From 99aca3ae3e9f040594ad6176563920ef9b756dc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= <kevin@dunglas.fr>
Date: Fri, 1 Dec 2023 14:37:37 +0100
Subject: [PATCH] ci: add Super-Linter

---
 .github/workflows/lint.yml | 33 +++++++++++++++++++++++++++++++++
 .hadolint.yaml             |  5 +++++
 Dockerfile                 | 16 +++++++++-------
 alpine.Dockerfile          | 16 ++++++++++------
 build-static.sh            |  2 +-
 dev-alpine.Dockerfile      | 15 ++++++++-------
 dev.Dockerfile             | 16 +++++++++-------
 static-builder.Dockerfile  | 10 +++++-----
 8 files changed, 80 insertions(+), 33 deletions(-)
 create mode 100644 .github/workflows/lint.yml
 create mode 100644 .hadolint.yaml

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 000000000..e2cf568ca
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,33 @@
+name: Lint Code Base
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Lint Code Base
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+
+    steps:
+      -
+        name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      -
+        name: Lint Code Base
+        uses: super-linter/super-linter@v5
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LINTER_RULES_PATH: /
diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 000000000..bdba91c5a
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,5 @@
+ignored:
+  - DL3006
+  - DL3008
+  - DL3018
+  - DL3022
diff --git a/Dockerfile b/Dockerfile
index 67ecfec65..c931df72b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,6 +46,7 @@ LABEL org.opencontainers.image.vendor="Kévin Dunglas"
 FROM common AS builder
 
 ARG FRANKENPHP_VERSION='dev'
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 COPY --from=golang-base /usr/local/go /usr/local/go
 
@@ -71,12 +72,11 @@ WORKDIR /go/src/app
 COPY --link go.mod go.sum ./
 RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
 
-RUN mkdir caddy && cd caddy
-COPY --link caddy/go.mod caddy/go.sum ./caddy/
-
-RUN cd caddy && \
-    go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
+WORKDIR /go/src/app/caddy
+COPY --link caddy/go.mod caddy/go.sum ./
+RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
 
+WORKDIR /go/src/app
 COPY --link *.* ./
 COPY --link caddy caddy
 COPY --link C-Thread-Pool C-Thread-Pool
@@ -87,12 +87,14 @@ COPY --link testdata testdata
 # see https://github.com/docker-library/php/blob/master/8.2/bookworm/zts/Dockerfile#L57-L59 for PHP values
 ENV CGO_LDFLAGS="-lssl -lcrypto -lreadline -largon2 -lcurl -lonig -lz $PHP_LDFLAGS" CGO_CFLAGS="-DFRANKENPHP_VERSION=$FRANKENPHP_VERSION $PHP_CFLAGS" CGO_CPPFLAGS=$PHP_CPPFLAGS
 
-RUN cd caddy/frankenphp && \
-    GOBIN=/usr/local/bin go install -ldflags "-X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" && \
+WORKDIR /go/src/app/caddy/frankenphp
+RUN GOBIN=/usr/local/bin go install -ldflags "-X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" && \
     setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \
     cp Caddyfile /etc/caddy/Caddyfile && \
     frankenphp version
 
+WORKDIR /go/src/app
+
 
 FROM common AS runner
 
diff --git a/alpine.Dockerfile b/alpine.Dockerfile
index 91cb9a14e..9c77a2c04 100644
--- a/alpine.Dockerfile
+++ b/alpine.Dockerfile
@@ -43,11 +43,13 @@ LABEL org.opencontainers.image.vendor="Kévin Dunglas"
 FROM common AS builder
 
 ARG FRANKENPHP_VERSION='dev'
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
 COPY --link --from=golang-base /usr/local/go /usr/local/go
 
 ENV PATH /usr/local/go/bin:$PATH
 
+# hadolint ignore=SC2086
 RUN apk add --no-cache --virtual .build-deps \
 	$PHPIZE_DEPS \
 	argon2-dev \
@@ -67,11 +69,11 @@ WORKDIR /go/src/app
 COPY --link go.mod go.sum ./
 RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
 
-RUN mkdir caddy && cd caddy
-COPY caddy/go.mod caddy/go.sum ./caddy/
-
-RUN cd caddy && go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
+WORKDIR /go/src/app/caddy
+COPY caddy/go.mod caddy/go.sum ./
+RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
 
+WORKDIR /go/src/app
 COPY --link *.* ./
 COPY --link caddy caddy
 COPY --link C-Thread-Pool C-Thread-Pool
@@ -82,11 +84,13 @@ COPY --link testdata testdata
 # see https://github.com/docker-library/php/blob/master/8.2/bookworm/zts/Dockerfile#L57-L59 for php values
 ENV CGO_LDFLAGS="-lssl -lcrypto -lreadline -largon2 -lcurl -lonig -lz $PHP_LDFLAGS" CGO_CFLAGS="-DFRANKENPHP_VERSION=$FRANKENPHP_VERSION $PHP_CFLAGS" CGO_CPPFLAGS=$PHP_CPPFLAGS
 
-RUN cd caddy/frankenphp && \
-	GOBIN=/usr/local/bin go install -ldflags "-extldflags '-Wl,-z,stack-size=0x80000' -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" && \
+WORKDIR /go/src/app/caddy/frankenphp
+RUN GOBIN=/usr/local/bin go install -ldflags "-extldflags '-Wl,-z,stack-size=0x80000' -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" && \
 	setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \
 	frankenphp version
 
+WORKDIR /go/src/app
+
 
 FROM common AS runner
 
diff --git a/build-static.sh b/build-static.sh
index e4c878c7b..532b25781 100755
--- a/build-static.sh
+++ b/build-static.sh
@@ -1,7 +1,6 @@
 #!/bin/sh
 
 set -o errexit
-trap 'echo "Aborting due to errexit on line $LINENO. Exit code: $?" >&2' ERR
 set -o xtrace
 
 if ! type "git" > /dev/null; then
@@ -72,6 +71,7 @@ fi
 
 ./bin/spc doctor
 ./bin/spc fetch --with-php="$PHP_VERSION" --for-extensions="$PHP_EXTENSIONS"
+# shellcheck disable=SC2086
 ./bin/spc build --enable-zts --build-embed $extraOpts "$PHP_EXTENSIONS" --with-libs="$PHP_EXTENSION_LIBS"
 CGO_CFLAGS="-DFRANKENPHP_VERSION=$FRANKENPHP_VERSION $(./buildroot/bin/php-config --includes | sed s#-I/#-I"$PWD"/buildroot/#g)"
 export CGO_CFLAGS
diff --git a/dev-alpine.Dockerfile b/dev-alpine.Dockerfile
index b240ecf25..196d67557 100644
--- a/dev-alpine.Dockerfile
+++ b/dev-alpine.Dockerfile
@@ -37,8 +37,8 @@ RUN apk add --no-cache \
     libtool && \
     echo 'set auto-load safe-path /' > /root/.gdbinit
 
-RUN git clone --branch=PHP-8.3 https://github.com/php/php-src.git && \
-    cd php-src && \
+WORKDIR /usr/local/src/php
+RUN git clone --branch=PHP-8.3 https://github.com/php/php-src.git . && \
     # --enable-embed is only necessary to generate libphp.so, we don't use this SAPI directly
     ./buildconf --force && \
     ./configure \
@@ -47,18 +47,19 @@ RUN git clone --branch=PHP-8.3 https://github.com/php/php-src.git && \
         --disable-zend-signals \
         --enable-zend-max-execution-timers \
         --enable-debug && \
-    make -j$(nproc) && \
+    make -j"$(nproc)" && \
     make install && \
     ldconfig /etc/ld.so.conf.d && \
     cp php.ini-development /usr/local/lib/php.ini && \
-    echo -e "zend_extension=opcache.so\nopcache.enable=1" >> /usr/local/lib/php.ini &&\
+    echo "zend_extension=opcache.so" >> /usr/local/lib/php.ini && \
+    echo "opcache.enable=1" >> /usr/local/lib/php.ini && \
     php --version
 
 WORKDIR /go/src/app
-
 COPY . .
 
-RUN cd caddy/frankenphp && \
-    go build
+WORKDIR /go/src/app/caddy/frankenphp
+RUN go build
 
+WORKDIR /go/src/app
 CMD [ "zsh" ]
diff --git a/dev.Dockerfile b/dev.Dockerfile
index 60015e2aa..732224e5c 100644
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@@ -13,6 +13,7 @@ ENV PHPIZE_DEPS \
     pkg-config \
     re2c
 
+# hadolint ignore=DL3009
 RUN apt-get update && \
     apt-get -y --no-install-recommends install \
     $PHPIZE_DEPS \
@@ -41,8 +42,8 @@ RUN apt-get update && \
     && \
     apt-get clean 
 
-RUN git clone --branch=PHP-8.3 https://github.com/php/php-src.git && \
-    cd php-src && \
+WORKDIR /usr/local/src/php
+RUN git clone --branch=PHP-8.3 https://github.com/php/php-src.git . && \
     # --enable-embed is only necessary to generate libphp.so, we don't use this SAPI directly
     ./buildconf --force && \
     ./configure \
@@ -51,18 +52,19 @@ RUN git clone --branch=PHP-8.3 https://github.com/php/php-src.git && \
         --disable-zend-signals \
         --enable-zend-max-execution-timers \
         --enable-debug && \
-    make -j$(nproc) && \
+    make -j"$(nproc)" && \
     make install && \
     ldconfig && \
     cp php.ini-development /usr/local/lib/php.ini && \
-    echo "zend_extension=opcache.so\nopcache.enable=1" >> /usr/local/lib/php.ini &&\
+    echo "zend_extension=opcache.so" >> /usr/local/lib/php.ini && \
+    echo "opcache.enable=1" >> /usr/local/lib/php.ini && \
     php --version
 
 WORKDIR /go/src/app
-
 COPY . .
 
-RUN cd caddy/frankenphp && \
-    go build
+WORKDIR /go/src/app/caddy/frankenphp
+RUN go build
 
+WORKDIR /go/src/app
 CMD [ "zsh" ]
diff --git a/static-builder.Dockerfile b/static-builder.Dockerfile
index b68aed9b8..3c17d458c 100644
--- a/static-builder.Dockerfile
+++ b/static-builder.Dockerfile
@@ -5,6 +5,7 @@ ARG FRANKENPHP_VERSION=''
 ARG PHP_VERSION=''
 ARG PHP_EXTENSIONS=''
 ARG PHP_EXTENSION_LIBS=''
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
 RUN apk update; \
     apk add --no-cache \
@@ -56,15 +57,14 @@ ENV PATH="${PATH}:/root/.composer/vendor/bin"
 COPY --from=composer/composer:2-bin --link /composer /usr/bin/composer
 
 WORKDIR /go/src/app
-
 COPY go.mod go.sum ./
 RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
 
-RUN mkdir caddy && cd caddy
-COPY caddy/go.mod caddy/go.sum ./caddy/
-
-RUN cd caddy && go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
+WORKDIR /go/src/app/caddy
+COPY caddy/go.mod caddy/go.sum ./
+RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
 
+WORKDIR /go/src/app
 COPY *.* ./
 COPY caddy caddy
 COPY C-Thread-Pool C-Thread-Pool