add linting using Hadolint

.github/workflows/lint.yml

@@ -0,0 +1,18 @@
+name: lint
+
+on:
+  # yamllint disable-line rule:truthy
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: hadolint/[email protected]
+        with:
+          recursive: true
+          failure-threshold: warning # info is usually ok

.hadolint.yaml

@@ -0,0 +1,12 @@
+ignored:
+  - DL3007 # we don't want to pin versions
+  - DL3008 # we don't want to pin versions
+  - DL3013 # we don't want to pin versions
+  - DL3018 # we don't want to pin versions
+  - DL3033 # we don't want to pin versions
+  - DL3041 # we don't want to pin versions
+  - DL3037 # we don't want to pin versions
+  - SC2028 # using echo is ok for our case
+  - SC3009 # we don't care about POSIX compatibility
+  - SC3010 # we don't care about POSIX compatibility
+  - SC3037 # we don't care about POSIX compatibility

amazon2023-ansible-latest/Dockerfile

@@ -13,10 +13,10 @@
       python3-pip && \
     yum clean all
 
-RUN pip3 install ansible
+RUN pip3 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers
 
 # Install Ansible inventory file.
 RUN mkdir -p /etc/ansible && \

arch-ansible-latest/Dockerfile

@@ -2,18 +2,18 @@
 LABEL maintainer="Sebastian Gumprich"
 
 # Update, install sudo and systemd, cleanup and remove unneeded unit files.
 RUN  pacman -S -y \
   && pacman -S --noconfirm \
     sudo \
     systemd \
   && \
-  (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -vf $i; done); \
-    rm -vf /lib/systemd/system/multi-user.target.wants/*; \
-    rm -vf /etc/systemd/system/*.wants/*; \
-    rm -vf /lib/systemd/system/local-fs.target.wants/*; \
-    rm -vf /lib/systemd/system/sockets.target.wants/*udev*; \
-    rm -vf /lib/systemd/system/sockets.target.wants/*initctl*; \
-    rm -vf /lib/systemd/system/basic.target.wants/*;
+  for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -vf $i; done; \
+  rm -vf /lib/systemd/system/multi-user.target.wants/*; \
+  rm -vf /etc/systemd/system/*.wants/*; \
+  rm -vf /lib/systemd/system/local-fs.target.wants/*; \
+  rm -vf /lib/systemd/system/sockets.target.wants/*udev*; \
+  rm -vf /lib/systemd/system/sockets.target.wants/*initctl*; \
+  rm -vf /lib/systemd/system/basic.target.wants/*;
 
 # Update archlinux-keyring.
 RUN pacman -S -y \
@@ -21,12 +21,12 @@
     archlinux-keyring
 
 # Install glibc, python and Ansible and clear caches.
 RUN pacman -S -y \
   && pacman -S --noconfirm \
     glibc \
     python \
     ansible \
-  && yes | pacman -Scc || true
+  && pacman -Scc --noconfirm || true
 
 # Install Ansible inventory file.
 RUN mkdir /etc/ansible \

centos7-ansible-latest/Dockerfile

@@ -5,15 +5,15 @@
 ENV LC_ALL en_US.UTF-8
 
 # Install systemd -- See https://hub.docker.com/_/centos/
 RUN yum -y update; yum clean all; \
-(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-rm -f /lib/systemd/system/multi-user.target.wants/*;\
-rm -f /etc/systemd/system/*.wants/*;\
-rm -f /lib/systemd/system/local-fs.target.wants/*; \
-rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-rm -f /lib/systemd/system/basic.target.wants/*;\
-rm -f /lib/systemd/system/anaconda.target.wants/*;
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 # Install requirements.
 RUN yum makecache fast && \
@@ -37,8 +37,8 @@
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers
 
 # Upgrade pip so cryptography package works.
-RUN python3 -m pip install --upgrade pip && \
-    pip3 install ansible
+RUN python3 -m pip install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
 
 # https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user
 # Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`

centos8-ansible-latest/Dockerfile

@@ -3,15 +3,15 @@
 ENV container=docker
 
 # Install systemd -- See https://hub.docker.com/_/centos/
 RUN yum -y update; yum clean all; \
-(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-rm -f /lib/systemd/system/multi-user.target.wants/*;\
-rm -f /etc/systemd/system/*.wants/*;\
-rm -f /lib/systemd/system/local-fs.target.wants/*; \
-rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-rm -f /lib/systemd/system/basic.target.wants/*;\
-rm -f /lib/systemd/system/anaconda.target.wants/*;
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 # Install Ansible and other requirements.
 RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-Linux-* \
@@ -27,8 +27,8 @@
  && yum clean all
 
 # upgrade pip because of the rust dependency error
-RUN python3 -m pip install --upgrade pip && \
-    pip3 install ansible
+RUN python3 -m pip install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers

centosstream8-ansible-latest/Dockerfile

@@ -3,15 +3,15 @@
 ENV container=docker
 
 # Install systemd -- See https://hub.docker.com/_/centos/
 RUN yum -y update; yum clean all; \
-(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-rm -f /lib/systemd/system/multi-user.target.wants/*;\
-rm -f /etc/systemd/system/*.wants/*;\
-rm -f /lib/systemd/system/local-fs.target.wants/*; \
-rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-rm -f /lib/systemd/system/basic.target.wants/*;\
-rm -f /lib/systemd/system/anaconda.target.wants/*;
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 # Install Ansible and other requirements.
 RUN yum makecache --timer \
@@ -27,8 +27,8 @@
  && yum clean all
 
 # upgrade pip because of the rust dependency error
-RUN python3 -m pip install --upgrade pip && \
-   pip3 install ansible
+RUN python3 -m pip install --no-cache-dir --upgrade pip && \
+   pip3 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers

centosstream9-ansible-latest/Dockerfile

@@ -25,8 +25,8 @@ RUN yum makecache --timer \
  && yum clean all
 
 # upgrade pip because of the rust dependency error
-RUN python3 -m pip install --upgrade pip && \
-   pip3 install ansible
+RUN python3 -m pip install --no-cache-dir --upgrade pip && \
+   pip3 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers

debian10-ansible-latest/Dockerfile

@@ -1,13 +1,16 @@
 FROM debian:buster
 LABEL maintainer="Sebastian Gumprich"
 
-RUN apt-get update -y  &&  apt-get install --fix-missing && \
+RUN apt-get update -y  &&  apt-get install -y --fix-missing && \
     DEBIAN_FRONTEND=noninteractive \
     apt-get install -y \
       python python-yaml sudo \
-      curl gcc python-pip python-dev libffi-dev libssl-dev systemd
-RUN pip install --upgrade cffi && \
-    pip install ansible
+      curl gcc python-pip python-dev libffi-dev libssl-dev systemd && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN pip install --no-cache-dir --upgrade cffi && \
+    pip install --no-cache-dir ansible
 
 RUN apt-get -f -y --auto-remove remove \
       gcc python-pip python-dev libffi-dev libssl-dev && \
@@ -35,6 +38,6 @@
 RUN rm -f /lib/systemd/system/multi-user.target.wants/getty.target
 
 # delete file created by systemd that prevents login via ssh
 RUN rm -f /{var/run,etc,run}/nologin
 
 CMD [ "ansible-playbook", "--version" ]

debian11-ansible-latest/Dockerfile

@@ -5,7 +5,10 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missin
     DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
       python3 python3-yaml sudo \
-      curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd
+      curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
 RUN pip install --no-cache-dir --upgrade cffi && \
     pip install --no-cache-dir ansible
 

debian12-ansible-latest/Dockerfile

@@ -5,7 +5,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missin
     DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
       python3 python3-yaml sudo \
-      curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd
+      curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # Allow installing stuff to system Python.
 RUN rm -f /usr/lib/python3.11/EXTERNALLY-MANAGED

fedora37-ansible-latest/Dockerfile

@@ -2,15 +2,15 @@
 LABEL maintainer="Sebastian Gumprich; Nejc Habjan; Diego Louzan; Max Wittig"
 
 # Enable systemd.
 RUN dnf -y install systemd && dnf clean all && \
-  (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-  rm -f /lib/systemd/system/multi-user.target.wants/*;\
-  rm -f /etc/systemd/system/*.wants/*;\
-  rm -f /lib/systemd/system/local-fs.target.wants/*; \
-  rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-  rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-  rm -f /lib/systemd/system/basic.target.wants/*;\
-  rm -f /lib/systemd/system/anaconda.target.wants/*;
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 RUN dnf -y update \
     && dnf -y install ansible python python3-libselinux \

fedora38-ansible-latest/Dockerfile

@@ -2,15 +2,15 @@
 LABEL maintainer="Sebastian Gumprich, Nejc Habjan, Diego Louzan, Max Wittig"
 
 # Enable systemd.
 RUN dnf -y install systemd && dnf clean all && \
-  (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-  rm -f /lib/systemd/system/multi-user.target.wants/*;\
-  rm -f /etc/systemd/system/*.wants/*;\
-  rm -f /lib/systemd/system/local-fs.target.wants/*; \
-  rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-  rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-  rm -f /lib/systemd/system/basic.target.wants/*;\
-  rm -f /lib/systemd/system/anaconda.target.wants/*;
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 RUN dnf -y update \
     && dnf -y install ansible python python3-libselinux \

opensuse_tumbleweed-ansible-latest/Dockerfile

@@ -2,7 +2,8 @@ FROM opensuse/tumbleweed:latest
 LABEL maintainer="Sebastian Gumprich"
 ENV container=docker
 
-RUN zypper install -y python ansible dbus-1 systemd-sysvinit shadow sudo
+RUN zypper install -y python ansible dbus-1 systemd-sysvinit shadow sudo && \
+    zypper clean
 
 RUN cp /usr/lib/systemd/system/dbus.service /etc/systemd/system/; \
     sed -i 's/OOMScoreAdjust=-900//' /etc/systemd/system/dbus.service

openwrt-ansible-latest/Dockerfile

@@ -1,14 +1,15 @@
 FROM openwrt/rootfs:latest
 LABEL maintainer="Sebastian Gumprich"
 
+# hadolint ignore=DL4006
 RUN mkdir -p /var/lock && \
     opkg update && \
     if [[ $(opkg list-upgradable) ]]; then opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade; fi && \
     opkg install python3 python3-pip python3-cryptography \
     sudo bash sed shadow-su shadow-groupadd shadow-useradd shadow-usermod
 
-RUN pip3 install --upgrade pip && \
-    pip3 install ansible
+RUN pip3 install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
 
 # Install Ansible inventory file
 RUN mkdir -p /etc/ansible \

rocky8-ansible-latest/Dockerfile

@@ -4,14 +4,14 @@ ENV container=docker
 
 # Install systemd -- See https://hub.docker.com/_/centos/
 RUN yum -y update; yum clean all; \
-(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-rm -f /lib/systemd/system/multi-user.target.wants/*;\
-rm -f /etc/systemd/system/*.wants/*;\
-rm -f /lib/systemd/system/local-fs.target.wants/*; \
-rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-rm -f /lib/systemd/system/basic.target.wants/*;\
-rm -f /lib/systemd/system/anaconda.target.wants/*;
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 # Install Ansible and other requirements.
 RUN yum makecache --timer \
@@ -26,8 +26,8 @@ RUN yum makecache --timer \
  && yum clean all
 
 # upgrade pip because of the rust dependency error
-RUN pip3 install --upgrade pip && \
-    pip3 install ansible
+RUN pip3 install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers

rocky9-ansible-latest/Dockerfile

@@ -18,8 +18,8 @@ RUN yum makecache --timer \
  && yum clean all
 
 # upgrade pip because of the rust dependency error
-RUN pip3 install --upgrade pip && \
-    pip3 install ansible
+RUN pip3 install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers