From 9baebbe38a0d550704bed0963ef26b6bdff2b237 Mon Sep 17 00:00:00 2001
From: Issy Long <me@issyl0.co.uk>
Date: Sat, 25 Apr 2020 14:16:34 +0100
Subject: [PATCH] Lint the homebrew/brew Dockerfile with `hadolint`

- I suggested this for the contents of
  [Linuxbrew/docker](https://github.com/Linuxbrew/docker) in
  https://github.com/Linuxbrew/docker/issues/75. People agreed, and
  Shaun asked me to do the same here.
- This adds a step to CI to lint the Dockerfile, via
  [hadolint](https://github.com/hadolint/hadolint), on Ubuntu.
- The linting errors it surfaced on this Dockerfile were:

```
Dockerfile:4 DL3008 Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
Dockerfile:30 DL3020 Use COPY instead of ADD for files and folders
Dockerfile:32 DL3003 Use WORKDIR to switch to a directory
```

- [DL3008](https://github.com/hadolint/hadolint/wiki/DL3008) - pinning
  versions in `apt-get install` - is at odds with what we recommend in the
  normal Homebrew on Linux dependency install instructions. We don't
  want the dependency management of having to check each of these
  Dockerfiles periodically for the latest version numbers of packages
  and have to update them. So I've disabled this lint.

- [DL3003](https://github.com/hadolint/hadolint/wiki/DL3003) - use
  WORKDIR to `cd` - is disabled in this case due to [review
  comments](https://github.com/Homebrew/brew/pull/7433/files#r415098255).
---
 .github/workflows/tests.yml | 6 ++++++
 Dockerfile                  | 7 +++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 159082ef13..e7161d96f2 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -161,6 +161,12 @@ jobs:
         brew install vale
         vale docs/
 
+    - name: Lint Dockerfile
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        brew install hadolint
+        hadolint Dockerfile
+
     - name: Build Docker image
       if: matrix.os == 'ubuntu-latest'
       run: |
diff --git a/Dockerfile b/Dockerfile
index f9a156ee47..89c783bb47 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
 FROM ubuntu:xenial
 LABEL maintainer="Shaun Jackman <sjackman@gmail.com>"
 
+# hadolint ignore=DL3008
 RUN apt-get update \
 	&& apt-get install -y --no-install-recommends software-properties-common \
 	&& add-apt-repository -y ppa:git-core/ppa \
@@ -27,10 +28,12 @@ RUN apt-get update \
 RUN localedef -i en_US -f UTF-8 en_US.UTF-8 \
 	&& useradd -m -s /bin/bash linuxbrew \
 	&& echo 'linuxbrew ALL=(ALL) NOPASSWD:ALL' >>/etc/sudoers
-ADD . /home/linuxbrew/.linuxbrew/Homebrew
+COPY . /home/linuxbrew/.linuxbrew/Homebrew
 ARG FORCE_REBUILD
+
+# hadolint ignore=DL3003
 RUN cd /home/linuxbrew/.linuxbrew \
-	&& mkdir -p bin etc include lib opt sbin share var/homebrew/linked Cellar \
+  && mkdir -p bin etc include lib opt sbin share var/homebrew/linked Cellar \
 	&& ln -s ../Homebrew/bin/brew /home/linuxbrew/.linuxbrew/bin/ \
 	&& cd /home/linuxbrew/.linuxbrew/Homebrew \
 	&& git remote set-url origin https://github.com/Homebrew/brew