From f1c76b23fcc4438cd0305c91735a829ce044185e Mon Sep 17 00:00:00 2001
From: Stephen <stephengroat@users.noreply.github.com>
Date: Mon, 9 Aug 2021 08:16:35 -0700
Subject: [PATCH] Hadolint (#2363)

---
 .github/workflows/test.yaml | 8 ++++++++
 Dockerfile                  | 4 +++-
 Dockerfile.debug            | 6 +++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 9a49ade6c..d11223fb9 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -182,6 +182,14 @@ jobs:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Hadolint - Master
+        uses: hadolint/hadolint-action@v1.5.0
+        with:
+          Dockerfile: Dockerfile
+      - name: Hadolint - Debug
+        uses: hadolint/hadolint-action@v1.5.0
+        with:
+          Dockerfile: Dockerfile.debug
       - name: build
         run: docker build .
 
diff --git a/Dockerfile b/Dockerfile
index b465c1808..e67657e3a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,10 @@
+# hadolint ignore=DL3007
 FROM golang:latest as build
 WORKDIR /go/src/github.com/pomerium/pomerium
 
+# hadolint ignore=DL3008
 RUN apt-get update \
-    && apt-get -y install zip
+    && apt-get -y --no-install-recommends install zip
 
 # cache depedency downloads
 COPY go.mod go.sum ./
diff --git a/Dockerfile.debug b/Dockerfile.debug
index 08786c435..0dddf0e59 100644
--- a/Dockerfile.debug
+++ b/Dockerfile.debug
@@ -1,8 +1,10 @@
+# hadolint ignore=DL3007
 FROM golang:latest as build
 WORKDIR /go/src/github.com/pomerium/pomerium
 
+# hadolint ignore=DL3008
 RUN apt-get update \
-    && apt-get -y install zip
+    && apt-get -y --no-install-recommends install zip
 
 # cache depedency downloads
 COPY go.mod go.sum ./
@@ -16,9 +18,11 @@ RUN make build-debug NAME=pomerium-cli
 RUN touch /config.yaml
 RUN go get github.com/go-delve/delve/cmd/dlv
 
+# hadolint ignore=DL3007
 FROM alpine:latest
 ENV AUTOCERT_DIR /data/autocert
 WORKDIR /pomerium
+# hadolint ignore=DL3018
 RUN apk add --no-cache ca-certificates libc6-compat gcompat
 COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/
 COPY --from=build /config.yaml /pomerium/config.yaml