Skip to content

add linter to prevent `alpine` usage

Warren Gifford requested to merge sg/alpine-linter into main

Created by: slimsag

This PR adds a linter check which prevents usage of alpine and enforces the usage of sourcegraph/alpine which is better for a number of reasons.

When the linter fails, it looks like:

--- no alpine guard

Error: Found instances of "alpine:":
  enterprise/cmd/precise-code-intel-indexer-vm/Dockerfile:FROM alpine:3.12@sha256:133a0a767b836cf86a011101995641cf1b5cbefb3dd212d78d7be145adde636d

Using 'alpine' is forbidden. Use 'sourcegraph/alpine' instead which provides:

- Fixes DNS resolution in some deployment environments.
- A non-root 'sourcegraph' user.
- Static UID and GIDs that are consistent across all containers.
- Base packages like 'tini' and 'curl' that we expect in all containers.

You should use 'sourcegraph/alpine' even in build stages for consistency sake.
Use explicit 'USER root' and 'USER sourcegraph' sections when adding packages, etc.

If the linter is incorrect, either:
1) add the comment "CI:ALPINE_OK" to the line where "alpine" occurs, or
2) add an exclusion clause in the "git grep" command in  no-alpine-guard.sh

Fixes #13247 (closed)

Merge request reports

Loading