io/clj-kondo/clj-kondo:2023.05.18-alpine as clj-kondo
|
|
FROM dart:3.2.4-sdk as dart
|
|
|
|
FROM python:3.12.1-alpine3.19 as base_image
|
|
|
|
LABEL com.github.actions.name="Super-Linter" \
|
|
com.github.actions.description="Super-linter is a ready-to-run collection of linters and code analyzers, to help validate your source code." \
|
|
com.github.actions.icon="code" \
|
|
com.github.actions.color="red" \
|
|
maintainer="@Hanse00, @ferrarimarco, @zkoppert" \
|
|
org.opencontainers.image.authors="Super Linter Contributors: https://github.com/super-linter/super-linter/graphs/contributors" \
|
|
org.opencontainers.image.url="https://github.com/super-linter/super-linter" \
|
|
org.opencontainers.image.source="https://github.com/super-linter/super-linter" \
|
|
org.opencontainers.image.documentation="https://github.com/super-linter/super-linter" \
|
|
org.opencontainers.image.description="A collection of code linters and analyzers."
|
|
|
|
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
|
ARG TARGETARCH
|
|
|
|
# Install bash first so we can use it
|
|
RUN apk add --no-cache \
|
|
bash
|
|
|
|
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
|
|
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
cargo \
|
|
cmake \
|
|
coreutils \
|
|
curl \
|
|
file \
|
|
g++ \
|
|
gcc \
|
|
git \
|
|
git-lfs \
|
|
gnupg \
|
|
icu-libs \
|
|
jpeg-dev \
|
|
jq \
|
|
krb5-libs \
|
|
libc-dev \
|
|
libcurl \
|
|
libffi-dev \
|
|
libgcc \
|
|
libintl \
|
|
libssl3 \
|
|
libstdc++ \
|
|
libxml2-dev \
|
|
libxml2-utils \
|
|
linux-headers \
|
|
lttng-ust-dev \
|
|
make \
|
|
musl-dev \
|
|
net-snmp-dev \
|
|
nodejs-current \
|
|
npm \
|
|
openjdk17-jre \
|
|
openssh-client \
|
|
openssl-dev \
|
|
parallel \
|
|
perl \
|
|
perl-dev \
|
|
py3-pyflakes \
|
|
py3-setuptools \
|
|
python3-dev \
|
|
R \
|
|
R-dev \
|
|
R-doc \
|
|
readline-dev \
|
|
ruby \
|
|
ruby-bundler \
|
|
ruby-dev \
|
|
ruby-rdoc \
|
|
rustup \
|
|
tar \
|
|
zlib \
|
|
zlib-dev \
|
|
zstd
|
|
|
|
COPY dependencies/ /
|
|
|
|
###################################################################
|
|
# Install Dependencies #
|
|
# The chown fixes broken uid/gid in ast-types-flow dependency #
|
|
# (see https://github.com/super-linter/super-linter/issues/3901) #
|
|
###################################################################
|
|
RUN npm install && chown -R "$(id -u)":"$(id -g)" node_modules && bundle install
|
|
|
|
##############################
|
|
# Installs Perl dependencies #
|
|
##############################
|
|
RUN curl --retry 5 --retry-delay 5 -sL https://cpanmin.us/ | perl - -nq --no-wget Perl::Critic Perl::Critic::Community Perl::Critic::More Perl::Critic::Bangs Perl::Critic::Lax Perl::Critic::StricterSubs Perl::Critic::Swift Perl::Critic::Tics
|
|
|
|
######################
|
|
# Install shellcheck #
|
|
######################
|
|
COPY --from=shellcheck /bin/shellcheck /usr/bin/
|
|
|
|
#####################
|
|
# Install Go Linter #
|
|
#####################
|
|
COPY --from=golang /usr/local/go/go.env /usr/lib/go/
|
|
COPY --from=golang /usr/local/go/bin/ /usr/lib/go/bin/
|
|
COPY --from=golang /usr/local/go/lib/ /usr/lib/go/lib/
|
|
COPY --from=golang /usr/local/go/pkg/ /usr/lib/go/pkg/
|
|
COPY --from=golang /usr/local/go/src/ /usr/lib/go/src/
|
|
COPY --from=golangci-lint /usr/bin/golangci-lint /usr/bin/
|
|
|
|
#####################
|
|
# Install Terraform #
|
|
#####################
|
|
COPY --from=terraform /bin/terraform /usr/bin/
|
|
|
|
##################
|
|
# Install TFLint #
|
|
##################
|
|
COPY --from=tflint /usr/local/bin/tflint /usr/bin/
|
|
|
|
#####################
|
|
# Install Terrascan #
|
|
#####################
|
|
COPY --from=terrascan /go/bin/terrascan /usr/bin/
|
|
|
|
######################
|
|
# Install Terragrunt #
|
|
######################
|
|
COPY --from=terragrunt /usr/local/bin/terragrunt /usr/bin/
|
|
|
|
######################
|
|
# Install protolint #
|
|
######################
|
|
COPY --from=protolint /usr/local/bin/protolint /usr/bin/
|
|
|
|
################################
|
|
# Install editorconfig-checker #
|
|
################################
|
|
COPY --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker
|
|
|
|
###############################
|
|
# Install hadolint dockerfile #
|
|
###############################
|
|
COPY --from=dockerfile-lint /bin/hadolint /usr/bin/hadolint
|
|
|
|
##################
|
|
# Install chktex #
|
|
##################
|
|
COPY --from=chktex /usr/bin/chktex /usr/bin/
|
|
|
|
#################
|
|
# Install shfmt #
|
|
#################
|
|
COPY --from=shfmt /bin/shfmt /usr/bin/
|
|
|
|
########################
|
|
# Install clang-format #
|
|
########################
|
|
COPY --from=clang-format /usr/bin/clang-format /usr/bin/
|
|
|
|
####################
|
|
# Install GitLeaks #
|
|
####################
|
|
COPY --from=gitleaks /usr/bin/gitleaks /usr/bin/
|
|
|
|
####################
|
|
# Install scalafmt #
|
|
####################
|
|
COPY --from=scalafmt /bin/scalafmt /usr/bin/
|
|
|
|
######################
|
|
# Install actionlint #
|
|
######################
|
|
COPY --from=actionlint /usr/local/bin/actionlint /usr/bin/
|
|
|
|
######################
|
|
# Install kubeconform #
|
|
######################
|
|
COPY --from=kubeconfrm /kubeconform /usr/bin/
|
|
|
|
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
|
|
# Store the key here because the above host is sometimes down, and breaks our builds
|
|
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
|
|
|
|
#################
|
|
# Install glibc #
|
|
#################
|
|
ARG GLIBC_VERSION
|
|
COPY scripts/install-glibc.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-glibc.sh && rm -rf /install-glibc.sh
|
|
|
|
#####################
|
|
# Install clj-kondo #
|
|
#####################
|
|
COPY --from=clj-kondo /bin/clj-kondo /usr/bin/
|
|
|
|
####################
|
|
# Install dart-sdk #
|
|
####################
|
|
ENV DART_SDK /usr/lib/dart
|
|
COPY --from=dart "${DART_SDK}" "${DART_SDK}"
|
|
RUN chmod 755 "${DART_SDK}" && chmod 755 "${DART_SDK}/bin"
|
|
|
|
#################
|
|
# Install Lintr #
|
|
#################
|
|
COPY scripts/install-lintr.sh scripts/install-r-package-or-fail.R /
|
|
RUN /install-lintr.sh && rm -rf /install-lintr.sh /install-r-package-or-fail.R
|
|
|
|
#################################
|
|
# Install luacheck and luarocks #
|
|
#################################
|
|
COPY scripts/install-lua.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-lua.sh && rm -rf /install-lua.sh
|
|
|
|
#####################################
|
|
# Build python virtual environments #
|
|
#####################################
|
|
COPY dependencies/python/ /stage
|
|
WORKDIR /stage
|
|
RUN ./build-venvs.sh
|
|
# Set work directory back to root because some scripts depend on it
|
|
WORKDIR /
|
|
|
|
##############################
|
|
# Install Phive dependencies #
|
|
##############################
|
|
COPY scripts/install-phive.sh /
|
|
RUN /install-phive.sh && rm -rf /install-phive.sh
|
|
|
|
##################
|
|
# Install ktlint #
|
|
##################
|
|
COPY scripts/install-ktlint.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-ktlint.sh && rm -rf /install-ktlint.sh
|
|
|
|
#################################################
|
|
# Install Raku and additional Edge dependencies #
|
|
#################################################
|
|
RUN apk add --no-cache rakudo zef
|
|
|
|
######################
|
|
# Install CheckStyle #
|
|
######################
|
|
COPY scripts/install-checkstyle.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-checkstyle.sh && rm -rf /install-checkstyle.sh
|
|
|
|
##############################
|
|
# Install google-java-format #
|
|
##############################
|
|
COPY scripts/install-google-java-format.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-google-java-format.sh && rm -rf /install-google-java-format.sh
|
|
|
|
#########################
|
|
# Clean to shrink image #
|
|
#########################
|
|
RUN find /usr/ -type f -name '*.md' -exec rm {} +
|
|
|
|
#####################
|
|
# Install Bash-Exec #
|
|
#####################
|
|
COPY --chmod=555 scripts/bash-exec.sh /usr/bin/bash-exec
|
|
|
|
#################################
|
|
# Copy super-linter executables #
|
|
#################################
|
|
COPY lib /action/lib
|
|
|
|
###################################
|
|
# Copy linter configuration files #
|
|
###################################
|
|
COPY TEMPLATES /action/lib/.automation
|
|
|
|
#########################
|
|
# Configure Environment #
|
|
#########################
|
|
# Set image variant
|
|
ENV IMAGE="slim"
|
|
|
|
ENV PATH="${PATH}:/venvs/ansible-lint/bin"
|
|
ENV PATH="${PATH}:/venvs/black/bin"
|
|
ENV PATH="${PATH}:/venvs/checkov/bin"
|
|
ENV PATH="${PATH}:/venvs/cfn-lint/bin"
|
|
ENV PATH="${PATH}:/venvs/cpplint/bin"
|
|
ENV PATH="${PATH}:/venvs/flake8/bin"
|
|
ENV PATH="${PATH}:/venvs/isort/bin"
|
|
ENV PATH="${PATH}:/venvs/mypy/bin"
|
|
ENV PATH="${PATH}:/venvs/pylint/bin"
|
|
ENV PATH="${PATH}:/venvs/snakefmt/bin"
|
|
ENV PATH="${PATH}:/venvs/snakemake/bin"
|
|
ENV PATH="${PATH}:/venvs/sqlfluff/bin"
|
|
ENV PATH="${PATH}:/venvs/yamllint/bin"
|
|
ENV PATH="${PATH}:/venvs/yq/bin"
|
|
ENV PATH="${PATH}:/node_modules/.bin"
|
|
ENV PATH="${PATH}:/usr/lib/go/bin"
|
|
ENV PATH="${PATH}:${DART_SDK}/bin:/root/.pub-cache/bin"
|
|
|
|
# Configure TFLint plugin folder
|
|
ENV TFLINT_PLUGIN_DIR="/root/.tflint.d/plugins"
|
|
|
|
# Initialize TFLint plugins so we get plugin versions listed when we ask for TFLint version
|
|
# Run to build version file and validate image
|
|
RUN tflint --init -c /action/lib/.automation/.tflint.hcl \
|
|
&& ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
|
|
|
|
ENTRYPOINT ["/action/lib/linter.sh"]
|
|
|
|
# Initialize Terrascan
|
|
# Initialize ChkTeX config file
|
|
RUN terrascan init \
|
|
&& touch ~/.chktexrc
|
|
|
|
FROM base_image as slim
|
|
|
|
# Set build metadata here so we don't invalidate the container image cache if we
|
|
# change the values of these arguments
|
|
ARG BUILD_DATE
|
|
ARG BUILD_REVISION
|
|
ARG BUILD_VERSION
|
|
|
|
LABEL org.opencontainers.image.created=$BUILD_DATE \
|
|
org.opencontainers.image.revision=$BUILD_REVISION \
|
|
org.opencontainers.image.version=$BUILD_VERSION
|
|
|
|
ENV BUILD_DATE=$BUILD_DATE
|
|
ENV BUILD_REVISION=$BUILD_REVISION
|
|
ENV BUILD_VERSION=$BUILD_VERSION
|
|
|
|
##############################
|
|
# Build the standard variant #
|
|
##############################
|
|
FROM slim as standard
|
|
|
|
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
|
ARG TARGETARCH
|
|
ARG PWSH_VERSION='latest'
|
|
ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
|
|
ARG PSSA_VERSION='1.21.0'
|
|
|
|
ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1"
|
|
ENV IMAGE="standard"
|
|
ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet"
|
|
|
|
#########################
|
|
# Install dotenv-linter #
|
|
#########################
|
|
COPY --from=dotenv-linter /dotenv-linter /usr/bin/
|
|
|
|
###################################
|
|
# Install DotNet and Dependencies #
|
|
###################################
|
|
COPY scripts/install-dotnet.sh /
|
|
RUN /install-dotnet.sh && rm -rf /install-dotnet.sh
|
|
|
|
##############################
|
|
# Install rustfmt & clippy #
|
|
##############################
|
|
ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1
|
|
COPY scripts/install-rustfmt.sh /
|
|
RUN /install-rustfmt.sh && rm -rf /install-rustfmt.sh
|
|
|
|
#########################################
|
|
# Install Powershell + PSScriptAnalyzer #
|
|
#########################################
|
|
COPY scripts/install-pwsh.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-pwsh.sh && rm -rf /install-pwsh.sh
|
|
|
|
#############################################################
|
|
# Install Azure Resource Manager Template Toolkit (arm-ttk) #
|
|
#############################################################
|
|
COPY scripts/install-arm-ttk.sh /
|
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-arm-ttk.sh && rm -rf /install-arm-ttk.sh
|
|
|
|
# Run to build version file and validate image again because we installed more linters
|
|
RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
|
|
|
|
# Set build metadata here so we don't invalidate the container image cache if we
|
|
# change the values of these arguments
|
|
ARG BUILD_DATE
|
|
ARG BUILD_REVISION
|
|
ARG BUILD_VERSION
|
|
|
|
LABEL org.opencontainers.image.created=$BUILD_DATE \
|
|
org.opencontainers.image.revision=$BUILD_REVISION \
|
|
org.opencontainers.image.version=$BUILD_VERSION
|
|
|
|
ENV BUILD_DATE=$BUILD_DATE
|
|
ENV BUILD_REVISION=$BUILD_REVISION
|
|
ENV BUILD_VERSION=$BUILD_VERSION
|