[hadolint] Exclude certain version-pinning rules

as they are not actually best practices. Change-Id: I82a39152e7cf2936d05266b92f875e674cea8aae
2024-05-27 11:33:04 +02:00 · 2024-05-27 11:33:04 +02:00 · f776e050d7
commit f776e050d7
parent d3b7025b85
1 changed files with 9 additions and 1 deletions
--- a/roles/hadolint/tasks/main.yaml
+++ b/roles/hadolint/tasks/main.yaml
@ -1,6 +1,14 @@
 - name: Lint Dockerfile with Hadolint
+  # NOTE(rpiliszek): We are excluding rules that force version pinning in distribution package managers.
+  # These rules actually do *not* follow the best practices of Dockerfile writing.
  ansible.builtin.command: >-
-    hadolint {{ item }}
+    hadolint
+    --ignore DL3008
+    --ignore DL3018
+    --ignore DL3033
+    --ignore DL3037
+    --ignore DL3041
+    {{ item }}
  args:
    chdir: "{{ zuul_work_dir }}"
  changed_when: false