From 60da96b8c05f94caf984fbce7b323730ad9fc38e Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:15:18 +0300 Subject: [PATCH 01/11] Fix hadolint warnings in base-env --- server/docker/Dockerfile.base-env | 38 +++++++++++++++++-------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/server/docker/Dockerfile.base-env b/server/docker/Dockerfile.base-env index b7085e63..8776e77f 100644 --- a/server/docker/Dockerfile.base-env +++ b/server/docker/Dockerfile.base-env @@ -21,6 +21,7 @@ ARG JDK_ARCH=${JDK_ARCH/arm64/aarch64} ARG ZIG_ARCH=${TARGETARCH/amd64/x86_64} ARG ZIG_ARCH=${ZIG_ARCH/arm64/aarch64} +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN \ apt-get update && \ apt-get install -y --no-install-recommends \ @@ -36,27 +37,28 @@ ENV LANG=en_US.UTF-8 \ # Java # RUN \ - wget -q -O - https://github.com/adoptium/temurin25-binaries/releases/download/jdk-25%2B36/OpenJDK25U-jdk_${JDK_ARCH}_linux_hotspot_25_36.tar.gz | tar xz -C /usr/local && \ - ${JDK_HOME_DIR}/bin/java -version && \ - ${JDK_HOME_DIR}/bin/javac -version + wget -q -O - "https://github.com/adoptium/temurin25-binaries/releases/download/jdk-25%2B36/OpenJDK25U-jdk_${JDK_ARCH}_linux_hotspot_25_36.tar.gz" | tar xz -C /usr/local && \ + "${JDK_HOME_DIR}/bin/java" -version && \ + "${JDK_HOME_DIR}/bin/javac" -version RUN \ - mkdir -p ${ZIG_PATH} && \ - wget -q -O - https://ziglang.org/download/${ZIG_VERSION}/zig-linux-${ZIG_ARCH}-${ZIG_VERSION}.tar.xz | tar xJ -C ${ZIG_PATH} --strip-components=1 && \ - ${ZIG_PATH}/zig version + mkdir -p "${ZIG_PATH}" && \ + wget -q -O - "https://ziglang.org/download/${ZIG_VERSION}/zig-linux-${ZIG_ARCH}-${ZIG_VERSION}.tar.xz" | tar xJ -C "${ZIG_PATH}" --strip-components=1 && \ + "${ZIG_PATH}/zig" version # Added 1.9.1 RUN \ - mkdir -p ${DOTNET_ROOT} && \ - mkdir -p ${NUGET_PACKAGES} && \ - wget https://dot.net/v1/dotnet-install.sh -O ./dotnet-install.sh && \ + mkdir -p "${DOTNET_ROOT}" && \ + mkdir -p "${NUGET_PACKAGES}" && \ + wget -q https://dot.net/v1/dotnet-install.sh -O ./dotnet-install.sh && \ chmod +x ./dotnet-install.sh && \ - ./dotnet-install.sh --channel 9.0.1xx --install-dir ${DOTNET_ROOT} && \ + ./dotnet-install.sh --channel 9.0.1xx --install-dir "${DOTNET_ROOT}" && \ rm ./dotnet-install.sh && \ - find ${DOTNET_ROOT} -iname "dotnet" && \ - ${DOTNET_ROOT}/dotnet --info && \ - export DOTNET_VERSION=$(${DOTNET_ROOT}/dotnet --info | grep -A 1 'Host' | grep 'Version' | awk '{print $NF}') && \ - echo ${DOTNET_VERSION} > ${DOTNET_VERSION_FILE} + find "${DOTNET_ROOT}" -iname "dotnet" && \ + "${DOTNET_ROOT}/dotnet" --info && \ + DOTNET_VERSION=$("${DOTNET_ROOT}/dotnet" --info | grep -A 1 'Host' | grep 'Version' | awk '{print $NF}') && \ + export DOTNET_VERSION && \ + echo "${DOTNET_VERSION}" > "${DOTNET_VERSION_FILE}" FROM ubuntu@sha256:ce4a593b4e323dcc3dd728e397e0a866a1bf516a1b7c31d6aa06991baec4f2e0 @@ -88,6 +90,8 @@ COPY --from=build ${ZIG_PATH} ${ZIG_PATH} COPY --from=build ${DOTNET_ROOT} ${DOTNET_ROOT} COPY --from=build ${NUGET_PACKAGES} ${NUGET_PACKAGES} +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN \ apt-get update && \ apt-get install -y --no-install-recommends \ @@ -104,10 +108,10 @@ RUN \ # Extender data cache mkdir -p /var/extender/cache/data && \ chown extender: /var/extender && \ - chown extender: $(which java) && \ + chown extender: "$(which java)" && \ chown -R extender: /var/extender/cache && \ - chown -R extender: ${NUGET_PACKAGES} && \ - chown -R extender: ${DOTNET_ROOT} + chown -R extender: "${NUGET_PACKAGES}" && \ + chown -R extender: "${DOTNET_ROOT}" ENV LANG=en_US.UTF-8 \ LANGUAGE=en_US:en \ From 19810c66491a4139bc64137171ca3f997f6acbec Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:16:57 +0300 Subject: [PATCH 02/11] Introduced hadolint config. Supressed warning about apt package version pin --- .github/workflows/hadolint-check.yml | 1 + ci/.hadolint.yaml | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 ci/.hadolint.yaml diff --git a/.github/workflows/hadolint-check.yml b/.github/workflows/hadolint-check.yml index e4725a18..206e8577 100644 --- a/.github/workflows/hadolint-check.yml +++ b/.github/workflows/hadolint-check.yml @@ -59,6 +59,7 @@ jobs: format: sarif output-file: hadolint-${{ steps.slug.outputs.name }}.sarif no-fail: true + config: ${{ github.workspace}}/ci/.hadolint.yaml - name: Upload SARIF to Code Scanning uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # 4.35.1 diff --git a/ci/.hadolint.yaml b/ci/.hadolint.yaml new file mode 100644 index 00000000..8f7e23e4 --- /dev/null +++ b/ci/.hadolint.yaml @@ -0,0 +1,2 @@ +ignored: + - DL3008 From 52bf79be37da6aa2df78c8b9b2348766593e6262 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:28:44 +0300 Subject: [PATCH 03/11] Fixed hadolint warnings in wine-env --- server/docker/Dockerfile.wine-env | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/server/docker/Dockerfile.wine-env b/server/docker/Dockerfile.wine-env index e29d188e..5cb4f458 100644 --- a/server/docker/Dockerfile.wine-env +++ b/server/docker/Dockerfile.wine-env @@ -1,4 +1,6 @@ FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-build-env:1.0.0 AS build + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Installation notes: https://wiki.winehq.org/Ubuntu # TODO: Backup the files as descibed here: https://wiki.winehq.org/Ubuntu RUN \ @@ -8,11 +10,12 @@ RUN \ # Install wine ARG WINE_BRANCH="stable" -RUN wget -O - https://dl.winehq.org/wine-builds/winehq.key | gpg --dearmor -o /etc/apt/keyrings/winehq-archive.key - &&\ +# hadolint ignore=DL3015 # ignore rule here because --install-recomends stay here according to Wine install documentation +RUN wget -q -O - https://dl.winehq.org/wine-builds/winehq.key | gpg --dearmor -o /etc/apt/keyrings/winehq-archive.key - &&\ dpkg --add-architecture i386 \ - && wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/jammy/winehq-$(grep VERSION_CODENAME= /etc/os-release | cut -d= -f2).sources \ + && wget -q -NP /etc/apt/sources.list.d/ "https://dl.winehq.org/wine-builds/ubuntu/dists/jammy/winehq-$(grep VERSION_CODENAME= /etc/os-release | cut -d= -f2).sources" \ && apt-get update \ - && DEBIAN_FRONTEND="noninteractive" apt-get install -y --install-recommends winehq-${WINE_BRANCH} \ + && DEBIAN_FRONTEND="noninteractive" apt-get install -y --install-recommends "winehq-${WINE_BRANCH}" \ && rm -rf /var/lib/apt/lists/* # Install winetricks @@ -55,7 +58,7 @@ RUN \ lsb-release \ software-properties-common \ gnupg && \ - wget https://apt.llvm.org/llvm.sh && \ + wget -q https://apt.llvm.org/llvm.sh && \ chmod +x llvm.sh && \ ./llvm.sh ${CLANG_VERSION} && \ rm llvm.sh && \ From 2e442763dc4e95fb28d571d321c5c7f1c8846041 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:29:31 +0300 Subject: [PATCH 04/11] Fixed hadolint warning in linux-env --- server/docker/Dockerfile.linux-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/docker/Dockerfile.linux-env b/server/docker/Dockerfile.linux-env index fad20643..da067429 100644 --- a/server/docker/Dockerfile.linux-env +++ b/server/docker/Dockerfile.linux-env @@ -27,7 +27,7 @@ RUN \ lsb-release \ software-properties-common \ gnupg && \ - wget https://apt.llvm.org/llvm.sh && \ + wget -q https://apt.llvm.org/llvm.sh && \ chmod +x llvm.sh && \ ./llvm.sh ${CLANG_VERSION} && \ rm llvm.sh && \ From b877a1c1b19b4610f80456716f9600abb7a93d38 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:30:42 +0300 Subject: [PATCH 05/11] Fixed hadolint warning in build-env --- server/docker/Dockerfile.build-env | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/docker/Dockerfile.build-env b/server/docker/Dockerfile.build-env index cec31175..74385d42 100644 --- a/server/docker/Dockerfile.build-env +++ b/server/docker/Dockerfile.build-env @@ -7,4 +7,5 @@ RUN \ wget \ ca-certificates \ unzip \ - xz-utils + xz-utils && \ + rm -rf /var/lib/apt/lists/* From 726ea2d1d71791f02039330c12aedf47df7c6351 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:45:17 +0300 Subject: [PATCH 06/11] Fixed hadolint warning in android-env --- server/docker/Dockerfile.android.ndk25-env | 57 ++++++++++--------- .../docker/Dockerfile.android.ndk25_sdk36-env | 53 +++++++++-------- 2 files changed, 58 insertions(+), 52 deletions(-) diff --git a/server/docker/Dockerfile.android.ndk25-env b/server/docker/Dockerfile.android.ndk25-env index 1ef28690..5c646b1c 100644 --- a/server/docker/Dockerfile.android.ndk25-env +++ b/server/docker/Dockerfile.android.ndk25-env @@ -37,42 +37,43 @@ ARG ANDROID_SDK_FILENAME_35=android-sdk-linux-android-${ANDROID_SDK_VERSION_35}- ARG ANDROID_NDK25_FILENAME=android-ndk-r${ANDROID_NDK25_VERSION}-linux.tar.gz ARG R8_VERSION=8.7.0-dev +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${ANDROID_HOME} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_NDK25_FILENAME} | tar xz -C ${ANDROID_ROOT} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_SDK_FILENAME_34} | tar xz -C ${ANDROID_HOME} --strip-components=1 && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_SDK_FILENAME_35} | tar xz -C ${ANDROID_HOME} --strip-components=1 && \ - rm -rf ${ANDROID_HOME}/extras && \ - rm -rf ${ANDROID_NDK25_PATH}/prebuilt && \ - rm -rf ${ANDROID_NDK25_PATH}/simpleperf && \ - rm -rf ${ANDROID_NDK25_PATH}/shader-tools && \ - rm -rf ${ANDROID_NDK25_PATH}/sources/third_party && \ - rm -rf ${ANDROID_NDK25_PATH}/sources/cxx-stl && \ - rm -rf ${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/i686-linux-android && \ - rm -rf ${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/x86_64-linux-android && \ - rm -rf ${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-* && \ - rm -rf ${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/x86_64-* && \ - rm -rf ${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/x86_64-linux-android && \ - rm -rf ${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/i686-linux-android && \ + mkdir -p "${ANDROID_HOME}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_NDK25_FILENAME}" | tar xz -C "${ANDROID_ROOT}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_SDK_FILENAME_34}" | tar xz -C "${ANDROID_HOME}" --strip-components=1 && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_SDK_FILENAME_35}" | tar xz -C "${ANDROID_HOME}" --strip-components=1 && \ + rm -rf "${ANDROID_HOME}/extras" && \ + rm -rf "${ANDROID_NDK25_PATH}/prebuilt" && \ + rm -rf "${ANDROID_NDK25_PATH}/simpleperf" && \ + rm -rf "${ANDROID_NDK25_PATH}/shader-tools" && \ + rm -rf "${ANDROID_NDK25_PATH}/sources/third_party" && \ + rm -rf "${ANDROID_NDK25_PATH}/sources/cxx-stl" && \ + rm -rf "${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/i686-linux-android" && \ + rm -rf "${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/x86_64-linux-android" && \ + rm -rf "${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-*" && \ + rm -rf "${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/x86_64-*" && \ + rm -rf "${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/x86_64-linux-android" && \ + rm -rf "${ANDROID_NDK25_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/i686-linux-android" && \ # create the .android folder and give read+write permissions (the Android Gradle plugin will write to the folder) # It is not enough to give 'user' and 'group'. We unfortunately also need 'others' - mkdir ${ANDROID_SDK_HOME} && \ - chmod ugo+rw -R ${ANDROID_SDK_HOME} && \ + mkdir "${ANDROID_SDK_HOME}" && \ + chmod ugo+rw -R "${ANDROID_SDK_HOME}" && \ # fix permissions - chmod +r -R ${ANDROID_ROOT} && \ - chmod +w -R ${ANDROID_HOME} && \ - chmod -R 755 ${ANDROID_ROOT}/android-ndk-r${ANDROID_NDK25_VERSION} && \ + chmod +r -R "${ANDROID_ROOT}" && \ + chmod +w -R "${ANDROID_HOME}" && \ + chmod -R 755 "${ANDROID_ROOT}/android-ndk-r${ANDROID_NDK25_VERSION}" && \ # check that dx installed properly - which ${ANDROID_NDK25_BIN_PATH}/armv7a-linux-androideabi${ANDROID_NDK25_API_VERSION}-clang++ && \ - which ${ANDROID_NDK25_BIN_PATH}/aarch64-linux-android${ANDROID_64_NDK25_API_VERSION}-clang++ && \ + which "${ANDROID_NDK25_BIN_PATH}/armv7a-linux-androideabi${ANDROID_NDK25_API_VERSION}-clang++" && \ + which "${ANDROID_NDK25_BIN_PATH}/aarch64-linux-android${ANDROID_64_NDK25_API_VERSION}-clang++" && \ # check that aapt installed correctly - ${ANDROID_SDK_BUILD_TOOLS_PATH_34}/aapt2 version && \ + "${ANDROID_SDK_BUILD_TOOLS_PATH_34}/aapt2" version && \ # download and install R8 utility separatly. It's done in that way because # R8/D8 received fixes from time to time which not populated with build tools # It's ok that R8.jar downloaded but saved to D8.jar. Can't find D8 as separate utility. # R8 contains all classes of D8. - wget -O ${ANDROID_SDK_BUILD_TOOLS_PATH_34}/lib/d8.jar https://storage.googleapis.com/r8-releases/raw/${R8_VERSION}/r8.jar && \ - wget -O ${ANDROID_SDK_BUILD_TOOLS_PATH_35}/lib/d8.jar https://storage.googleapis.com/r8-releases/raw/${R8_VERSION}/r8.jar + wget -q -O "${ANDROID_SDK_BUILD_TOOLS_PATH_34}/lib/d8.jar" "https://storage.googleapis.com/r8-releases/raw/${R8_VERSION}/r8.jar" && \ + wget -q -O "${ANDROID_SDK_BUILD_TOOLS_PATH_35}/lib/d8.jar" "https://storage.googleapis.com/r8-releases/raw/${R8_VERSION}/r8.jar" FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-android-env:1.7.0 @@ -131,6 +132,7 @@ ENV ANDROID_ROOT=${ANDROID_ROOT} \ COPY --from=build ${ANDROID_ROOT} ${ANDROID_ROOT} +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # android proguard was version 4.7, this is at least 5.2.1 which seems to work with OpenJDK 11 RUN \ apt-get update && \ @@ -141,5 +143,6 @@ RUN \ # Since dotnet cannot really cross compile, we need to create a "ar" shim for "llvm-ar" # As long as it's in the path, it will be picked up echo '#!/usr/bin/env bash' > /usr/bin/ar && \ - find /opt/platformsdk/android -iname "llvm-ar" | tail -1 | xargs xargs printf "%s \$*\n" $1 >> /usr/bin/ar && \ + LLVM_AR=$(find /opt/platformsdk/android -iname "llvm-ar" | tail -1) && \ + echo "${LLVM_AR} \$*" >> /usr/bin/ar && \ chmod +x /usr/bin/ar diff --git a/server/docker/Dockerfile.android.ndk25_sdk36-env b/server/docker/Dockerfile.android.ndk25_sdk36-env index 9eb00721..f5bb0100 100644 --- a/server/docker/Dockerfile.android.ndk25_sdk36-env +++ b/server/docker/Dockerfile.android.ndk25_sdk36-env @@ -31,39 +31,40 @@ ARG ANDROID_64_NDK_API_VERSION ARG ANDROID_NDK_FILENAME=android-ndk-r${ANDROID_NDK_VERSION}-linux.tar.gz ARG R8_VERSION=8.13.19 +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${ANDROID_HOME} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_NDK_FILENAME} | tar xz -C ${ANDROID_ROOT} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_SDK_FILENAME} | tar xz -C ${ANDROID_HOME} --strip-components=1 && \ - rm -rf ${ANDROID_HOME}/extras && \ - rm -rf ${ANDROID_NDK_PATH}/prebuilt && \ - rm -rf ${ANDROID_NDK_PATH}/simpleperf && \ - rm -rf ${ANDROID_NDK_PATH}/shader-tools && \ - rm -rf ${ANDROID_NDK_PATH}/sources/third_party && \ - rm -rf ${ANDROID_NDK_PATH}/sources/cxx-stl && \ - rm -rf ${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/i686-linux-android && \ - rm -rf ${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/x86_64-linux-android && \ - rm -rf ${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-* && \ - rm -rf ${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/x86_64-* && \ - rm -rf ${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/x86_64-linux-android && \ - rm -rf ${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/i686-linux-android && \ + mkdir -p "${ANDROID_HOME}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_NDK_FILENAME}" | tar xz -C "${ANDROID_ROOT}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${ANDROID_SDK_FILENAME}" | tar xz -C "${ANDROID_HOME}" --strip-components=1 && \ + rm -rf "${ANDROID_HOME}/extras" && \ + rm -rf "${ANDROID_NDK_PATH}/prebuilt" && \ + rm -rf "${ANDROID_NDK_PATH}/simpleperf" && \ + rm -rf "${ANDROID_NDK_PATH}/shader-tools" && \ + rm -rf "${ANDROID_NDK_PATH}/sources/third_party" && \ + rm -rf "${ANDROID_NDK_PATH}/sources/cxx-stl" && \ + rm -rf "${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/i686-linux-android" && \ + rm -rf "${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/x86_64-linux-android" && \ + rm -rf "${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/i686-*" && \ + rm -rf "${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/bin/x86_64-*" && \ + rm -rf "${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/x86_64-linux-android" && \ + rm -rf "${ANDROID_NDK_PATH}/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/i686-linux-android" && \ # create the .android folder and give read+write permissions (the Android Gradle plugin will write to the folder) # It is not enough to give 'user' and 'group'. We unfortunately also need 'others' - mkdir ${ANDROID_SDK_HOME} && \ - chmod ugo+rw -R ${ANDROID_SDK_HOME} && \ + mkdir "${ANDROID_SDK_HOME}" && \ + chmod ugo+rw -R "${ANDROID_SDK_HOME}" && \ # fix permissions - chmod +r -R ${ANDROID_ROOT} && \ - chmod +w -R ${ANDROID_HOME} && \ - chmod -R 755 ${ANDROID_ROOT}/android-ndk-r${ANDROID_NDK_VERSION} && \ - which ${ANDROID_NDK_BIN_PATH}/armv7a-linux-androideabi${ANDROID_NDK_API_VERSION}-clang++ && \ - which ${ANDROID_NDK_BIN_PATH}/aarch64-linux-android${ANDROID_64_NDK_API_VERSION}-clang++ && \ + chmod +r -R "${ANDROID_ROOT}" && \ + chmod +w -R "${ANDROID_HOME}" && \ + chmod -R 755 "${ANDROID_ROOT}/android-ndk-r${ANDROID_NDK_VERSION}" && \ + which "${ANDROID_NDK_BIN_PATH}/armv7a-linux-androideabi${ANDROID_NDK_API_VERSION}-clang++" && \ + which "${ANDROID_NDK_BIN_PATH}/aarch64-linux-android${ANDROID_64_NDK_API_VERSION}-clang++" && \ # check that aapt installed correctly - ${ANDROID_SDK_BUILD_TOOLS_PATH}/aapt2 version && \ + "${ANDROID_SDK_BUILD_TOOLS_PATH}/aapt2" version && \ # download and install R8 utility separatly. It's done in that way because # R8/D8 received fixes from time to time which not populated with build tools # It's ok that R8.jar downloaded but saved to D8.jar. Can't find D8 as separate utility. # R8 contains all classes of D8. - wget -O ${ANDROID_SDK_BUILD_TOOLS_PATH}/lib/d8.jar https://storage.googleapis.com/r8-releases/raw/${R8_VERSION}/r8.jar + wget -q -O "${ANDROID_SDK_BUILD_TOOLS_PATH}/lib/d8.jar" "https://storage.googleapis.com/r8-releases/raw/${R8_VERSION}/r8.jar" FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-android-env:1.7.0 @@ -106,6 +107,7 @@ ENV ANDROID_ROOT=${ANDROID_ROOT} \ COPY --from=build ${ANDROID_ROOT} ${ANDROID_ROOT} +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # android proguard was version 4.7, this is at least 5.2.1 which seems to work with OpenJDK 11 RUN \ apt-get update && \ @@ -116,5 +118,6 @@ RUN \ # Since dotnet cannot really cross compile, we need to create a "ar" shim for "llvm-ar" # As long as it's in the path, it will be picked up echo '#!/usr/bin/env bash' > /usr/bin/ar && \ - find /opt/platformsdk/android -iname "llvm-ar" | tail -1 | xargs xargs printf "%s \$*\n" $1 >> /usr/bin/ar && \ + LLVM_AR=$(find /opt/platformsdk/android -iname "llvm-ar" | tail -1) && \ + echo "${LLVM_AR} \$*" >> /usr/bin/ar && \ chmod +x /usr/bin/ar From 7f0b8b30fcb90965ce8164bc2e34fc6d25d64731 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:50:32 +0300 Subject: [PATCH 07/11] Fixed hadolint warning in console envs --- server/docker/Dockerfile.nssdk.2143-env | 6 ++++-- server/docker/Dockerfile.ps4.12500-env | 7 ++++--- server/docker/Dockerfile.ps5.12000-env | 6 ++++-- server/docker/Dockerfile.xbox.251002-env | 6 ++++-- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/server/docker/Dockerfile.nssdk.2143-env b/server/docker/Dockerfile.nssdk.2143-env index e18ba859..08ba7dc6 100644 --- a/server/docker/Dockerfile.nssdk.2143-env +++ b/server/docker/Dockerfile.nssdk.2143-env @@ -8,9 +8,11 @@ ARG NINTENDO_SDK_VERSION ARG NINTENDO_SDK_ROOT ARG SWITCH_SDK_FILENAME=nx64-sdk-${NINTENDO_SDK_VERSION}.tar.gz +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${NINTENDO_SDK_ROOT} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${SWITCH_SDK_FILENAME} | tar xz -C ${NINTENDO_SDK_ROOT} + mkdir -p "${NINTENDO_SDK_ROOT}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${SWITCH_SDK_FILENAME}" | tar xz -C "${NINTENDO_SDK_ROOT}" --strip-components=1 FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-wine-env:1.7.0 diff --git a/server/docker/Dockerfile.ps4.12500-env b/server/docker/Dockerfile.ps4.12500-env index 5f2fa805..4fa15259 100644 --- a/server/docker/Dockerfile.ps4.12500-env +++ b/server/docker/Dockerfile.ps4.12500-env @@ -8,10 +8,11 @@ ARG PS4_SDK_VERSION ARG PS4_SDK ARG PS4_SDK_FILENAME=ps4-sdk-${PS4_SDK_VERSION}.tar.gz +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - echo "PS4 ${PS4_SDK_FILENAME}" && \ - mkdir -p ${PS4_SDK} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${PS4_SDK_FILENAME} | tar xz -C ${PS4_SDK} --strip-components=1 + mkdir -p "${PS4_SDK}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${PS4_SDK_FILENAME}" | tar xz -C "${PS4_SDK}" --strip-components=1 FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-wine-env:1.7.0 diff --git a/server/docker/Dockerfile.ps5.12000-env b/server/docker/Dockerfile.ps5.12000-env index 345a5b70..37b2f44f 100644 --- a/server/docker/Dockerfile.ps5.12000-env +++ b/server/docker/Dockerfile.ps5.12000-env @@ -8,9 +8,11 @@ ARG PS5_SDK_VERSION ARG PS5_SDK ARG PS5_SDK_FILENAME=ps5-sdk-${PS5_SDK_VERSION}.tar.gz +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${PS5_SDK} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${PS5_SDK_FILENAME} | tar xz -C ${PS5_SDK} --strip-components=1 + mkdir -p "${PS5_SDK}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${PS5_SDK_FILENAME}" | tar xz -C "${PS5_SDK}" --strip-components=1 FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-wine-env:1.7.0 diff --git a/server/docker/Dockerfile.xbox.251002-env b/server/docker/Dockerfile.xbox.251002-env index 01fc1a9b..12a4f77d 100644 --- a/server/docker/Dockerfile.xbox.251002-env +++ b/server/docker/Dockerfile.xbox.251002-env @@ -7,9 +7,11 @@ ARG XBOX_SDK_VERSION ARG XBOX_SDK ARG XBOX_SDK_FILENAME=xbox-gdk-${XBOX_SDK_VERSION}.tar.gz +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${XBOX_SDK} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/${XBOX_SDK_FILENAME} | tar xz -C ${XBOX_SDK} --strip-components=1 + mkdir -p "${XBOX_SDK}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/${XBOX_SDK_FILENAME}" | tar xz -C "${XBOX_SDK}" --strip-components=1 FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-winsdk-2022_144435207-env:1.1.0 From 0b72df545135e6948ef441eb91413630acb86006 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 10:52:32 +0300 Subject: [PATCH 08/11] Fixed hadolint warnings in emsdk-env --- server/docker/Dockerfile.emsdk.406-env | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/server/docker/Dockerfile.emsdk.406-env b/server/docker/Dockerfile.emsdk.406-env index abb75215..6639eb8b 100644 --- a/server/docker/Dockerfile.emsdk.406-env +++ b/server/docker/Dockerfile.emsdk.406-env @@ -17,22 +17,24 @@ ARG EMSCRIPTEN_CONFIG ARG EMSCRIPTEN_CACHE ARG EMSCRIPTEN_BIN +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN apt-get -qq -y update \ && apt-get -qq install -y --no-install-recommends \ python3 \ python3-pip RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${EMSCRIPTEN_TARGET_DIR} && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/emsdk-${EMSCRIPTEN_VERSION}-x86_64-linux.tar.gz | tar xz -C ${EMSCRIPTEN_TARGET_DIR} --strip-components=1 + mkdir -p "${EMSCRIPTEN_TARGET_DIR}" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/emsdk-${EMSCRIPTEN_VERSION}-x86_64-linux.tar.gz" | tar xz -C "${EMSCRIPTEN_TARGET_DIR}" --strip-components=1 RUN \ - ${EMSCRIPTEN_TARGET_DIR}/emsdk activate sdk-${EMSCRIPTEN_VERSION}-64bit && \ - EM_CONFIG=${EMSCRIPTEN_CONFIG} EM_CACHE=${EMSCRIPTEN_CACHE} python3 ${EMSCRIPTEN_BIN}/embuilder.py build SYSTEM MINIMAL && \ - rm -fr ${EMSCRIPTEN_TARGET_DIR}/upstream/emscripten/tests && \ + "${EMSCRIPTEN_TARGET_DIR}/emsdk" activate sdk-${EMSCRIPTEN_VERSION}-64bit && \ + EM_CONFIG="${EMSCRIPTEN_CONFIG}" EM_CACHE="${EMSCRIPTEN_CACHE}" python3 "${EMSCRIPTEN_BIN}/embuilder.py" build SYSTEM MINIMAL && \ + rm -fr "${EMSCRIPTEN_TARGET_DIR}/upstream/emscripten/tests" && \ # The "sed" command below removes the /TEMP_DIR line from the generated configs # We replace it with a folder of our own - sed '/TEMP_DIR =/d' ${EMSCRIPTEN_CONFIG} && \ + sed '/TEMP_DIR =/d' "${EMSCRIPTEN_CONFIG}" && \ echo TEMP_DIR = \'${EMSCRIPTEN_TEMP_DIR}\' >> ${EMSCRIPTEN_CONFIG} From 1c4639442f5a60b05dfbf80b2814f8b880b26c13 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 11:36:30 +0300 Subject: [PATCH 09/11] Fixed hadolint warning ins winsdk-env --- server/docker/Dockerfile.winsdk.2022-env | 82 +++++++++---------- .../Dockerfile.winsdk.2022_144435207-env | 76 +++++++++-------- 2 files changed, 81 insertions(+), 77 deletions(-) diff --git a/server/docker/Dockerfile.winsdk.2022-env b/server/docker/Dockerfile.winsdk.2022-env index 57b0d2fa..482ba4c9 100644 --- a/server/docker/Dockerfile.winsdk.2022-env +++ b/server/docker/Dockerfile.winsdk.2022-env @@ -15,82 +15,76 @@ ENV \ WINDOWS_VCINSTALLDIR_2022="${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022/VC/Tools/MSVC/${WINDOWS_MSVC_2022_VERSION}" \ WINDOWS_VSINSTALLDIR_2022="${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022" +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # windres: Allows for generating .res files that can be used during linking RUN \ - echo "Win32 SDK - WINDRES" && \ apt-get update && \ - apt-get install -y binutils-mingw-w64-x86-64 && \ + apt-get install -y --no-install-recommends binutils-mingw-w64-x86-64 && \ ls -la /usr/bin/x86_64-w64-mingw32-windres && \ - ln -s /usr/bin/x86_64-w64-mingw32-windres /usr/local/bin/windres + ln -s /usr/bin/x86_64-w64-mingw32-windres /usr/local/bin/windres && \ + rm -rf /var/lib/apt/lists/* -RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - echo "WIN32 2022 SDK " && \ - mkdir -p ${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022 && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/Microsoft-Visual-Studio-2022-${WINDOWS_MSVC_2022_VERSION}.tar.gz | tar xz -C ${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022 +COPY winsdk_rename_files.py ${PLATFORMSDK_WIN32} RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - echo "WIN32 ${WINDOWS_SDK_10_20348_VERSION} SDK " && \ - mkdir -p ${PLATFORMSDK_WIN32}/WindowsKits && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/WindowsKits-${WINDOWS_SDK_10_20348_VERSION}.tar.gz | tar xz -C ${PLATFORMSDK_WIN32}/WindowsKits - -RUN \ - ln -s $(which clang) $(dirname $(which clang))/x86_64-pc-win32-clang && \ - ln -s $(which llvm-ar) $(dirname $(which llvm-ar))/x86_64-pc-win32-clang-ar - + mkdir -p "${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/Microsoft-Visual-Studio-2022-${WINDOWS_MSVC_2022_VERSION}.tar.gz" | tar xz -C "${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022" && \ + mkdir -p "${PLATFORMSDK_WIN32}/WindowsKits" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/WindowsKits-${WINDOWS_SDK_10_20348_VERSION}.tar.gz" | tar xz -C "${PLATFORMSDK_WIN32}/WindowsKits" && \ + ln -s "$(which clang)" "$(dirname "$(which clang)")/x86_64-pc-win32-clang" && \ + ln -s "$(which llvm-ar)" "$(dirname "$(which llvm-ar)")/x86_64-pc-win32-clang-ar" && \ # Due to Windows' case insensitive file system, the sources reference lib files with wrong cases # so we solve the bulk by making the suffixes lowercase. (e.g. MyLib.Lib -> MyLib.lib) -RUN find $PLATFORMSDK_WIN32 -iname '*.Lib' -type f -exec sh -c 'a=$(echo "$0" | sed -r "s/([^.]*)\$/\L\1/"); [ "$a" != "$0" ] && [ ! -f "$a" ] && ln -s "$0" "$a" ' {} \; + find $PLATFORMSDK_WIN32 -iname '*.Lib' -type f -exec sh -c 'a=$(echo "$0" | sed -r "s/([^.]*)\$/\L\1/"); [ "$a" != "$0" ] && [ ! -f "$a" ] && ln -s "$0" "$a" ' {} \; -COPY winsdk_rename_files.py ${PLATFORMSDK_WIN32} RUN \ - echo "Renaming header files" && \ - python ${PLATFORMSDK_WIN32}/winsdk_rename_files.py > ${PLATFORMSDK_WIN32}/rename.txt - + python ${PLATFORMSDK_WIN32}/winsdk_rename_files.py > ${PLATFORMSDK_WIN32}/rename.txt && \ # Make a copy of all the headers too, in lower case (e.g. Windows.h -> windows.h etc) -RUN find $PLATFORMSDK_WIN32 -iname '*.h' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; - + find $PLATFORMSDK_WIN32 -iname '*.h' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; && \ # Make lower case links of libraries as well -RUN find ${WINDOWS_SDK_10_DIR}/Lib -iname '*.lib' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; + find ${WINDOWS_SDK_10_DIR}/Lib -iname '*.lib' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; +WORKDIR "${WINDOWS_MSVC_DIR_2022}/lib/x64" RUN \ - echo "WIN32 SDK - 2022 - Debug" && \ # and the rest are manually copied (or made lower case) - echo ${WINDOWS_MSVC_DIR_2022} - + cp oldnames.lib OLDNAMES.lib && \ + cp libcmt.lib LIBCMT.lib && \ + cp delayimp.lib Delayimp.lib +WORKDIR "${WINDOWS_MSVC_DIR_2022}/lib/x86" RUN \ - echo "WIN32 SDK - 2022 - Cleanup" && \ # and the rest are manually copied (or made lower case) - (cd ${WINDOWS_MSVC_DIR_2022}/lib/x64 && cp oldnames.lib OLDNAMES.lib) && \ - (cd ${WINDOWS_MSVC_DIR_2022}/lib/x86 && cp oldnames.lib OLDNAMES.lib) && \ - (cd ${WINDOWS_MSVC_DIR_2022}/lib/x64 && cp libcmt.lib LIBCMT.lib) && \ - (cd ${WINDOWS_MSVC_DIR_2022}/lib/x86 && cp libcmt.lib LIBCMT.lib) && \ - (cd ${WINDOWS_MSVC_DIR_2022}/lib/x64 && cp delayimp.lib Delayimp.lib) && \ - (cd ${WINDOWS_MSVC_DIR_2022}/lib/x86 && cp delayimp.lib Delayimp.lib) + cp oldnames.lib OLDNAMES.lib && \ + cp libcmt.lib LIBCMT.lib && \ + cp delayimp.lib Delayimp.lib # Some headers are named by the wrong name in the windows sdk's... # We need to make certain names lowercase because some users # have put "pragma lib" comments in some libraries :( # and/or misspelled header files +WORKDIR "${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/shared" RUN \ - echo "WIN32 WindowsKits ${WINDOWS_SDK_10_20348_VERSION} - Cleanup" && \ - (cd ${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/shared && cp driverspecs.h DriverSpecs.h) && \ - (cd ${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/shared && cp specstrings.h SpecStrings.h) && \ - (cd ${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/shared && cp concurrencysal.h ConcurrencySal.h) && \ - (cd ${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/shared && cp wlantypes.h WlanTypes.h) && \ - (cd ${WINDOWS_SDK_10_DIR}/Lib/${WINDOWS_SDK_10_20348_VERSION}/um/x64 && cp psapi.lib Psapi.lib) && \ - (cd ${WINDOWS_SDK_10_DIR}/Lib/${WINDOWS_SDK_10_20348_VERSION}/um/x86 && cp psapi.lib Psapi.lib) + cp driverspecs.h DriverSpecs.h && \ + cp specstrings.h SpecStrings.h && \ + cp concurrencysal.h ConcurrencySal.h && \ + cp wlantypes.h WlanTypes.h + +WORKDIR "${WINDOWS_SDK_10_DIR}/Lib/${WINDOWS_SDK_10_20348_VERSION}/um/x64" +RUN cp psapi.lib Psapi.lib +WORKDIR "${WINDOWS_SDK_10_DIR}/Lib/${WINDOWS_SDK_10_20348_VERSION}/um/x86" +RUN cp psapi.lib Psapi.lib # Also, the OpenGL headers in the windows SDK is in a folder with lower case letters, which doesn't match the includes +WORKDIR "${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/um" RUN \ - echo "WIN32 WindowsKits ${WINDOWS_SDK_10_20348_VERSION} - OpenGL Cleanup" && \ - cd ${WINDOWS_SDK_10_DIR}/Include/${WINDOWS_SDK_10_20348_VERSION}/um && \ mkdir ./GL && \ cp -v ./gl/*.* ./GL/ +WORKDIR / + # Since dotnet cannot really cross compile, we need to create a "lib" shim for "wine lib.exe" # As long as it's in the path, it will be picked up RUN \ echo '#!/usr/bin/env bash' > /usr/bin/lib && \ - echo 'wine ${WINDOWS_VCINSTALLDIR_2022}/bin/Hostx64/x64/lib.exe $*' >> /usr/bin/lib && \ - chmod +x /usr/bin/lib + echo "wine ${WINDOWS_VCINSTALLDIR_2022}/bin/Hostx64/x64/lib.exe $*" >> /usr/bin/lib && \ + chmod +x /usr/bin/lib \ No newline at end of file diff --git a/server/docker/Dockerfile.winsdk.2022_144435207-env b/server/docker/Dockerfile.winsdk.2022_144435207-env index 9b4f445a..c6490393 100644 --- a/server/docker/Dockerfile.winsdk.2022_144435207-env +++ b/server/docker/Dockerfile.winsdk.2022_144435207-env @@ -13,59 +13,67 @@ ARG WINDOWS_MSVC_VERSION ARG WINDOWS_SDK_DIR ARG WINDOWS_MSVC_DIR +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN \ apt-get update && \ - apt-get install -y python3 python-is-python3 + apt-get install -y --no-install-recommends python3 python-is-python3 RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022 && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/Microsoft-Visual-Studio-2022-${WINDOWS_MSVC_VERSION}.tar.gz | tar xz -C ${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022 + mkdir -p "${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/Microsoft-Visual-Studio-2022-${WINDOWS_MSVC_VERSION}.tar.gz" | tar xz -C "${PLATFORMSDK_WIN32}/MicrosoftVisualStudio2022" && \ + mkdir -p "${PLATFORMSDK_WIN32}/WindowsKits" && \ + wget -q -O - "$(cat /run/secrets/DM_PACKAGES_URL)/WindowsKits-${WINDOWS_SDK_VERSION}.tar.gz" | tar xz -C "${PLATFORMSDK_WIN32}/WindowsKits" -RUN --mount=type=secret,id=DM_PACKAGES_URL,required=true \ - mkdir -p ${PLATFORMSDK_WIN32}/WindowsKits && \ - wget -q -O - $(cat /run/secrets/DM_PACKAGES_URL)/WindowsKits-${WINDOWS_SDK_VERSION}.tar.gz | tar xz -C ${PLATFORMSDK_WIN32}/WindowsKits +COPY winsdk_rename_files.py ${PLATFORMSDK_WIN32} # Due to Windows' case insensitive file system, the sources reference lib files with wrong cases # so we solve the bulk by making the suffixes lowercase. (e.g. MyLib.Lib -> MyLib.lib) -RUN find $PLATFORMSDK_WIN32 -iname '*.Lib' -type f -exec sh -c 'a=$(echo "$0" | sed -r "s/([^.]*)\$/\L\1/"); [ "$a" != "$0" ] && [ ! -f "$a" ] && ln -s "$0" "$a" ' {} \; - -COPY winsdk_rename_files.py ${PLATFORMSDK_WIN32} -RUN python ${PLATFORMSDK_WIN32}/winsdk_rename_files.py > ${PLATFORMSDK_WIN32}/rename.txt - +RUN find $PLATFORMSDK_WIN32 -iname '*.Lib' -type f -exec sh -c 'a=$(echo "$0" | sed -r "s/([^.]*)\$/\L\1/"); [ "$a" != "$0" ] && [ ! -f "$a" ] && ln -s "$0" "$a" ' {} \; && \ + python ${PLATFORMSDK_WIN32}/winsdk_rename_files.py > ${PLATFORMSDK_WIN32}/rename.txt && \ # Make a copy of all the headers too, in lower case (e.g. Windows.h -> windows.h etc) -RUN find $PLATFORMSDK_WIN32 -iname '*.h' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; - + find $PLATFORMSDK_WIN32 -iname '*.h' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; && \ # Make lower case links of libraries as well -RUN find ${WINDOWS_SDK_DIR}/Lib -iname '*.lib' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; + find ${WINDOWS_SDK_DIR}/Lib -iname '*.lib' -type f -exec sh -c 'd=$(dirname "$0"); a=$(basename "$0" | tr [:upper:] [:lower:]); [ "$a" != $(basename "$0") ] && [ ! -f "$d/$a" ] && ln -s "$0" "$d/$a" ' {} \; -RUN \ # and the rest are manually copied (or made lower case) - (cd ${WINDOWS_MSVC_DIR}/lib/x64 && cp oldnames.lib OLDNAMES.lib) && \ - (cd ${WINDOWS_MSVC_DIR}/lib/x86 && cp oldnames.lib OLDNAMES.lib) && \ - (cd ${WINDOWS_MSVC_DIR}/lib/x64 && cp libcmt.lib LIBCMT.lib) && \ - (cd ${WINDOWS_MSVC_DIR}/lib/x86 && cp libcmt.lib LIBCMT.lib) && \ - (cd ${WINDOWS_MSVC_DIR}/lib/x64 && cp delayimp.lib Delayimp.lib) && \ - (cd ${WINDOWS_MSVC_DIR}/lib/x86 && cp delayimp.lib Delayimp.lib) +WORKDIR "${WINDOWS_MSVC_DIR}/lib/x64" +RUN \ + cp oldnames.lib OLDNAMES.lib && \ + cp libcmt.lib LIBCMT.lib && \ + cp delayimp.lib Delayimp.lib + +WORKDIR "${WINDOWS_MSVC_DIR}/lib/x86" +RUN \ + cp oldnames.lib OLDNAMES.lib && \ + cp libcmt.lib LIBCMT.lib && \ + cp delayimp.lib Delayimp.lib # Some headers are named by the wrong name in the windows sdk's... # We need to make certain names lowercase because some users # have put "pragma lib" comments in some libraries :( # and/or misspelled header files +WORKDIR "${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/shared" RUN \ - (cd ${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/shared && cp driverspecs.h DriverSpecs.h) && \ - (cd ${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/shared && cp specstrings.h SpecStrings.h) && \ - (cd ${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/shared && cp concurrencysal.h ConcurrencySal.h) && \ - (cd ${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/shared && cp wlantypes.h WlanTypes.h) && \ - (cd ${WINDOWS_SDK_DIR}/Lib/${WINDOWS_SDK_VERSION}/um/x64 && cp psapi.lib Psapi.lib) && \ - (cd ${WINDOWS_SDK_DIR}/Lib/${WINDOWS_SDK_VERSION}/um/x86 && cp psapi.lib Psapi.lib) + cp driverspecs.h DriverSpecs.h && \ + cp specstrings.h SpecStrings.h && \ + cp concurrencysal.h ConcurrencySal.h && \ + cp wlantypes.h WlanTypes.h + +WORKDIR "${WINDOWS_SDK_DIR}/Lib/${WINDOWS_SDK_VERSION}/um/x64" +RUN cp psapi.lib Psapi.lib + +WORKDIR "${WINDOWS_SDK_DIR}/Lib/${WINDOWS_SDK_VERSION}/um/x86" +RUN cp psapi.lib Psapi.lib # Also, the OpenGL headers in the windows SDK is in a folder with lower case letters, which doesn't match the includes +WORKDIR "${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/um" RUN \ - echo "WIN32 WindowsKits ${WINDOWS_SDK_VERSION} - OpenGL Cleanup" && \ - cd ${WINDOWS_SDK_DIR}/Include/${WINDOWS_SDK_VERSION}/um && \ mkdir ./GL && \ cp -v ./gl/*.* ./GL/ +WORKDIR / + FROM europe-west1-docker.pkg.dev/extender-426409/extender-public-registry/extender-wine-env:1.7.0 ARG PLATFORMSDK_WIN32 @@ -91,15 +99,17 @@ COPY --from=build ${PLATFORMSDK_WIN32} ${PLATFORMSDK_WIN32} # windres: Allows for generating .res files that can be used during linking RUN \ apt-get update && \ - apt-get install -y binutils-mingw-w64-x86-64 gcc && \ + apt-get install -y --no-install-recommends binutils-mingw-w64-x86-64 gcc && \ ls -la /usr/bin/x86_64-w64-mingw32-windres && \ ln -s /usr/bin/x86_64-w64-mingw32-windres /usr/local/bin/windres && \ - ln -s $(which clang) $(dirname $(which clang))/x86_64-pc-win32-clang && \ - ln -s $(which llvm-ar) $(dirname $(which llvm-ar))/x86_64-pc-win32-clang-ar && \ + CLANG_EXEC="$(which clang)" && \ + LLVM_AR="$(which llvm-ar)" &&\ + ln -s "${CLANG_EXEC}" "$(dirname "${CLANG_EXEC}")/x86_64-pc-win32-clang" && \ + ln -s "${LLVM_AR}" "$(dirname "${LLVM_AR}")/x86_64-pc-win32-clang-ar" && \ # Since dotnet cannot really cross compile, we need to create a "lib" shim for "wine lib.exe" # As long as it's in the path, it will be picked up echo '#!/usr/bin/env bash' > /usr/bin/lib && \ - echo 'wine ${WINDOWS_VCINSTALLDIR}/bin/Hostx64/x64/lib.exe $*' >> /usr/bin/lib && \ + echo "wine ${WINDOWS_VCINSTALLDIR}/bin/Hostx64/x64/lib.exe $*" >> /usr/bin/lib && \ chmod +x /usr/bin/lib && \ apt-get autoremove -y && \ apt-get clean && \ From 60ef58b5619f91b976e6060253f181021d7d26d0 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 14:56:11 +0300 Subject: [PATCH 10/11] Review fixes --- server/docker/Dockerfile.winsdk.2022-env | 3 ++- server/docker/Dockerfile.winsdk.2022_144435207-env | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/server/docker/Dockerfile.winsdk.2022-env b/server/docker/Dockerfile.winsdk.2022-env index 482ba4c9..8c8b5cba 100644 --- a/server/docker/Dockerfile.winsdk.2022-env +++ b/server/docker/Dockerfile.winsdk.2022-env @@ -84,7 +84,8 @@ WORKDIR / # Since dotnet cannot really cross compile, we need to create a "lib" shim for "wine lib.exe" # As long as it's in the path, it will be picked up +# hadolint ignore=SC2016 RUN \ echo '#!/usr/bin/env bash' > /usr/bin/lib && \ - echo "wine ${WINDOWS_VCINSTALLDIR_2022}/bin/Hostx64/x64/lib.exe $*" >> /usr/bin/lib && \ + echo 'wine ${WINDOWS_VCINSTALLDIR_2022}/bin/Hostx64/x64/lib.exe $*' >> /usr/bin/lib && \ chmod +x /usr/bin/lib \ No newline at end of file diff --git a/server/docker/Dockerfile.winsdk.2022_144435207-env b/server/docker/Dockerfile.winsdk.2022_144435207-env index c6490393..74b11d60 100644 --- a/server/docker/Dockerfile.winsdk.2022_144435207-env +++ b/server/docker/Dockerfile.winsdk.2022_144435207-env @@ -97,6 +97,7 @@ ENV \ COPY --from=build ${PLATFORMSDK_WIN32} ${PLATFORMSDK_WIN32} # windres: Allows for generating .res files that can be used during linking +# hadolint ignore=SC2016 RUN \ apt-get update && \ apt-get install -y --no-install-recommends binutils-mingw-w64-x86-64 gcc && \ @@ -109,7 +110,7 @@ RUN \ # Since dotnet cannot really cross compile, we need to create a "lib" shim for "wine lib.exe" # As long as it's in the path, it will be picked up echo '#!/usr/bin/env bash' > /usr/bin/lib && \ - echo "wine ${WINDOWS_VCINSTALLDIR}/bin/Hostx64/x64/lib.exe $*" >> /usr/bin/lib && \ + echo 'wine ${WINDOWS_VCINSTALLDIR}/bin/Hostx64/x64/lib.exe $*' >> /usr/bin/lib && \ chmod +x /usr/bin/lib && \ apt-get autoremove -y && \ apt-get clean && \ From c896ab80377f38ea5b1f6c396f3d6827a2b6d310 Mon Sep 17 00:00:00 2001 From: Kharkunov Eugene Date: Thu, 16 Apr 2026 15:12:02 +0300 Subject: [PATCH 11/11] Fixed fetch depth in case of pull request (hadolint checks) --- .github/workflows/hadolint-check.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/hadolint-check.yml b/.github/workflows/hadolint-check.yml index 206e8577..73b9773c 100644 --- a/.github/workflows/hadolint-check.yml +++ b/.github/workflows/hadolint-check.yml @@ -14,7 +14,14 @@ jobs: outputs: dockerfiles: ${{ steps.list.outputs.dockerfiles }} steps: - - name: Checkout repository + - name: Checkout repository (pull request) + if: ${{ github.event_name == 'pull_request' }} + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + + - name: Checkout repository (regular) + if: ${{ github.event_name != 'pull_request' }} uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: List Dockerfiles