✨ feat: streamline Dockerfile validation and update Hadolint configuration for Go packages

2026-04-06 00:32:04 +02:00 · 2025-11-20 21:55:04 +08:00
parent de1fdaa2aa
commit 7f36fcc805
2 changed files with 7 additions and 6 deletions
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -52,12 +52,7 @@ jobs:
      - name: 🔍 Validate Dockerfile Syntax
        run: |
          echo "🐳 Validating Dockerfile build context..."
-          docker build --no-cache -t tor-relay-test . 2>&1 | \
-            tee /tmp/docker-build.log || true
-          if grep -i "error" /tmp/docker-build.log; then
-            echo "❌ Dockerfile validation failed"
-            exit 1
-          fi
+          docker build --no-cache -t tor-relay-test .
          echo "✅ Dockerfile syntax valid"

      - name: 📝 Lint Shell Scripts
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -14,6 +14,12 @@ ignored:
  # latest security patches automatically.
  - DL3018

+  # DL3062: Ignore unpinned Go packages
+  # Rationale: We intentionally use 'go get -u' to fetch the latest security 
+  # patches for dependencies during our weekly rebuilds. Pinning versions
+  # would prevent automatic vulnerability remediation.
+  - DL3062
+
 # ============================================================================
 # Security & Quality Settings
 # ============================================================================