🐳 (dockerfile) follow hadolint's best practice

[david30907d]

Types of changes

• Refactoring

Description

1. use hadolint to lint dockerfiles
2. setup github Action as CI/CD pipeline

Try to make your PR easy to review

ref: How to Split Pull Requests – Good Practices, Methods and Git Strategies

• annotate Pull Requests: Is there a specific order in which to review
• Separate refactoring from features
• The feature didn't require too many code changes

Checklist:

• Update the documentation if necessary

Steps to Test This Pull Request

1. build new images
2. run these services (I'm still new in this community so have no idea how to test these images to be honest 😅 )

Expected behavior

services should remain the same except there's no python's cache-dir

[david30907d]

main logic as follow:

1. run hadolint on all dockerfiles
2. run docker build to make sure no one screw up (there's too many dockerfiles so I only setup 1 docker build in this CI pipeline)

[zero88]

I think the lint tool is good. This is the first time I know hadolint 👍
It helps create a good standard docker file in the CI step. If you can show the error output when the lint is failed in GitHub action, it would be nice. And I wonder if the lint can run in multiple files in parallel without fail-fast and report in the last step to save time. Current lint steps if fail, it will be one by one then it will be annoying when fix one file, commit & push, then wait then fail again.

However, I think it is good practice if, in the local dev environment, we can integrate some plugins into IDE (vscode or intellij or pre-commit hook) to make linter more verbose to the developer

[david30907d]

yea I've integrated hadolint into pre-commit hook on my local. but I'm using npm's pre-commit 😅
not sure wether it's ok to commit this npm's package.json to this repo lol

[david30907d]

Hi @zero88 sorry for the late reply, yea make sense about making it output the error and running in parallel!

1. output: current settings would output the error msg example
2. parallel: let me separate them into multiple CI yaml so that they can run in parallel~

[david30907d]

I use this pre-commit hook with hadolint, but as you can see there's many security issues 😅
need some time to upgrade these packages, or I can create a PR directly since hook are just used on local so no worry about security issue (?)

[david30907d]

only validate no one screw up neo4j in CI pipeline

[david30907d]

your call to decide wether/which CR to push

[mattigrthr]

What's the impact/purpose of this? Does it specify which "version of Kuwala" it belongs to?

[david30907d]

yes it specify the version of this Kuwala image with sha256 digest of commit 😄
The point of using this tag is for the sake of rollback, you can rollback your docker image to whatever commit you want by specify the specific commit hash

[david30907d]

these are all minor stuff that linter (hadolint) complained about:

1. should always specify a version

[david30907d]

2. use absolute path or specify a WORKDIR

[zero88]

I think you should separate build_and_deploy into 2 jobs: lint and build. That makes the workflow is cleaner and easy to spot out any problem in each job.

jobs:
  lint:
      // any docker lint step with `hadolint`
  build:
     // do build and cache
     // it should run if lint is successful
     // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idif

[david30907d]

oh yea good point~ on it!

[zero88]

Should Build Docker Image

[david30907d]

yea haha my poor english

[zero88]

I think the lint tool is good. This is the first time I know hadolint 👍
It helps create a good standard docker file in the CI step. If you can show the error output when the lint is failed in GitHub action, it would be nice. And I wonder if the lint can run in multiple files in parallel without fail-fast and report in the last step to save time. Current lint steps if fail, it will be one by one then it will be annoying when fix one file, commit & push, then wait then fail again.

However, I think it is good practice if, in the local dev environment, we can integrate some plugins into IDE (vscode or intellij or pre-commit hook) to make linter more verbose to the developer

[zero88]

I used this trick for caching in the local registry.
https://github.com/zero88/gh-registry/blob/main/README.md#usage

[david30907d]

good to know this tricks, thx~ 🎉

[david30907d]

oh, seems to me that they've fixed this issue (PR)
I'll give this trick a shot next time (I need to change my cache ref, other would get this error 😅 )

[david30907d]

@zero88 need to have your eye on it~

[mattigrthr]

I have tested everything, and it's all still working. 👍🏽

I want to request a small change to keep the .yml file naming of the workflows consistent. Most of it is snake case, and only Neo4j.yml and Neo4j_importer.yml are not, and I feel we should write them in snake case as well.

There is one particularity to a pipeline. We are using a git submodule for OSM to process the pbf files to parquet files. We created a fork from another repo for that: https://github.com/kuwala-io/osm-parquetizer
That repo contains a Docker file which is also referenced in our docker-compose.yml. Should we add the build of that image to the GitHub actions as well, or should this be done in the submodule repo? If we do it here, I guess we need to clone the repo in the workflow of this repo. What do you think?

[david30907d]

1. @mattigrthr yea snake case makes sense to me, on it~
2. seems to me that setup CI workflow in osm-parquetizer makes more sense, that me create a PR for that repo~

Update

about osm-parquetizer, here's the PR 🙏

[mattigrthr]

Awesome! This PR really adds some value! Well done @david30907d ! 🙌🏽