allow lower bound version pinning for apk (DL3018)

[stonecharioteer]

This PR addresses #782.

@lorenzo this is still a WIP, since my test is failing. I've never written haskell code before, so perhaps I'm missing something.

What I did

I've added an or section to the check for DL3018 so that it allows >= in apk add steps.

How I did it

I followed @lorenzo's instructions on #782.

How to verify it

stack test

The tests still fail, I'm not sure how to fix that. I could use some help there.

Aside: Additionally, this is a thing that could be used in all places where lower bounds are respected by the OS. This is supported even by yum, apt and pip. Should I implement it for those as well?

Thank you for guiding me in fixing this.

[stonecharioteer]

@lorenzo here's the error I get.

[lorenzo]

I'll take a look today

[stonecharioteer]

@lorenzo did you get time to take a look?

[m-ildefons]

Hi @stonecharioteer ,
The apk add command here is first parsed as shell, then parsed by the rule. Since > indicates redirection in POSIX shells, you need to make sure your version bounds are either quoted or escaped properly, e.g.:

RUN apk add --no-cache \
    "flex>=2.6.4-r1"

or in the test suite:

    let dockerfile =
        [ "RUN apk add --no-cache \\",
          "\"flex>=2.6.4-r1\" \\",
          "\"libffi>=3.2.1-r3\""
        ]