Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Solutions Architecture / 7 Sep 2023
GitLab / Solutions Architecture / 7 Sep 2023
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab linter integration with Hadolint - Enforcing best practices for writing a Dockerfile

Description

For feedback please tag me in an issue opened in the project below @alex-dess (GitLab User)

Links:
Hadolint GitLab: https://gitlab.com/pipeline-components/hadolint

Artifact Reports: https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscodequality

Best Practices from Docker: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

Hadolint: https://github.com/hadolint/hadolint

A

Hey there and Welcome to our quick video on how to do a custom scanner, integration to gitlab, to enforce um best practices for container scanning leveraging a popular linter for Docker files. So my name is um Alex Das.

A

um If you have feedback to the video, you can tag me an issue Alex minus test, um Dess on gitlab and I'm, going to link the um repositories we're maintaining in regards of that in the description. So it is a important thing to focus on best practices when writing Docker files right. So you shouldn't use the root user, for example, and you shouldn't use any deprecated things um like, for example, declaring a maintainer for the docker file, which is per se deprecated right now, uh so I, just like linked the best practices for writing.

A

Docker Falls, some of them in here from Docker, docs directly and I, want to make sure that this is being highlighted to my developers and me when I'm making a mistake here so I choose to integrate um a hardware lint for that purpose and, as you can see so, there's a Docker image available for that. So this will be very easy for us to integrate. That to our pipeline I don't want to only integrate that to the pipeline and then download an artifact where I need to go through and see.

A

Okay, there is probably an issue. I want to display that directly into my merge request in gitlab, so I can benefit from the immediate feedback from the scan. It is visible. The merge request stays my single pane of glass where I see not only all my security vulnerabilities, but also the results from a code quality scanning and for me the The Lending topic goes into the direction of co-quality and that's why we are leveraging the code quality report and the code quality widget in order to display our results.

A

How can we do that? So, as you see, there is a set of artifacts and reports which you can leverage to integrate with the different witches or different reporting functions into gitlab. So I will use the artifact report co-quality in order to do that.

A

For my linter integration, let's go to our gitlab ci.yaml file according to gitlab flow best practices which I'm following in this demo project I open an issue saying: okay, I want to add linking to Docker files in the future and then I created a merge request out of that which opened the feature branch in here, and you see the changes which I made to the branch in terms of like just like quick doing that.

A

I just show you the things I already added here, and you see that I added something to the test stage, which is present into my currency, I, Pipeline and I added Docker lint job here, which leverages the image which I presented to you before, and it creates a Json file, as you can see here, which is then uploaded to our code quality report in here.

A

That's all I need to do in order to leverage the functionality here, um but I need to add something that we get something reported and what I did is I just added like a deprecated thing, which I explained before so I declared me as maintainer of that Docker file. So that should be found by our our linter and that should be reported to us.

A

So let's go to the overview here and as you can see um so my code quality widget directly in the merge request here- tells me: okay, there is a new finding in here. So let's open that up and I see that okay, so you see that my linter found the issue saying like maintainer is deprecated displaying where this is the case. um If I go there, so I can directly now go in in my IDE, the web, IDE or vs code fix that and push the new changes.

A

So then Melinda will run again and on the merge will merge. Request will be green and I will go forward, merging that thanks for watching.