From e971c34c0b32510eec7ca5e49e57b2307158df76 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Tue, 29 Jun 2021 16:06:19 +1000
Subject: [PATCH] Added docker image lint with dive

---
 Jenkinsfile                    | 14 +++++++++++---
 docker/.dive-ci                | 14 ++++++++++++++
 scripts/{ => ci}/build-cleanup |  6 +++---
 3 files changed, 28 insertions(+), 6 deletions(-)
 create mode 100644 docker/.dive-ci
 rename scripts/{ => ci}/build-cleanup (76%)

diff --git a/Jenkinsfile b/Jenkinsfile
index 684ec0c8..4af1eda4 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -84,6 +84,14 @@ pipeline {
 				}
 			}
 			steps {
+				// Docker image check
+				sh '''docker run --rm \
+					-v /var/run/docker.sock:/var/run/docker.sock \
+					-v "$(pwd)/docker:/app" \
+					-e CI=true \
+					wagoodman/dive:latest --ci-config /app/.dive-ci \
+					"${IMAGE}:${BRANCH_LOWER}-ci-${BUILD_NUMBER}"
+				'''
 				// Bring up a stack
 				sh 'docker-compose up -d fullstack'
 				sh './scripts/wait-healthy $(docker-compose ps -q fullstack) 120'
@@ -199,9 +207,9 @@ pipeline {
 	post {
 		always {
 			sh 'docker-compose down --rmi all --remove-orphans --volumes -t 30'
-			sh './scripts/build-cleanup'
-			sh 'echo Reverting ownership'
-			sh 'docker run --rm -v $(pwd):/data node:latest chown -R "$(id -u):$(id -g)" /data'
+			sh './scripts/ci/build-cleanup'
+			echo 'Reverting ownership'
+			sh 'docker run --rm -v $(pwd):/data jc21/gotools:latest chown -R "$(id -u):$(id -g)" /data'
 		}
 		success {
 			juxtapose event: 'success'
diff --git a/docker/.dive-ci b/docker/.dive-ci
new file mode 100644
index 00000000..7a408bdf
--- /dev/null
+++ b/docker/.dive-ci
@@ -0,0 +1,14 @@
+rules:
+  # If the efficiency is measured below X%, mark as failed.
+  # Expressed as a ratio between 0-1.
+  lowestEfficiency: 0.99
+
+  # If the amount of wasted space is at least X or larger than X, mark as failed.
+  # Expressed in B, KB, MB, and GB.
+  highestWastedBytes: 15MB
+
+  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
+  # Note: the base image layer is NOT included in the total image size.
+  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
+  highestUserWastedPercent: 0.02
+
diff --git a/scripts/build-cleanup b/scripts/ci/build-cleanup
similarity index 76%
rename from scripts/build-cleanup
rename to scripts/ci/build-cleanup
index 5924133c..bd8b4089 100755
--- a/scripts/build-cleanup
+++ b/scripts/ci/build-cleanup
@@ -1,14 +1,14 @@
 #!/bin/bash -e
 
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-. "$DIR/.common.sh"
+. "$DIR/../.common.sh"
 
 # Ensure docker-compose exists
 if hash docker 2>/dev/null; then
-	cd "${DIR}/.."
+	cd "${DIR}/../.."
 	echo -e "${BLUE}❯ ${CYAN}Build Cleanup ...${RESET}"
 
-	docker run --rm -e CI=true -v "$(pwd):/app" -w /app node:latest rm -rf \
+	docker run --rm -e CI=true -v "$(pwd):/app" -w /app jc21/gotools:latest rm -rf \
 		/app/frontend/node_modules \
 		/app/docs/node_modules \
 		/app/docs/.vuepress/dist