-
-
Notifications
You must be signed in to change notification settings - Fork 249
/
Copy pathDockerfile
548 lines (512 loc) · 25.2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
# syntax=docker/dockerfile:1
# MEGALINTER FLAVOR [swift]: Optimized for SWIFT based projects
###########################################
###########################################
## Dockerfile to run MegaLinter ##
###########################################
###########################################
# @not-generated
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#ARGTOP__START
# renovate: datasource=docker depName=rhysd/actionlint
ARG ACTION_ACTIONLINT_VERSION=1.7.7
# renovate: datasource=docker depName=koalaman/shellcheck
ARG BASH_SHELLCHECK_VERSION=v0.10.0
# renovate: datasource=docker depName=rhysd/actionlint
ARG BASH_SHFMT_VERSION=v3.10.0-alpine
# renovate: datasource=docker depName=hadolint/hadolint
ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
# renovate: datasource=docker depName=mstruebing/editorconfig-checker
ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.2.0
# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.7-alpine
# renovate: datasource=docker depName=yoheimuta/protolint
ARG PROTOBUF_PROTOLINT_VERSION=0.53.0
# renovate: datasource=docker depName=zricethezav/gitleaks
ARG REPOSITORY_GITLEAKS_VERSION=v8.24.0
# renovate: datasource=docker depName=trufflesecurity/trufflehog
ARG REPOSITORY_TRUFFLEHOG_VERSION=3.88.14
# renovate: datasource=docker depName=jdkato/vale
ARG SPELL_VALE_VERSION=v3.9.4
# renovate: datasource=docker depName=lycheeverse/lychee
ARG SPELL_LYCHEE_VERSION=sha-7c4b132-alpine
#ARGTOP__END
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#FROM__START
FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} AS actionlint
# shellcheck is a dependency for actionlint
FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} AS shellcheck
# Next FROM line commented because already managed by another linter
# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} AS shellcheck
FROM mvdan/shfmt:${BASH_SHFMT_VERSION} AS shfmt
FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} AS hadolint
FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} AS editorconfig-checker
FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} AS kubeconform
FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} AS protolint
FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} AS gitleaks
FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} AS trufflehog
FROM jdkato/vale:${SPELL_VALE_VERSION} AS vale
FROM lycheeverse/lychee:${SPELL_LYCHEE_VERSION} AS lychee
#FROM__END
##################
# Build wheel for megalinter python package
##################
FROM ghcr.io/astral-sh/uv:0.6.5 AS uv
FROM python:3.12.8-alpine3.21 AS build-ml-core
WORKDIR /
COPY --from=uv /uv /uvx /bin/
# Install dependencies
RUN --mount=type=cache,target=/root/.cache/uv \
--mount=type=bind,source=uv.lock,target=uv.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
uv sync --frozen --no-install-project
# Copy the project into the image
COPY . .
# Sync the project
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen
##################
# Get base image #
##################
FROM python:3.12.8-alpine3.21
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#ARG__START
# renovate: datasource=crate depName=sarif-fmt
ARG CARGO_SARIF_FMT_VERSION=0.7.0
# renovate: datasource=pypi depName=ansible-lint
ARG PIP_ANSIBLE_LINT_VERSION=25.1.3
# renovate: datasource=npm depName=@stoplight/spectral-cli
ARG NPM_SPECTRAL_CLI_VERSION=6.14.2
# renovate: datasource=crate depName=shellcheck-sarif
ARG CARGO_SHELLCHECK_SARIF_VERSION=0.7.0
# renovate: datasource=npm depName=jscpd
ARG NPM_JSCPD_VERSION=4.0.5
# renovate: datasource=npm depName=stylelint
ARG NPM_STYLELINT_VERSION=16.15.0
# renovate: datasource=npm depName=stylelint-config-standard
ARG NPM_STYLELINT_CONFIG_STANDARD_VERSION=37.0.0
# renovate: datasource=npm depName=stylelint-config-sass-guidelines
ARG NPM_STYLELINT_CONFIG_SASS_GUIDELINES_VERSION=12.1.0
# renovate: datasource=npm depName=stylelint-scss
ARG NPM_STYLELINT_SCSS_VERSION=6.11.1
# renovate: datasource=pypi depName=cpplint
ARG PIP_CPPLINT_VERSION=2.0.0
# renovate: datasource=npm depName=graphql
ARG NPM_GRAPHQL_VERSION=16.10.0
# renovate: datasource=npm depName=graphql-schema-linter
ARG NPM_GRAPHQL_SCHEMA_LINTER_VERSION=3.0.1
# renovate: datasource=npm depName=npm-groovy-lint
ARG NPM_GROOVY_LINT_VERSION=15.1.0
# renovate: datasource=pypi depName=djlint
ARG PIP_DJLINT_VERSION=1.36.4
# renovate: datasource=npm depName=htmlhint
ARG NPM_HTMLHINT_VERSION=1.1.4
# renovate: datasource=npm depName=@prantlf/jsonlint
ARG NPM_PRANTLF_JSONLINT_VERSION=16.0.0
# renovate: datasource=npm depName=v8r
ARG NPM_V8R_VERSION=4.2.1
# renovate: datasource=npm depName=prettier
ARG NPM_PRETTIER_VERSION=3.5.3
# renovate: datasource=github-tags depName=pinterest/ktlint
ARG KTLINT_VERSION=1.5.0
# renovate: datasource=github-tags depName=detekt/detekt
ARG DETEKT_VERSION=1.23.8
# renovate: datasource=github-tags depName=kubescape/kubescape
ARG KUBERNETES_KUBESCAPE_VERSION=3.0.30
# renovate: datasource=npm depName=markdownlint-cli
ARG NPM_MARKDOWNLINT_CLI_VERSION=0.44.0
# renovate: datasource=npm depName=markdown-link-check
ARG NPM_MARKDOWN_LINK_CHECK_VERSION=3.13.7
# renovate: datasource=npm depName=markdown-table-formatter
ARG NPM_MARKDOWN_TABLE_FORMATTER_VERSION=1.6.1
# renovate: datasource=pypi depName=checkov
ARG PIP_CHECKOV_VERSION=3.2.381
# renovate: datasource=github-tags depName=anchore/grype
ARG REPOSITORY_GRYPE_VERSION=0.87.0
# renovate: datasource=npm depName=@ls-lint/ls-lint
ARG NPM_LS_LINT_LS_LINT_VERSION=2.2.3
# renovate: datasource=npm depName=secretlint
ARG NPM_SECRETLINT_VERSION=9.2.0
# renovate: datasource=npm depName=@secretlint/secretlint-rule-preset-recommend
ARG NPM_SECRETLINT_SECRETLINT_RULE_PRESET_RECOMMEND_VERSION=9.2.0
# renovate: datasource=npm depName=@secretlint/secretlint-formatter-sarif
ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=9.2.0
# renovate: datasource=pypi depName=semgrep
ARG PIP_SEMGREP_VERSION=1.110.0
# renovate: datasource=github-tags depName=aquasecurity/trivy
ARG REPOSITORY_TRIVY_VERSION=0.59.1
# renovate: datasource=github-tags depName=aquasecurity/trivy
ARG REPOSITORY_TRIVY_SBOM_VERSION=0.59.1
# renovate: datasource=pypi depName=snakefmt
ARG PIP_SNAKEFMT_VERSION=0.10.2
# renovate: datasource=npm depName=cspell
ARG NPM_CSPELL_VERSION=8.17.5
# renovate: datasource=pypi depName=proselint
ARG PIP_PROSELINT_VERSION=0.14.0
# renovate: datasource=pypi depName=sqlfluff
ARG PIP_SQLFLUFF_VERSION=3.3.1
# renovate: datasource=npm depName=@ibm/tekton-lint
ARG NPM_IBM_TEKTON_LINT_VERSION=1.1.0
# renovate: datasource=pypi depName=yamllint
ARG PIP_YAMLLINT_VERSION=1.35.1
# renovate: datasource=pypi depName=pip
ARG PIP_PIP_VERSION=25.0.1
# renovate: datasource=pypi depName=virtualenv
ARG PIP_VIRTUALENV_VERSION=20.29.2
# renovate: datasource=github-tags depName=rust-lang/rust
ARG RUST_RUST_VERSION=1.85.0
ARG ACTION_ACTIONLINT_VERSION
ARG BASH_SHELLCHECK_VERSION
ARG BASH_SHFMT_VERSION
ARG DOCKERFILE_HADOLINT_VERSION
ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION
ARG KUBERNETES_KUBECONFORM_VERSION
ARG PROTOBUF_PROTOLINT_VERSION
ARG REPOSITORY_GITLEAKS_VERSION
ARG REPOSITORY_TRUFFLEHOG_VERSION
ARG SPELL_VALE_VERSION
ARG SPELL_LYCHEE_VERSION
#ARG__END
####################
# Run APK installs #
####################
WORKDIR /
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#APK__START
RUN apk add --no-cache \
bash \
ca-certificates \
curl \
gcc \
git \
git-lfs \
libffi-dev \
make \
musl-dev \
openssh \
docker \
openrc \
openjdk21 \
py3-pyflakes \
openjdk17 \
helm \
gcompat \
libstdc++ \
libxml2-dev \
libxml2-utils \
libgcc \
npm \
nodejs-current \
yarn \
&& git config --global core.autocrlf true
#APK__END
# PATH for golang & python
ENV GOROOT=/usr/lib/go \
GOPATH=/go
# PYTHONPYCACHEPREFIX="$HOME/.cache/cpython/" NV: not working for all packages :/
# hadolint ignore=DL3044
ENV PATH="$PATH":"$GOROOT"/bin:"$GOPATH"/bin
RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \
# Ignore npm package issues
yarn config set ignore-engines true || true
##############################
# Installs rust dependencies #
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#CARGO__START
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain ${RUST_RUST_VERSION} \
&& export PATH="/root/.cargo/bin:${PATH}" \
&& cargo install --force --locked sarif-fmt@${CARGO_SARIF_FMT_VERSION} shellcheck-sarif@${CARGO_SHELLCHECK_SARIF_VERSION} \
&& rm -rf /root/.cargo/registry /root/.cargo/git /root/.cache/sccache /root/.rustup
ENV PATH="/root/.cargo/bin:${PATH}"
#CARGO__END
################################
# Installs python dependencies #
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#PIPVENV__START
RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir pip==${PIP_PIP_VERSION} virtualenv==${PIP_VIRTUALENV_VERSION} \
&& mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir ansible-lint==${PIP_ANSIBLE_LINT_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/stylelint" && cd "/venvs/stylelint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cpplint==${PIP_CPPLINT_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/djlint" && cd "/venvs/djlint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir djlint==${PIP_DJLINT_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/checkov" && cd "/venvs/checkov" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir checkov==${PIP_CHECKOV_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/semgrep" && cd "/venvs/semgrep" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir semgrep==${PIP_SEMGREP_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/snakefmt" && cd "/venvs/snakefmt" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir snakefmt==${PIP_SNAKEFMT_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/proselint" && cd "/venvs/proselint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir proselint==${PIP_PROSELINT_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/sqlfluff" && cd "/venvs/sqlfluff" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir sqlfluff==${PIP_SQLFLUFF_VERSION} && deactivate && cd ./../.. \
&& mkdir -p "/venvs/yamllint" && cd "/venvs/yamllint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir yamllint==${PIP_YAMLLINT_VERSION} && deactivate && cd ./../.. \
&& find /venvs \( -type f \( -iname \*.pyc -o -iname \*.pyo \) -o -type d -iname __pycache__ \) -delete \
&& rm -rf /root/.cache
ENV PATH="${PATH}":/venvs/ansible-lint/bin:/venvs/stylelint/bin:/venvs/djlint/bin:/venvs/checkov/bin:/venvs/semgrep/bin:/venvs/snakefmt/bin:/venvs/proselint/bin:/venvs/sqlfluff/bin:/venvs/yamllint/bin
#PIPVENV__END
############################
# Install NPM dependencies #
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
ENV NODE_OPTIONS="--max-old-space-size=8192" \
NODE_ENV=production
#NPM__START
WORKDIR /node-deps
RUN npm --no-cache install --ignore-scripts --omit=dev \
@stoplight/spectral-cli@${NPM_SPECTRAL_CLI_VERSION} \
jscpd@${NPM_JSCPD_VERSION} \
stylelint@${NPM_STYLELINT_VERSION} \
stylelint-config-standard@${NPM_STYLELINT_CONFIG_STANDARD_VERSION} \
stylelint-config-sass-guidelines@${NPM_STYLELINT_CONFIG_SASS_GUIDELINES_VERSION} \
stylelint-scss@${NPM_STYLELINT_SCSS_VERSION} \
graphql@${NPM_GRAPHQL_VERSION} \
graphql-schema-linter@${NPM_GRAPHQL_SCHEMA_LINTER_VERSION} \
npm-groovy-lint@${NPM_GROOVY_LINT_VERSION} \
htmlhint@${NPM_HTMLHINT_VERSION} \
@prantlf/jsonlint@${NPM_PRANTLF_JSONLINT_VERSION} \
v8r@${NPM_V8R_VERSION} \
prettier@${NPM_PRETTIER_VERSION} \
markdownlint-cli@${NPM_MARKDOWNLINT_CLI_VERSION} \
markdown-link-check@${NPM_MARKDOWN_LINK_CHECK_VERSION} \
markdown-table-formatter@${NPM_MARKDOWN_TABLE_FORMATTER_VERSION} \
@ls-lint/ls-lint@${NPM_LS_LINT_LS_LINT_VERSION} \
secretlint@${NPM_SECRETLINT_VERSION} \
@secretlint/secretlint-rule-preset-recommend@${NPM_SECRETLINT_SECRETLINT_RULE_PRESET_RECOMMEND_VERSION} \
@secretlint/secretlint-formatter-sarif@${NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION} \
cspell@${NPM_CSPELL_VERSION} \
@ibm/tekton-lint@${NPM_IBM_TEKTON_LINT_VERSION} && \
echo "Cleaning npm cache…" \
&& (npm cache clean --force || true) \
&& echo "Changing owner of node_modules files…" \
&& chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
&& echo "Removing extra node_module files…" \
&& find . \( -not -path "/proc" \) -and \( -type f \( -iname "*.d.ts" -o -iname "*.map" -o -iname "*.npmignore" -o -iname "*.travis.yml" -o -iname "CHANGELOG.md" -o -iname "README.md" -o -iname ".package-lock.json" -o -iname "package-lock.json" \) -o -type d -name /root/.npm/_cacache \) -delete
WORKDIR /
#NPM__END
# Add node packages to path #
ENV PATH="/node-deps/node_modules/.bin:${PATH}" \
NODE_PATH="/node-deps/node_modules"
##############################
# Installs ruby dependencies #
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#GEM__START
#GEM__END
##############################
# COPY instructions #
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#COPY__START
COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
# shellcheck is a dependency for actionlint
COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
# Next COPY line commented because already managed by another linter
# COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
COPY --link --from=shfmt /bin/shfmt /usr/bin/
COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint
COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker
COPY --link --from=kubeconform /kubeconform /usr/bin/
COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/
COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/
COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
COPY --link --from=vale /bin/vale /bin/vale
COPY --link --from=lychee /usr/local/bin/lychee /usr/bin/
#COPY__END
#############################################################################################
## @generated by .automation/build.py using descriptor files, please do not update manually ##
#############################################################################################
#OTHER__START
RUN rc-update add docker boot && (rc-service docker start || true)
# KOTLIN installation
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
#
# actionlint installation
# Managed with COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
# # shellcheck is a dependency for actionlint
# Managed with COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
#
# ansible-lint installation
#
# spectral installation
#
# bash-exec installation
RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: File:[$1] is not executable"; exit 1; fi' > /usr/bin/bash-exec \
&& chmod +x /usr/bin/bash-exec \
#
# shellcheck installation
# Managed with # Next COPY line commented because already managed by another linter
# # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck
#
# shfmt installation
# Managed with COPY --link --from=shfmt /bin/shfmt /usr/bin/
#
# jscpd installation
#
# stylelint installation
#
# hadolint installation
# Managed with COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint
#
# editorconfig-checker installation
# Managed with COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker
#
# dotenv-linter installation
&& wget -q -O - https://raw.githubusercontent.com/dotenv-linter/dotenv-linter/master/install.sh | sh -s
#
# graphql-schema-linter installation
#
# npm-groovy-lint installation
ENV JAVA_HOME_17=/usr/lib/jvm/java-17-openjdk
#
# djlint installation
#
# htmlhint installation
#
# jsonlint installation
#
# v8r installation
#
# prettier installation
#
# ktlint installation
RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/releases/download/${KTLINT_VERSION}/ktlint && \
chmod a+x ktlint && \
mv "ktlint" /usr/bin/ \
#
# detekt installation
&& curl --retry 5 --retry-delay 5 -sSLO https://github.com/detekt/detekt/releases/download/v${DETEKT_VERSION}/detekt-cli-${DETEKT_VERSION}.zip && \
unzip detekt-cli-${DETEKT_VERSION}.zip && \
chmod a+x detekt-cli-${DETEKT_VERSION}/bin/* && \
chmod a+x detekt-cli-${DETEKT_VERSION}/lib/* && \
mv -n detekt-cli-${DETEKT_VERSION}/bin/* usr/bin && \
mv -n detekt-cli-${DETEKT_VERSION}/lib/* usr/lib \
#
# kubeconform installation
# Managed with COPY --link --from=kubeconform /kubeconform /usr/bin/
#
# kubescape installation
&& ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \
curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v "v${KUBERNETES_KUBESCAPE_VERSION}" \
#
# markdownlint installation
#
# markdown-link-check installation
#
# markdown-table-formatter installation
#
# protolint installation
# Managed with COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/
#
# checkov installation
#
# gitleaks installation
# Managed with COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/
#
# grype installation
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/refs/tags/v${REPOSITORY_GRYPE_VERSION}/install.sh | sh -s -- -b /usr/local/bin \
#
# ls-lint installation
#
# secretlint installation
#
# semgrep installation
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \
&& (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \
#
# trivy-sbom installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \
&& (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress)
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
#
# snakefmt installation
#
# cspell installation
#
# proselint installation
#
# vale installation
# Managed with COPY --link --from=vale /bin/vale /bin/vale
#
# lychee installation
# Managed with COPY --link --from=lychee /usr/local/bin/lychee /usr/bin/
#
# sqlfluff installation
#
# swiftlint installation
# renovate: datasource=docker depName=ghcr.io/realm/swiftlint
ENV SWIFT_SWIFTLINT_VERSION=0.58.2
#
# tekton-lint installation
#
# prettier installation
#
# yamllint installation
#
# v8r installation
#
#OTHER__END
################################
# Installs python dependencies #
################################
COPY --from=build-ml-core pyproject.toml README.md ./
COPY --from=build-ml-core megalinter /megalinter/
RUN --mount=type=cache,target=/root/.cache/uv,from=build-ml-core \
--mount=from=uv,source=/uv,target=/bin/uv \
uv pip install --system -e .
#######################################
# Copy scripts and rules to container #
#######################################
COPY megalinter/descriptors /megalinter-descriptors
COPY TEMPLATES /action/lib/.automation
# Copy server scripts
COPY server /server
###########################
# Get the build arguments #
###########################
ARG BUILD_DATE
ARG BUILD_REVISION
ARG BUILD_VERSION
#################################################
# Set ENV values used for debugging the version #
#################################################
ENV BUILD_DATE=$BUILD_DATE \
BUILD_REVISION=$BUILD_REVISION \
BUILD_VERSION=$BUILD_VERSION
#FLAVOR__START
ENV MEGALINTER_FLAVOR=swift
#FLAVOR__END
#########################################
# Label the instance and set maintainer #
#########################################
LABEL com.github.actions.name="MegaLinter" \
com.github.actions.description="The ultimate linters aggregator to make sure your projects are clean" \
com.github.actions.icon="code" \
com.github.actions.color="red" \
maintainer="Nicolas Vuillamy <[email protected]>" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.revision=$BUILD_REVISION \
org.opencontainers.image.version=$BUILD_VERSION \
org.opencontainers.image.authors="Nicolas Vuillamy <[email protected]>" \
org.opencontainers.image.url="https://megalinter.io" \
org.opencontainers.image.source="https://github.com/oxsecurity/megalinter" \
org.opencontainers.image.documentation="https://megalinter.io" \
org.opencontainers.image.vendor="Nicolas Vuillamy" \
org.opencontainers.image.description="Lint your code base with GitHub Actions"
#EXTRA_DOCKERFILE_LINES__START
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x entrypoint.sh
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
#EXTRA_DOCKERFILE_LINES__END