Add Hadolint job

Change-Id: I62b20ca2abcb88bd5c3a13f7f6412e9b8a418ae7

noxfile.py

@@ -5,6 +5,8 @@ nox.options.reuse_existing_virtualenvs = True
 
 YAML_PATHS = [
     "./zuul.d/",
+    "./playbooks/",
+    "./roles/",
 ]
 
 PYTHON_PATHS = [

playbooks/hadolint/pre.yaml

@@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+    - ensure-hadolint

playbooks/hadolint/run.yaml

@@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+    - hadolint

roles/ensure-hadolint/defaults/main.yaml

@@ -0,0 +1 @@
+hadolint_version: "2.12.0"

roles/ensure-hadolint/tasks/main.yaml

@@ -0,0 +1,12 @@
+- name: Download Hadolint
+  ansible.builtin.get_url:
+    url: "https://github.com/hadolint/hadolint/releases/download/v{{ hadolint_version }}/hadolint-Linux-x86_64"
+    dest: /tmp/hadolint
+
+- name: Install Hadolint
+  become: true
+  ansible.builtin.copy:
+    remote_src: true
+    src: /tmp/hadolint
+    dest: /usr/local/bin/hadolint
+    mode: "0755"

roles/hadolint/defaults/main.yaml

@@ -0,0 +1,3 @@
+zuul_work_dir: "{{ zuul.project.src_dir }}"
+dockerfiles:
+  - Dockerfile

roles/hadolint/tasks/main.yaml

@@ -0,0 +1,7 @@
+- name: Lint Dockerfile with Hadolint
+  ansible.builtin.command: >-
+    hadolint {{ item }}
+  args:
+    chdir: "{{ zuul_work_dir }}"
+  changed_when: false
+  loop: "{{ dockerfiles }}"

zuul.d/jobs.yaml

@@ -21,3 +21,9 @@
       - name: container_registry_credentials
         secret: nebulous-container-registry-credentials
         pass-to-parent: true
+
+- job:
+    name: nebulous-hadolint
+    description: Run Hadolint on Dockerfile(s).
+    pre-run: playbooks/hadolint/pre.yaml
+    run: playbooks/hadolint/run.yaml