Whitespace and lint errors and warnings

[StaticRocket]

Dockerfile right now has an unexpected newline https://github.com/TexasInstruments/ti-docker-images/blob/ae2fe724cea5eea0b3c10687ddc2a98c0111d41f/ubuntu-distro/Dockerfile#L9

In addition to this the following warnings and errors were raised when running this Dockerfile through hadolint.

:5 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
-:5 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:5 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:5 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
-:16 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
-:16 DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root

I'd ignore the package pinning messages given the nature of this container but still...

[cshilwant]

Hi @StaticRocket,

Fixing the following list of warnings looks acceptable :+1: ,

• Dockerfile right now has an unexpected newline
• -:16 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
• -:16 DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root

Other warnings I believe should be ignored. Following are my reasons,

• Fixing <package>==<version> doesn't look good. Whenever a new docker image is built it should take the latest version which should work for Yocto. Also, fixing version would unnecessarily at overhead to bump up to latest version tag in Dockerfile.

• :5 DL3015 info: Avoid additional packages by specifying --no-install-recommends

  • We have this added for Makefile dependencies Dockerfile#L6 but the warning we see with hadolint was for Dockerfile#L10 which is mainly the set of dependencies needed for Yocto builds which was referred from Build Host Packages. If we see the Yocto docs isn't using --no-install-recommends. Hence, I believe that there might be some recommended packages which are downloaded & maybe necessary for Yocto. I also see crops not using --no-install-recommends in their - ubuntu-22.04-base/Dockerfile

[StaticRocket]

@cshilwant , heads up, I just went through a bunch of workflow optimizations related to docker here if you want to grab some useful components.

Specifically: cached builds using buildx are nice but they require some work to setup manually and some extra parameters need to be passed. These are especially useful if you want to run the workflow for every push and you plan on expanding the number of images.

Also your manual qemu setup should be replaced with a common action like docker/setup-qemu-action. But that's assuming you actually plan on building cross-arch images. Right now that doesn't appear to be the case...

But if you are only planning on building a 22.04 based image you can dramatically simplify your workflow to something like this: https://github.com/StaticRocket/psdk-doc-docker/blob/master/.github/workflows/docker.yml