Docker lint #12426
Docker lint #12426
Conversation
|
Perhaps we should hold off on this until the other PRs have been merged? This can be #4 in the PR breakdown... :) |
|
Actually, I think we could sneak this in as PR 2, as it is rather small, and doesn't have any dependencies to the other code besides the If you agree, I'll prepare this one once the first PR is merged. |
|
Sure, sounds OK to me! |
Example lint results:
$ ./pants lint docker:helloworld
18:54:08.20 [INFO] Completed: lint - hadolint succeeded.
✓ hadolint succeeded.
$ ./pants lint docker:helloworld
18:48:00.57 [WARN] Completed: lint - hadolint failed (exit code 1).
docker/Dockerfile:2 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
docker/Dockerfile:2 DL3009 info: Delete the apt-get lists after installing something
docker/Dockerfile:2 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
𐄂 hadolint failed.
[ci skip-rust]
[ci skip-build-wheels]
|
@benjyw OK, this is ready for review now. |
There was a problem hiding this comment.
Super neat! A couple things to still do, please:
- Move into a dedicated
backend/docker/lint/hadolint/folder with its ownregister.py(don't forget to add to thatinit/BUILD). This is really important to v2 that linters are always opt-in, as many people may not want to use it. - You need to register the
SkipHadolintFieldvia aPluginField:
pants/src/python/pants/backend/shell/lint/shfmt/skip_field.py
Lines 14 to 18 in 3845df1
- The ExternalTool should get a
--skipoption. In your@rule, return `LintResults([], linter_name="hadolint") if skip is set. - The subsystem should get an
--argsoption w/type=shell_str. Mix it into theargv. - It'd be great to support config files. Looks like they both do autodiscovery and allow custom locations with
--config. Please use theConfigFilesfunctionality for this and add the options--configand--config-discovery. Seeflake8/subsystem.pyandflake8/rules.pyfor an example. (You do not need to have two separate rules and all that partition stuff) - This needs some tests. You can mostly copy pasta
{shellcheck,shfmt}/rules_integration_test.py, although also test the--configoption like done inflake8/rules_integration_test.pyfor example.
Generally, adding a linter can mostly be copy pasta from the other linters. I encourage you to look at how the others like shellcheck and shfmt are implemented.
# Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
# Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
src/python/pants/backend/docker/lint/hadolint/rules_integration_test.py
Outdated
Show resolved
Hide resolved
# Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
src/python/pants/backend/docker/lint/hadolint/rules_integration_test.py
Outdated
Show resolved
Hide resolved
# Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
# Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
| ), | ||
| ), | ||
| ) | ||
| config_files = await Get(ConfigFiles, ConfigFilesRequest, hadolint.config_request()) |
There was a problem hiding this comment.
Ah, sorry, one small perf thing: this can now go into the MultiGet right above.
| results = [LintResult.from_fallible_process_result(process_result)] | ||
| return LintResults(results, linter_name="hadolint") |
There was a problem hiding this comment.
(Subjective style nit that you can feel free to disagree on): might be simpler to inline this, imo the var doesn't add much and adds yet another name to the namespace
| @@ -0,0 +1,92 @@ | |||
| # Copyright 2021 Pants project contributors (see CONTRIBUTORS.md). | |||
There was a problem hiding this comment.
Oh didn't realize Docker is still under an experimental backend. This linter should be aligned with the normal Docker backend.
@benjyw do you think it should be experimental still? Now that we have Hadolint, Docker support is a Real Thing, more than just ./pants tailor. For example, our Shell support is only linters + a test runner.
There was a problem hiding this comment.
Let's worry about that later. We still have to add the core functionality.
There was a problem hiding this comment.
Okay. @kaos can you please rename this folder to be experimental then? Note that this backend doesn't work without first activating the core Docker backend.
There was a problem hiding this comment.
Looking at terraform, only the register file is under experimental.. same here?
There was a problem hiding this comment.
Yeah that's fine, given how stable we expect this code itself to be. Thanks!
# Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
Signed-off-by: Andreas Stenius <[email protected]> # Rust tests and lints will be skipped. Delete if not intended. [ci skip-rust] # Building wheels and fs_util will be skipped. Delete if not intended. [ci skip-build-wheels]
Continuing docker support, with linting of
Dockerfiles, using hadolint.This will be useful in and of itself, to have a way of linting a projects
Dockerfiles, even before having full support for building Docker images with Pants.Example use:
We need the
docker_imagein theBUILDfile in order to connect theDockerfilewith the hadolint tool, which operates on the sources ofdocker_imagetargets.To configure hadolint, either provide a
.hadolint.yamlfile in your project root, or point at your preferred config file to use with the[hadolint].configoption. (Which becomes--hadolint-config=path/to/config.yamlon the command line.)