Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YETUS-1230. hadolint is not executable on arm64 #309

Closed
wants to merge 1 commit into from
Closed

YETUS-1230. hadolint is not executable on arm64 #309

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 13 additions & 5 deletions precommit/src/main/shell/test-patch-docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,14 +145,22 @@
####
# Install hadolint (dockerfile lint)
####
FROM yetusbase AS yetushadolint
FROM yetusbase as yetushadolint_arm64
ARG HADOLINT_VERSION=2.12.0
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN if [[ "$(uname -m)" == "x86_64" ]]; then curl -sSL \
https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-Linux-"$(uname -m)" \
RUN curl -sSl \
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use COPY/ADD --link in place of this embedded curl command? I think it caches better, but requires docker/dockerfile:1.4 or later. https://docs.docker.com/engine/reference/builder/#copy---link

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably worth experimenting with now.

There were a few evolutions. ADD + RUN would generate 2 layers instead of a single RUN layer. Those extra layers added up in the final image making it much bigger than necessary. When we only built images for x86, there were checksums for all of the files. With multi-arch + multi-stage builds, those two problems are mostly non-existent now.

Caching should be pretty good withe multi-stage builds so long as yetusbase doesn't change. If it does change, in some cases one really wants to rebuild that stage anyway. But that wouldn't have an impact on ADD anyway.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, why not just add an elif or whatever statement here rather do two downloads and have to figure out which hadolint should be in place later on in the Dockerfile?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docker's runtime prunes the execution graph such that the download only happens for the architecture target that is being built. If you're building a multi-articture image, both binaries are downloaded and both are used by independent copies of the subsequent step. That step is only defined once (keeping things DRY) and the downloaded binaries are both cached, which eases developer pain. I agree that it adds to layer accumulation.

https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-Linux-arm64 \
-o /bin/hadolint \
&& chmod a+rx /bin/hadolint; \
else touch /bin/hadolint; fi
&& chmod a+rx /bin/hadolint
FROM yetusbase as yetushadolint_amd64
ARG HADOLINT_VERSION=2.12.0
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN curl -sSl \
https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-Linux-x86_64 \
-o /bin/hadolint \
&& chmod a+rx /bin/hadolint
ARG TARGETARCH
FROM yetushadolint_$TARGETARCH AS yetushadolint

Check failure on line 163 in precommit/src/main/shell/test-patch-docker/Dockerfile

View workflow job for this annotation

GitHub Actions / build 

hadolint: DL3006 warning: Always tag the version of an image explicitly

####
# Install buf (protobuf lint)
Expand Down
Loading