Skip to content

Add workflow to lint Dockerfile and publish docker image on push #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Dakad merged 4 commits into from
Feb 2, 2026
Merged

Add workflow to lint Dockerfile and publish docker image on push #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
108d0aa
Add Hadolint configuration and linting workflow
Dakad Feb 9, 2025
9038bbf
Add GitHub Actions workflow for Docker image build and publish
Dakad Feb 9, 2025
aa8ebde
Update Dockerfile and Gemfile.lock for Ruby and Bundler versions
Dakad Feb 2, 2026
a9bf0a7
Merge remote-tracking branch 'origin/devex/update_to_the_latest' into…
Dakad Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions .github/workflows/build-and-publish-docker-image.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: Build and publish docker image
on:
workflow_dispatch:
push:
branches:
- main
- use_head_commit
tags:
# any tag names starting with 'v'
- 'v*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
# Gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate
id-token: write
# Permission necessary to persist the attestation
attestations: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set-up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64
- name: Log in to the Github Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
15 changes: 15 additions & 0 deletions .github/workflows/hadolint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Hadolint - Dockerfile linting
on:
workflow_dispatch:
pull_request:
types: [opened, synchronize]
paths:
- "Dockerfile"
jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@v3.1.0
with:
verbose: true
14 changes: 14 additions & 0 deletions .hadolint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# list of rules: https://github.com/hadolint/hadolint/wiki
ignored:
- DL3008 # Pin versions in apt-get install - https://github.com/hadolint/hadolint/wiki/DL3008
# - DL3018 # Pin versions in apk add - https://github.com/hadolint/hadolint/wiki/DL3018
# - DL3028 # Pin version in gem install - https://github.com/hadolint/hadolint/wiki/DL3028

trustedRegistries:
- docker.io
- "*.gcr.io"
- "*.ecr.eu-west-1.amazonaws.com"

override:
warning:
- DL3028 # Pin version in gem install - https://github.com/hadolint/hadolint/wiki/DL3028
2 changes: 1 addition & 1 deletion .ruby-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.4.7
3.4.8
26 changes: 20 additions & 6 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,25 @@
FROM ruby:3.4.7

LABEL maintainer="Devex <info@apptweak.com>"
ARG RUBY_VERSION=3.4
FROM ruby:${RUBY_VERSION}

ARG BUNDLER_VERSION="2.6.7"
ARG NODE_VERSION=14
ARG BUILD_DATE=
ARG CVS_REF=

LABEL maintainer="DevEx Team <squad_devex@apptweak.com>"
LABEL org.opencontainers.image.source https://github.com/apptweak/pronto-ruby
LABEL org.opencontainers.image.title="AppTweak Pronto Ruby Runner"
LABEL org.opencontainers.image.description="GitHub Action for running Pronto code review automation for Ruby projects"
LABEL org.opencontainers.image.source="https://github.com/apptweak/pronto-ruby"

ARG BUNDLER_VERSION="2.7.2"
LABEL org.opencontainers.image.url="https://github.com/apptweak/pronto-ruby"
LABEL org.opencontainers.image.vendor="AppTweak"
LABEL org.opencontainers.image.version=${CVS_REF}
LABEL org.opencontainers.image.created=${BUILD_DATE}

RUN apt-get update && apt-get install -y curl

Check failure on line 19 in Dockerfile

View workflow job for this annotation

GitHub Actions / hadolint 

DL3015 info: Avoid additional packages by specifying `--no-install-recommends`

Check failure on line 19 in Dockerfile

View workflow job for this annotation

GitHub Actions / hadolint 

DL3009 info: Delete the apt-get lists after installing something

RUN apt-get update && \
apt-get install --no-install-recommends -y \
ruby-dev \
build-essential \
cmake \
git \
Expand All @@ -20,6 +30,10 @@
libz-dev \
&& rm -rf /var/lib/apt/lists/*

# Make sure to use bash with pipefail in case something
# fails while being piped to another command in the docker-build
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN gem install bundler --version "${BUNDLER_VERSION}"

WORKDIR /runner
Expand Down