add linter to prevent `alpine` usage
Created by: slimsag
This PR adds a linter check which prevents usage of alpine
and
enforces the usage of sourcegraph/alpine
which is better for a
number of reasons.
When the linter fails, it looks like:
--- no alpine guard
Error: Found instances of "alpine:":
enterprise/cmd/precise-code-intel-indexer-vm/Dockerfile:FROM alpine:3.12@sha256:133a0a767b836cf86a011101995641cf1b5cbefb3dd212d78d7be145adde636d
Using 'alpine' is forbidden. Use 'sourcegraph/alpine' instead which provides:
- Fixes DNS resolution in some deployment environments.
- A non-root 'sourcegraph' user.
- Static UID and GIDs that are consistent across all containers.
- Base packages like 'tini' and 'curl' that we expect in all containers.
You should use 'sourcegraph/alpine' even in build stages for consistency sake.
Use explicit 'USER root' and 'USER sourcegraph' sections when adding packages, etc.
If the linter is incorrect, either:
1) add the comment "CI:ALPINE_OK" to the line where "alpine" occurs, or
2) add an exclusion clause in the "git grep" command in no-alpine-guard.sh
Fixes #13247 (closed)