.gitea/workflows/dev.yaml

@@ -6,22 +6,41 @@ on:
       - main
 
 jobs:
-  build:
-    runs-on: docker
+  dockerfile lint:
+    needs: build
+    runs-on: k3s
+    container:
+      image: gitea.sikorski.cloud/rogersik/hadolint:2
     steps:
       - uses: actions/checkout@v3
-      - name: docker login
-        run: docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD gitea.sikorski.cloud
-        env:
-          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-      - name: Pull Docker Image for caching
-        run: docker pull gitea.sikorski.cloud/rogersik/devops-helper:development || exit 0
-      - name: Build docker image
-        run: |
-          docker build . \
-            --cache-from gitea.sikorski.cloud/rogersik/devops-helper:development \
-            --file Dockerfile \
-            --tag gitea.sikorski.cloud/rogersik/devops-helper:development
-      - name: Push docker image
-        run: docker push gitea.sikorski.cloud/rogersik/devops-helper --all-tags
+      - run: hadolint Dockerfile
+
+  build:
+    needs: [dockerfile lint]
+    runs-on: k3s
+    steps:
+      - uses: actions/checkout@v3
+      # - name: docker login
+      #   run: docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD gitea.sikorski.cloud
+      #   env:
+      #     REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+      #     REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+      # - name: Pull Docker Image for caching
+      #   run: docker pull gitea.sikorski.cloud/rogersik/devops-helper:development || exit 0
+      # - name: Build docker image
+      #   run: |
+      #     docker build . \
+      #       --cache-from gitea.sikorski.cloud/rogersik/devops-helper:development \
+      #       --file Dockerfile \
+      #       --tag gitea.sikorski.cloud/rogersik/devops-helper:development
+      # - name: Push docker image
+      #   run: docker push gitea.sikorski.cloud/rogersik/devops-helper --all-tags
+
+      - name: Kaniko build
+        uses: aevea/action-kaniko@master
+        with:
+          registry: gitea.sikorski.cloud
+          image: rogersik/devops-helper
+          tag: development
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}

.gitea/workflows/main.yaml

@@ -7,7 +7,17 @@ on:
     - cron: "0 6 * * SUN"
 
 jobs:
+  dockerfile lint:
+    needs: build
+    runs-on: k3s
+    container:
+      image: gitea.sikorski.cloud/rogersik/hadolint:2
+    steps:
+      - uses: actions/checkout@v3
+      - run: hadolint Dockerfile
+
   build:
+    needs: [dockerfile lint]
     runs-on: docker
     steps:
       - uses: actions/checkout@v3

.hadolint.yaml

@@ -0,0 +1,4 @@
+ignored:
+  - DL3013 # https://github.com/hadolint/hadolint/wiki/DL3013 allow install latest package
+  - DL3018 # https://github.com/hadolint/hadolint/wiki/DL3018 no need to pin specific version
+  - DL3042 # https://github.com/hadolint/hadolint/wiki/DL3042 pip don't know this feature

Dockerfile

@@ -1,7 +1,7 @@
-# https://hub.docker.com/_/alpine
-FROM alpine:latest
+# https://endoflife.date/alpine
+FROM alpine:3.18
 
 RUN apk update && \
   apk add --no-cache nano mc micro rsync ncdu git curl
 
-ADD ./bin/ /usr/local/bin
+COPY --chmod=755 ./bin/ /usr/local/bin