···

       
1
       
1
       
 
       
# syntax=docker/dockerfile:1

     

       
2
       
2
       
-
       
FROM ghcr.io/hadolint/hadolint:latest-alpine AS hadolint-binary

     

       
3
       
3
       
-
       


     

       
4
       
2
       
 
       
# Since we're building against edge at risk, it is important to note

     

       
5
       
3
       
 
       
# that anything might go wrong.

     

       
6
       
4
       
 
       
FROM alpine:edge AS buildkit

     

       
7
       
5
       
 
       


     

       
8
       
6
       
 
       
# Since hadolint isn't in the package repos for Alpine yet, we'll copying from the offical

     

       
9
       
7
       
 
       
# Docker image instead.

     

       
10
       
10
       
-
       
COPY --from=hadolint-binary /bin/hadolint /usr/bin/hadolint

     

       
8
       
8
       
+
       
COPY --from=ghcr.io/hadolint/hadolint:latest-alpine /bin/hadolint /usr/bin/hadolint

     

       
11
       
9
       
 
       


     

       
12
       
10
       
 
       
ENV PACKAGES=/usr/local/lib/python3.11/site-packages

     

       
13
       
11
       
 
       
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin

     

       
14
       
12
       
 
       
ENV PYTHONDONTWRITEBYTECODE=1

     

       
15
       
15
       
-
       
COPY --from=hadolint-binary /bin/hadolint /usr/bin/hadolint

     

       
16
       
13
       
 
       


     

       
17
       
14
       
 
       
# https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#linux but for Alpine

     

       
15
       
15
       
+
       
# Also installs Doppler CLI for accessing secrets securely within CI

     

       
18
       
16
       
 
       
# hadolint ignore=DL3018,DL3013

     

       
19
       
17
       
 
       
RUN apk add --no-cache \

     

       
20
       
18
       
 
       
     cairo-dev \

     
···

       
37
       
35
       
 
       
     npm \

     

       
38
       
36
       
 
       
     yarn \

     

       
39
       
37
       
 
       
     git \

     

       
38
       
38
       
+
       
     git-email \

     

       
39
       
39
       
+
       
     git-lfs \

     

       
40
       
40
       
 
       
     git-fast-import \

     

       
41
       
41
       
 
       
     openssh \

     

       
42
       
42
       
 
       
     gnupg \

     

       
43
       
43
       
 
       
     curl \

     

       
44
       
44
       
 
       
  && curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh \

     

       
45
       
45
       
 
       
    | sh

     

       
46
       
46
       
-
       
# The "--break-system-packages" is added so I don't need to do requirements.txt workaround,

     

       
47
       
47
       
-
       
# although I also consider using pipx if we wanted to.

     

       
48
       
48
       
-
       
# See also https://www.jeffgeerling.com/blog/2023/how-solve-error-externally-managed-environment-when-installing-pip3

     

       
46
       
46
       
+
       


     

       
47
       
47
       
+
       
# See https://www.jeffgeerling.com/blog/2023/how-solve-error-externally-managed-environment-when-installing-pip3

     

       
48
       
48
       
+
       
# for context behind removing the EXTERNALLY-MANAGED file

     

       
49
       
49
       
 
       
RUN rm -rv /usr/lib/python3*/EXTERNALLY-MANAGED \

     

       
50
       
50
       
 
       
  && pip install --no-cache \

     

       
51
       
51
       
 
       
      mkdocs-material \