From 8a428b481548d64b03c26b46529ce1da982d6aff Mon Sep 17 00:00:00 2001 From: Mike Nye Date: Fri, 25 Mar 2022 13:07:15 +0800 Subject: [PATCH 01/43] prettify readme --- README.md | 45 +++++++++++++++++---------------------------- 1 file changed, 17 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 57d4a3e..a882421 100644 --- a/README.md +++ b/README.md @@ -23,34 +23,23 @@ steps: ## Inputs -| Name | Description | Default | -|------------------- |------------------------------------------ |----------------- | -| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | -| recursive | Search for specified dockerfile | false | -| | recursively, from the project root | | -| config | Custom path to a Hadolint config file | ./.hadolint.yaml | -| output-file | A sub-path where to save the | | -| | output as a file to | | -| no-color | Don't create colored output | | -| no-fail | Never fail the action | | -| verbose | Output more information | | -| format | The output format. One of [tty \| json \| | tty | -| | checkstyle \| codeclimate \| | | -| | gitlab_codeclimate \| codacy \| sarif] | | -| failure-threshold | Rule severity threshold for pipeline | info | -| | failure. One of [error \| warning \| | | -| | info \| style \| ignore] | | -| override-error | List of rules to treat with 'error' | | -| | severity | | -| override-warning | List of rules to treat with 'warning' | | -| | severity | | -| override-info | List of rules to treat with 'info' | | -| | severity | | -| override-style | List of rules to treat with 'style' | | -| | severity | | -| ignore | Space separated list of Hadolint rules to | | -| | ignore. | | -| trusted-registries | List of urls of trusted registries | | +| Name | Description | Default | +|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | +| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | +| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `no-color` | Don't create colored output | | +| `no-fail` | Never fail the action | | +| `verbose` | Output more information | | +| `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | +| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | +| `override-error` | List of rules to treat with `error` severity | | +| `override-warning` | List of rules to treat with `warning` severity | | +| `override-info` | List of rules to treat with `info` severity | | +| `override-style` | List of rules to treat with `style` severity | | +| `ignore` | Comma separated list of Hadolint rules to ignore. | | +| `trusted-registries` | List of urls of trusted registries | | ## Hadolint Configuration From 89e60e486833059dfeb56997efe2375d33c7525e Mon Sep 17 00:00:00 2001 From: Mike Nye Date: Fri, 25 Mar 2022 13:09:48 +0800 Subject: [PATCH 02/43] more info for inputs --- README.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a882421..67f6b00 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) - [![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) ## Usage @@ -29,17 +28,17 @@ steps: | `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | | `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | | `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output | | -| `no-fail` | Never fail the action | | -| `verbose` | Output more information | | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | | `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | -| `override-error` | List of rules to treat with `error` severity | | -| `override-warning` | List of rules to treat with `warning` severity | | -| `override-info` | List of rules to treat with `info` severity | | -| `override-style` | List of rules to treat with `style` severity | | +| `override-error` | Comma separated list of rules to treat with `error` severity | | +| `override-warning` | Comma separated list of rules to treat with `warning` severity | | +| `override-info` | Comma separated list of rules to treat with `info` severity | | +| `override-style` | Comma separated list of rules to treat with `style` severity | | | `ignore` | Comma separated list of Hadolint rules to ignore. | | -| `trusted-registries` | List of urls of trusted registries | | +| `trusted-registries` | Comma separated list of urls of trusted registries | | ## Hadolint Configuration From 83b3de1e17b6142475e2db4b6f3b77541cc28902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Fri, 25 Mar 2022 10:31:04 +0100 Subject: [PATCH 03/43] fix example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 67f6b00..84b3c0b 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v1.6.0 + - uses: hadolint/hadolint-action@v2.0.0 with: dockerfile: Dockerfile ``` From bc289f2eaa84c94cc5686b19f6e9d69696dcee46 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:51:31 +0200 Subject: [PATCH 04/43] feat: use 'set-output name=results' This will introduce a parameter with name results that holds the hadolint output. Other steps in a workflow can make use of this. Also fix an error with the piping to tee that was broken. --- hadolint.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index f0fd926..e33a516 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -23,25 +23,26 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi -OUTPUT= -if [ -n "$HADOLINT_OUTPUT" ]; then - if [ -f "$HADOLINT_OUTPUT" ]; then - HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" - fi - OUTPUT=" | tee $HADOLINT_OUTPUT" -fi - -FAILED=0 if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT || FAILED=1 + RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) else # shellcheck disable=SC2086 - hadolint $HADOLINT_CONFIG "$@" $OUTPUT || FAILED=1 + RESULTS=$(hadolint $HADOLINT_CONFIG "$@") +fi +FAILED=$? + +echo "::set-output name=results::$RESULTS" + +if [ -n "$HADOLINT_OUTPUT" ]; then + if [ -f "$HADOLINT_OUTPUT" ]; then + HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" + fi + echo "$RESULTS" > $HADOLINT_OUTPUT fi [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 1878581f63e113f9d829e91aca18c064d776b631 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:56:25 +0200 Subject: [PATCH 05/43] chore: fix typos --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 32cdadb..a35729b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ IMAGE_NAME:=hadolint-action -lint-dockerfile: ## Runs hadoint against application dockerfile +lint-dockerfile: ## Runs hadolint against application dockerfile @docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile lint-yaml: ## Lints yaml configurations @@ -12,8 +12,8 @@ build: ## Builds the docker image test: build ## Runs a test in the image @docker run -i --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ test \ --image $(IMAGE_NAME) \ --config test/structure-tests.yaml From 262f40397810c1a01998430f38b17cd9a7697707 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:57:07 +0200 Subject: [PATCH 06/43] chore: add simple integration test --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f80523d..2d6db56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,11 +71,16 @@ jobs: - name: Run integration test 5 - output format # This step will never fail, but will print out rule violations. + id: hadolint5 uses: ./ with: dockerfile: testdata/warning.Dockerfile config: testdata/hadolint.yaml + - name: Run integration test 6 - verify results output parameter + # This step will never fail, but will print out the results from step5 + run: echo {{ steps.hadolint5.outputs.results }} + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From 8ea032569b24dae3bbdf98a0029fbc1fbb51f067 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:01:01 +0200 Subject: [PATCH 07/43] chore: empty commit to trigger ci From 0c7fcaa67b450ad5a798c9041387d29625497353 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:03:56 +0200 Subject: [PATCH 08/43] chore: typo --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2d6db56..78cbad4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo {{ steps.hadolint5.outputs.results }} + run: echo ${{ steps.hadolint5.outputs.results }} #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. From e3462c378d887a5572c5a13c7a7b4e254dcfa226 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:08:14 +0200 Subject: [PATCH 09/43] chore: quotes to not parse it by mistake --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78cbad4..5af4b0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo ${{ steps.hadolint5.outputs.results }} + run: echo "${{ steps.hadolint5.outputs.results }}" #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. From a8bbf351c01209b4ebd877e26005e8929054dcdb Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:31:29 +0200 Subject: [PATCH 10/43] chore: update PR with text as test of results --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5af4b0d..87d9e3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,6 +81,26 @@ jobs: # This step will never fail, but will print out the results from step5 run: echo "${{ steps.hadolint5.outputs.results }}" + - name: Update Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + with: + script: | + const output = ` + #### Hadolint: \`${{ steps.hadolint.outcome }}\` + _output from integration test 5_ + \`\`\` + ${{ steps.hadolint5.outputs.results }} + \`\`\` + `; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From 5fc1b0e2fbe6dd3e10bb58342a65dd14a3e17282 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 11:14:55 +0200 Subject: [PATCH 11/43] chore: escape backticks in results var --- hadolint.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index e33a516..c08c64b 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -36,8 +36,6 @@ else fi FAILED=$? -echo "::set-output name=results::$RESULTS" - if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" @@ -45,6 +43,9 @@ if [ -n "$HADOLINT_OUTPUT" ]; then echo "$RESULTS" > $HADOLINT_OUTPUT fi +RESULTS="${RESULTS//\`/\\\`}" +echo "::set-output name=results::$RESULTS" + [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" exit $FAILED From 1dd44fc4932800c5a933bcddee6437a2750ec005 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:45:58 +0200 Subject: [PATCH 12/43] chore: fix issue with multiline strings in output Looking at [1] this should do some magic, so let's see. [1] https://github.community/t/set-output-truncates-multiline-strings/16852 --- hadolint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hadolint.sh b/hadolint.sh index c08c64b..56aa1e2 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -43,7 +43,7 @@ if [ -n "$HADOLINT_OUTPUT" ]; then echo "$RESULTS" > $HADOLINT_OUTPUT fi -RESULTS="${RESULTS//\`/\\\`}" +RESULTS="${RESULTS//$'\\n'/''}" echo "::set-output name=results::$RESULTS" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 652bc66203a03ad8b31557e3e24ae3443232cd34 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:49:42 +0200 Subject: [PATCH 13/43] chore: also push results to env var --- hadolint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hadolint.sh b/hadolint.sh index 56aa1e2..cb8503a 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -46,6 +46,8 @@ fi RESULTS="${RESULTS//$'\\n'/''}" echo "::set-output name=results::$RESULTS" +{ echo "HADOLINT_RESULTS<> $GITHUB_ENV + [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" exit $FAILED From a78be8d38674394a7833bd45b59f37243618d966 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:52:56 +0200 Subject: [PATCH 14/43] chore: use env var --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87d9e3b..8cad972 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: #### Hadolint: \`${{ steps.hadolint.outcome }}\` _output from integration test 5_ \`\`\` - ${{ steps.hadolint5.outputs.results }} + ${process.env.HADOLINT_RESULTS} \`\`\` `; From 724e05f46b0c0a5d951dd0e3605d1abf2fffd069 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:57:54 +0200 Subject: [PATCH 15/43] chore: typo in step id --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cad972..311b9ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: with: script: | const output = ` - #### Hadolint: \`${{ steps.hadolint.outcome }}\` + #### Hadolint: \`${{ steps.hadolint5.outcome }}\` _output from integration test 5_ \`\`\` ${process.env.HADOLINT_RESULTS} From 2faf5c6ef4f398f4c20b20759d5b0acb13fff853 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 14:17:52 +0200 Subject: [PATCH 16/43] chore: remove createComment(), depends on githubToken scopes --- .github/workflows/ci.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 311b9ab..5af4b0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,26 +81,6 @@ jobs: # This step will never fail, but will print out the results from step5 run: echo "${{ steps.hadolint5.outputs.results }}" - - name: Update Pull Request - uses: actions/github-script@v6 - if: github.event_name == 'pull_request' - with: - script: | - const output = ` - #### Hadolint: \`${{ steps.hadolint5.outcome }}\` - _output from integration test 5_ - \`\`\` - ${process.env.HADOLINT_RESULTS} - \`\`\` - `; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) - #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From d73282b64c1cb799e8cb5efd4af9834e0bd0b98e Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 14:56:53 +0200 Subject: [PATCH 17/43] chore: update readme --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index 84b3c0b..4630fdd 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,33 @@ steps: | `ignore` | Comma separated list of Hadolint rules to ignore. | | | `trusted-registries` | Comma separated list of urls of trusted registries | | +## Output + +The Action will store results in an environment variable that can be used in other steps in a workflow. + +Example to create a comment in a PR: + +``` +- name: Update Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + with: + script: | + const output = ` + #### Hadolint: \`${{ steps.hadolint5.outcome }}\` + \`\`\` + ${process.env.HADOLINT_RESULTS} + \`\`\` + `; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) +``` + ## Hadolint Configuration To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure). From 55991004e8a2f2476dd7c26f265828099644b503 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 15:31:54 +0200 Subject: [PATCH 18/43] chore: spotted a little typo in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4630fdd..e2e6b74 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Example to create a comment in a PR: with: script: | const output = ` - #### Hadolint: \`${{ steps.hadolint5.outcome }}\` + #### Hadolint: \`${{ steps.hadolint.outcome }}\` \`\`\` ${process.env.HADOLINT_RESULTS} \`\`\` From d51839a6b581264c524e3ad9d7377ae4d89ff106 Mon Sep 17 00:00:00 2001 From: Mike Gray Date: Sat, 23 Apr 2022 10:19:23 -0400 Subject: [PATCH 19/43] Update usage example "Example to create a comment in a PR" doesn't work with v2.0.0 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e2e6b74..eabcb78 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v2.0.0 + - uses: hadolint/hadolint-action@v2.1.0 with: dockerfile: Dockerfile ``` From 169ddcf26544b892e9224ce0e8a862ce8aaa2d49 Mon Sep 17 00:00:00 2001 From: offa Date: Fri, 13 May 2022 12:48:12 +0200 Subject: [PATCH 20/43] Update hadolint to 2.10 Use GHCR instead of Dockerhub and a fully qualified FROM --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 57da5f5..791df4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.9.3-debian +FROM ghcr.io/hadolint/hadolint:v2.10.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 68a2276a3c904096109c871d80d5131d654ee338 Mon Sep 17 00:00:00 2001 From: mrdoodles <19146299+mrdoodles@users.noreply.github.com> Date: Tue, 8 Nov 2022 21:33:58 +0000 Subject: [PATCH 21/43] fix-github-deprecations --- .github/workflows/ci.yml | 6 +++--- hadolint.sh | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5af4b0d..ab0d9c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 container: pipelinecomponents/hadolint:0.10.1 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Run hadolint run: hadolint Dockerfile @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-20.04 needs: ["lint"] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build Docker image run: docker build -t $TEST_IMAGE_NAME . @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-20.04 needs: build-test steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Run integration test 1 uses: ./ diff --git a/hadolint.sh b/hadolint.sh index cb8503a..4231068 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -44,7 +44,10 @@ if [ -n "$HADOLINT_OUTPUT" ]; then fi RESULTS="${RESULTS//$'\\n'/''}" -echo "::set-output name=results::$RESULTS" + +echo "results<> $GITHUB_OUTPUT +echo "${RESULTS}" >> $GITHUB_OUTPUT +echo "EOF" >> $GITHUB_OUTPUT { echo "HADOLINT_RESULTS<> $GITHUB_ENV From e81a8de9db6e97077ca0483f083522437c894ea6 Mon Sep 17 00:00:00 2001 From: Gonzalo Tixilima Date: Fri, 11 Nov 2022 01:18:35 -0500 Subject: [PATCH 22/43] upgrade hadolint to 2.11 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 791df4c..4ae99af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.10.0-debian +FROM ghcr.io/hadolint/hadolint:v2.11.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 48c412037743cf755041f57f8a9d6d5be0f0eba2 Mon Sep 17 00:00:00 2001 From: Gonzalo Tixilima Date: Fri, 11 Nov 2022 05:52:50 -0500 Subject: [PATCH 23/43] upgrade hadolint to 2.12 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4ae99af..102a9b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.11.0-debian +FROM ghcr.io/hadolint/hadolint:v2.12.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 77e79bb879e179a6f5f5a680d99d03589d77cd92 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Tue, 15 Nov 2022 20:14:37 +0100 Subject: [PATCH 24/43] Some shellcheck fixes and new input (#1) --- .github/workflows/ci.yml | 18 +++++++++++++++++- .gitignore | 1 + README.md | 35 ++++++++++++++++++----------------- action.yml | 5 +++++ hadolint.sh | 25 ++++++++++++++++--------- 5 files changed, 57 insertions(+), 27 deletions(-) create mode 100644 .gitignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab0d9c5..1d3450a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,23 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo "${{ steps.hadolint5.outputs.results }}" + env: + results: ${{ steps.hadolint5.outputs.results }} + run: echo "$results" + + - name: Run integration test 7 - set recursive + uses: ./ + with: + dockerfile: "*Dockerfile" + failure-threshold: error + recursive: true + + - name: Run integration test 8 - print results to console + uses: ./ + with: + dockerfile: testdata/warning.Dockerfile + failure-threshold: error + results-to-console: true #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..485dee6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea diff --git a/README.md b/README.md index eabcb78..cfa8820 100644 --- a/README.md +++ b/README.md @@ -22,23 +22,24 @@ steps: ## Inputs -| Name | Description | Default | -|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| -| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | -| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | -| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | -| `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | -| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | -| `override-error` | Comma separated list of rules to treat with `error` severity | | -| `override-warning` | Comma separated list of rules to treat with `warning` severity | | -| `override-info` | Comma separated list of rules to treat with `info` severity | | -| `override-style` | Comma separated list of rules to treat with `style` severity | | -| `ignore` | Comma separated list of Hadolint rules to ignore. | | -| `trusted-registries` | Comma separated list of urls of trusted registries | | +| Name | Description | Default | +|----------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | +| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | +| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `results-to-console` | The flag to print Hadolint results to console | `false` | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | +| `format` | The output format. One of [`tty` \ | `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | +| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \ | `warning` \|
`info` \| `style` \| `ignore`] | `info` | +| `override-error` | Comma separated list of rules to treat with `error` severity | | +| `override-warning` | Comma separated list of rules to treat with `warning` severity | | +| `override-info` | Comma separated list of rules to treat with `info` severity | | +| `override-style` | Comma separated list of rules to treat with `style` severity | | +| `ignore` | Comma separated list of Hadolint rules to ignore. | | +| `trusted-registries` | Comma separated list of urls of trusted registries | | ## Output diff --git a/action.yml b/action.yml index 443cf93..e319998 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,10 @@ inputs: required: false description: 'The path where to save the linting results to' default: + results-to-console: + required: false + description: 'The flag to print Hadolint results to console' + default: false # standart hadolint options: no-color: @@ -95,6 +99,7 @@ runs: HADOLINT_CONFIG: ${{ inputs.config }} HADOLINT_RECURSIVE: ${{ inputs.recursive }} HADOLINT_OUTPUT: ${{ inputs.output-file }} + HADOLINT_RESULTS_TO_CONSOLE: ${{ inputs.results-to-console }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index 4231068..af507de 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -3,7 +3,10 @@ # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -cp /problem-matcher.json "$HOME/" +PROBLEM_MATCHER_FILE="/problem-matcher.json" +if [ -f "$PROBLEM_MATCHER_FILE" ]; then + cp "$PROBLEM_MATCHER_FILE" "$HOME/" +fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove @@ -23,16 +26,18 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi +COMMAND="hadolint $HADOLINT_CONFIG" + if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) + RESULTS=$(eval "$COMMAND $flags" -- **/$filename) else - # shellcheck disable=SC2086 - RESULTS=$(hadolint $HADOLINT_CONFIG "$@") + + RESULTS=$(eval "$COMMAND" "$@") fi FAILED=$? @@ -40,16 +45,18 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > $HADOLINT_OUTPUT + echo "$RESULTS" > "$HADOLINT_OUTPUT" +fi + +if [ "$HADOLINT_RESULTS_TO_CONSOLE" = "true" ]; then + echo "$RESULTS" fi RESULTS="${RESULTS//$'\\n'/''}" -echo "results<> $GITHUB_OUTPUT -echo "${RESULTS}" >> $GITHUB_OUTPUT -echo "EOF" >> $GITHUB_OUTPUT +{ echo "results<> "$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> $GITHUB_ENV +{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 676012c475c665658957b7e3276552fb129bc112 Mon Sep 17 00:00:00 2001 From: Jennifer Cwagenberg Date: Sat, 14 Jan 2023 14:59:41 -0600 Subject: [PATCH 25/43] update example usage in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eabcb78..939f959 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ Add the following step to your workflow configuration: ```yml steps: - - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v2.1.0 + - uses: actions/checkout@v3 + - uses: hadolint/hadolint-action@v3.0.0 with: dockerfile: Dockerfile ``` From e88bddc55d1b64a4ddea065683a9a6c0bd078465 Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Tue, 17 Jan 2023 15:05:26 +0100 Subject: [PATCH 26/43] Fix the url to the build badge As suggested in https://github.com/badges/shields/issues/8671 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eabcb78..efe3f8f 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,8 @@ [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) -[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) +[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) + ## Usage From 1a139ce6cc2975def9376bf648923108a713042b Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Tue, 17 Jan 2023 15:38:26 +0100 Subject: [PATCH 27/43] Make output-file by default to /dev/stdout To fix https://github.com/hadolint/hadolint-action/issues/60 in hadolint-action>v2.0.0 --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 443cf93..e1c9fba 100644 --- a/action.yml +++ b/action.yml @@ -18,7 +18,7 @@ inputs: output-file: required: false description: 'The path where to save the linting results to' - default: + default: "/dev/stdout" # standart hadolint options: no-color: From 54c9adbab1582c2ef04b2016b760714a4bfde3cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Tue, 17 Jan 2023 17:19:55 +0100 Subject: [PATCH 28/43] fix release --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab0d9c5..ba3bfb3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,7 +96,7 @@ jobs: needs: integration-tests steps: - uses: actions/checkout@v2 - - uses: cycjimmy/semantic-release-action@v2 + - uses: cycjimmy/semantic-release-action@v3 with: extra_plugins: | @semantic-release/git From a4d0f06c93b55ad8a6f376988283d88cb988178c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Wed, 18 Jan 2023 19:22:00 +0100 Subject: [PATCH 29/43] Revert "Some `shellcheck` fixes and new input to print Hadolint results to console" --- .github/workflows/ci.yml | 18 +----------------- .gitignore | 1 - README.md | 35 +++++++++++++++++------------------ action.yml | 6 +----- hadolint.sh | 25 +++++++++---------------- 5 files changed, 28 insertions(+), 57 deletions(-) delete mode 100644 .gitignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 277c0d8..ba3bfb3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,23 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - env: - results: ${{ steps.hadolint5.outputs.results }} - run: echo "$results" - - - name: Run integration test 7 - set recursive - uses: ./ - with: - dockerfile: "*Dockerfile" - failure-threshold: error - recursive: true - - - name: Run integration test 8 - print results to console - uses: ./ - with: - dockerfile: testdata/warning.Dockerfile - failure-threshold: error - results-to-console: true + run: echo "${{ steps.hadolint5.outputs.results }}" #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 485dee6..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.idea diff --git a/README.md b/README.md index 7d6fd9a..3e3809e 100644 --- a/README.md +++ b/README.md @@ -23,24 +23,23 @@ steps: ## Inputs -| Name | Description | Default | -|----------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------| -| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | -| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | -| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `results-to-console` | The flag to print Hadolint results to console | `false` | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | -| `format` | The output format. One of [`tty` \ | `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | -| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \ | `warning` \|
`info` \| `style` \| `ignore`] | `info` | -| `override-error` | Comma separated list of rules to treat with `error` severity | | -| `override-warning` | Comma separated list of rules to treat with `warning` severity | | -| `override-info` | Comma separated list of rules to treat with `info` severity | | -| `override-style` | Comma separated list of rules to treat with `style` severity | | -| `ignore` | Comma separated list of Hadolint rules to ignore. | | -| `trusted-registries` | Comma separated list of urls of trusted registries | | +| Name | Description | Default | +|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | +| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | +| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | +| `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | +| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | +| `override-error` | Comma separated list of rules to treat with `error` severity | | +| `override-warning` | Comma separated list of rules to treat with `warning` severity | | +| `override-info` | Comma separated list of rules to treat with `info` severity | | +| `override-style` | Comma separated list of rules to treat with `style` severity | | +| `ignore` | Comma separated list of Hadolint rules to ignore. | | +| `trusted-registries` | Comma separated list of urls of trusted registries | | ## Output diff --git a/action.yml b/action.yml index f0fa9ab..e1c9fba 100644 --- a/action.yml +++ b/action.yml @@ -19,10 +19,7 @@ inputs: required: false description: 'The path where to save the linting results to' default: "/dev/stdout" - results-to-console: - required: false - description: 'The flag to print Hadolint results to console' - default: false + # standart hadolint options: no-color: required: false @@ -98,7 +95,6 @@ runs: HADOLINT_CONFIG: ${{ inputs.config }} HADOLINT_RECURSIVE: ${{ inputs.recursive }} HADOLINT_OUTPUT: ${{ inputs.output-file }} - HADOLINT_RESULTS_TO_CONSOLE: ${{ inputs.results-to-console }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index af507de..4231068 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -3,10 +3,7 @@ # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -PROBLEM_MATCHER_FILE="/problem-matcher.json" -if [ -f "$PROBLEM_MATCHER_FILE" ]; then - cp "$PROBLEM_MATCHER_FILE" "$HOME/" -fi +cp /problem-matcher.json "$HOME/" # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove @@ -26,18 +23,16 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi -COMMAND="hadolint $HADOLINT_CONFIG" - if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - RESULTS=$(eval "$COMMAND $flags" -- **/$filename) + RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) else - - RESULTS=$(eval "$COMMAND" "$@") + # shellcheck disable=SC2086 + RESULTS=$(hadolint $HADOLINT_CONFIG "$@") fi FAILED=$? @@ -45,18 +40,16 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > "$HADOLINT_OUTPUT" -fi - -if [ "$HADOLINT_RESULTS_TO_CONSOLE" = "true" ]; then - echo "$RESULTS" + echo "$RESULTS" > $HADOLINT_OUTPUT fi RESULTS="${RESULTS//$'\\n'/''}" -{ echo "results<> "$GITHUB_OUTPUT" +echo "results<> $GITHUB_OUTPUT +echo "${RESULTS}" >> $GITHUB_OUTPUT +echo "EOF" >> $GITHUB_OUTPUT -{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" +{ echo "HADOLINT_RESULTS<> $GITHUB_ENV [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From a17195f03eccfa4994f0a3c2b53175d4b70de259 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Thu, 19 Jan 2023 20:09:05 +0100 Subject: [PATCH 30/43] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#1) --- .github/workflows/ci.yml | 36 +++++++++++++++++++++++++++++++----- README.md | 8 ++++---- hadolint.sh | 26 +++++++++++++++----------- 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba3bfb3..c2f9eb5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,10 +18,24 @@ jobs: - name: Run hadolint run: hadolint Dockerfile + shellcheck: + name: ShellCheck + runs-on: ubuntu-20.04 + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v3 + - name: Run ShellCheck + uses: reviewdog/action-shellcheck@v1.16.0 + with: + reporter: github-pr-review + fail_on_error: true + build-test: name: Build and Test runs-on: ubuntu-20.04 - needs: ["lint"] + needs: [ "lint", "shellcheck" ] steps: - uses: actions/checkout@v3 - name: Build Docker image @@ -69,8 +83,9 @@ jobs: failure-threshold: error format: json - - name: Run integration test 5 - output format - # This step will never fail, but will print out rule violations. + - name: Run integration test 5 - config file + # This step will never fail, but will print out rule violations + # because in config is set the error failure threshold. id: hadolint5 uses: ./ with: @@ -79,9 +94,20 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo "${{ steps.hadolint5.outputs.results }}" + env: + results: ${{ steps.hadolint5.outputs.results }} + run: echo "$results" - #- name: Run integration test 6 - output to file + - name: Run integration test 7 - set recursive + # This step will never fail, but will print out rule violations + # for all the Dockerfiles in repository. + uses: ./ + with: + dockerfile: "*Dockerfile" + failure-threshold: error + recursive: true + + #- name: Run integration test 8 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ # with: diff --git a/README.md b/README.md index 3e3809e..7dade9b 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,10 @@ steps: | `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | | `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | | `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | +| `output-file` | A sub-path where to save the
output as a file to | `/dev/stdout` | +| `no-color` | Don't create colored output (`true`/`false`) | `false` | +| `no-fail` | Never fail the action (`true`/`false`) | `false` | +| `verbose` | Output more information (`true`/`false`) | `false` | | `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | | `override-error` | Comma separated list of rules to treat with `error` severity | | diff --git a/hadolint.sh b/hadolint.sh index 4231068..d0024ff 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -1,13 +1,16 @@ #!/bin/bash - # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -cp /problem-matcher.json "$HOME/" +PROBLEM_MATCHER_FILE="/problem-matcher.json" +if [ -f "$PROBLEM_MATCHER_FILE" ]; then + cp "$PROBLEM_MATCHER_FILE" "$HOME/" +fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. +# shellcheck disable=SC2317 cleanup() { echo "::remove-matcher owner=brpaz/hadolint-action::" } @@ -23,16 +26,19 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi +COMMAND="hadolint $HADOLINT_CONFIG" + if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${@:1:$#-1}" - RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) + flags="${*:1:$#-1}" + + RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") else - # shellcheck disable=SC2086 - RESULTS=$(hadolint $HADOLINT_CONFIG "$@") + flags=$* + RESULTS=$(eval "$COMMAND" "$flags") fi FAILED=$? @@ -40,16 +46,14 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > $HADOLINT_OUTPUT + echo "$RESULTS" > "$HADOLINT_OUTPUT" fi RESULTS="${RESULTS//$'\\n'/''}" -echo "results<> $GITHUB_OUTPUT -echo "${RESULTS}" >> $GITHUB_OUTPUT -echo "EOF" >> $GITHUB_OUTPUT +{ echo "results<> "$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> $GITHUB_ENV +{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 726b0bb29856ca7d00bd951f318365100bac8382 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Thu, 19 Jan 2023 20:16:51 +0100 Subject: [PATCH 31/43] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#2) --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c2f9eb5..3acd3eb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -120,6 +120,8 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: integration-tests + permissions: + contents: write steps: - uses: actions/checkout@v2 - uses: cycjimmy/semantic-release-action@v3 From 218bc411d78ba9386a35739e173a7065f400adb8 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Fri, 20 Jan 2023 09:55:56 +0100 Subject: [PATCH 32/43] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#3) Co-authored-by: OCP4 migration script --- .github/workflows/ci.yml | 10 +++++----- hadolint.sh | 21 ++++++++++++++------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3acd3eb..54763d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,11 @@ on: env: TEST_IMAGE_NAME: hadolint-action:${{github.sha}} +permissions: + contents: write + issues: write # Used by Release step to update "The automated release is failing" issue + pull-requests: write # Used by ShellCheck Action to add comments on PR + jobs: lint: name: Lint @@ -21,9 +26,6 @@ jobs: shellcheck: name: ShellCheck runs-on: ubuntu-20.04 - permissions: - contents: read - pull-requests: write steps: - uses: actions/checkout@v3 - name: Run ShellCheck @@ -120,8 +122,6 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: integration-tests - permissions: - contents: write steps: - uses: actions/checkout@v2 - uses: cycjimmy/semantic-release-action@v3 diff --git a/hadolint.sh b/hadolint.sh index d0024ff..d28035d 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -5,14 +5,14 @@ PROBLEM_MATCHER_FILE="/problem-matcher.json" if [ -f "$PROBLEM_MATCHER_FILE" ]; then - cp "$PROBLEM_MATCHER_FILE" "$HOME/" + cp "$PROBLEM_MATCHER_FILE" "$HOME/" fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. # shellcheck disable=SC2317 cleanup() { - echo "::remove-matcher owner=brpaz/hadolint-action::" + echo "::remove-matcher owner=brpaz/hadolint-action::" } trap cleanup EXIT @@ -23,7 +23,7 @@ if [ -n "$HADOLINT_CONFIG" ]; then fi if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then - unset HADOLINT_TRUSTED_REGISTRIES; + unset HADOLINT_TRUSTED_REGISTRIES fi COMMAND="hadolint $HADOLINT_CONFIG" @@ -32,7 +32,6 @@ if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${*:1:$#-1}" RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") @@ -46,14 +45,22 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > "$HADOLINT_OUTPUT" + echo "$RESULTS" >"$HADOLINT_OUTPUT" fi RESULTS="${RESULTS//$'\\n'/''}" -{ echo "results<> "$GITHUB_OUTPUT" +{ + echo "results<>"$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" +{ + echo "HADOLINT_RESULTS<>"$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 7857e0b9ce8c651778ec7a3ea66f1fe8ebea436b Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Wed, 8 Feb 2023 07:12:24 +0100 Subject: [PATCH 33/43] Example uses 3.1.0, too --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3e3809e..32e9803 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v3 - - uses: hadolint/hadolint-action@v3.0.0 + - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile ``` From 715c3070466c5927407738bf9293e6b67858045e Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Sun, 20 Jul 2025 00:26:51 -0300 Subject: [PATCH 34/43] Update hadolint to v2.13.1-beta2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 102a9b9..4a5dcf4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.12.0-debian +FROM ghcr.io/hadolint/hadolint:v2.13.1-beta2-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 2f0331e82152a2dd3f73cf3106b0aa5cd71d161a Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Sun, 20 Jul 2025 00:31:17 -0300 Subject: [PATCH 35/43] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4a5dcf4..8323dfa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.13.1-beta2-debian +FROM hadolint/hadolint:v2.13.1-beta2-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From cc71e1bfd17cf3389c7580e08c43e1bd7defc130 Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Tue, 2 Sep 2025 14:10:17 -0300 Subject: [PATCH 36/43] Update Dockerfile to use stable hadolint version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8323dfa..209d5f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.13.1-beta2-debian +FROM hadolint/hadolint:v2.13.1-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 24598f413ebc646232a0218bac5e314f7a8632ce Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Tue, 2 Sep 2025 14:10:55 -0300 Subject: [PATCH 37/43] Update base image for Hadolint --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 209d5f7..cbb24e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.13.1-debian +FROM ghcr.io/hadolint/hadolint:v2.13.1-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 8bde06f9ce374f8d841c43a38da556483c397f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Wed, 3 Sep 2025 11:45:35 +0200 Subject: [PATCH 38/43] Update CI yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update versions of runner images and action steps Signed-off-by: Moritz Röhrich --- .github/workflows/ci.yml | 44 ++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54763d8..6c494c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,36 +10,41 @@ env: permissions: contents: write - issues: write # Used by Release step to update "The automated release is failing" issue - pull-requests: write # Used by ShellCheck Action to add comments on PR + issues: write # Used by Release step to update "The automated release is failing" issue + pull-requests: write # Used by ShellCheck Action to add comments on PR jobs: lint: name: Lint - runs-on: ubuntu-20.04 - container: pipelinecomponents/hadolint:0.10.1 + runs-on: ubuntu-24.04 + container: pipelinecomponents/hadolint:0.27.2 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 + - name: Run hadolint run: hadolint Dockerfile shellcheck: name: ShellCheck - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 + - name: Run ShellCheck - uses: reviewdog/action-shellcheck@v1.16.0 + uses: reviewdog/action-shellcheck@v1.31.0 with: reporter: github-pr-review fail_on_error: true build-test: name: Build and Test - runs-on: ubuntu-20.04 - needs: [ "lint", "shellcheck" ] + runs-on: ubuntu-24.04 + needs: + - lint + - shellcheck steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 + - name: Build Docker image run: docker build -t $TEST_IMAGE_NAME . @@ -50,10 +55,11 @@ jobs: integration-tests: name: Integration Tests - runs-on: ubuntu-20.04 - needs: build-test + runs-on: ubuntu-24.04 + needs: + - build-test steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Run integration test 1 uses: ./ @@ -120,11 +126,13 @@ jobs: release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' name: Release - runs-on: ubuntu-20.04 - needs: integration-tests + runs-on: ubuntu-24.04 + needs: + - integration-tests steps: - - uses: actions/checkout@v2 - - uses: cycjimmy/semantic-release-action@v3 + - uses: actions/checkout@v5 + + - uses: cycjimmy/semantic-release-action@v5 with: extra_plugins: | @semantic-release/git From 45eb072a0b555fab4dfc5b7f863a41b150431d11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Wed, 3 Sep 2025 15:22:29 +0200 Subject: [PATCH 39/43] Trigger release workflow on tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moritz Röhrich --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6c494c5..2485573 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,12 @@ name: "CI" on: push: + tags: + - "v*" + branches: - master + pull_request: env: From 3fc49fb50d59c6ab7917a2e4195dba633e515b29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Wed, 3 Sep 2025 15:29:46 +0200 Subject: [PATCH 40/43] feat: new minor release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moritz Röhrich From 0931ae097296863e5f188b8c6a0c5f9b95f79793 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Mon, 22 Sep 2025 13:33:25 +0200 Subject: [PATCH 41/43] Release v3.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moritz Röhrich --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cbb24e2..93a3909 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.13.1-debian +FROM ghcr.io/hadolint/hadolint:v2.14.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 2bfd2b95f895100db2ca84c3054a8ce50f1fc611 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Mon, 22 Sep 2025 13:41:56 +0200 Subject: [PATCH 42/43] Don't trigger release workflow on Tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tags are automatically generated and applied by the release action Signed-off-by: Moritz Röhrich --- .github/workflows/ci.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2485573..3a5f201 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,6 @@ name: "CI" on: push: - tags: - - "v*" - branches: - master From 2332a7b74a6de0dda2e2221d575162eba76ba5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Mon, 22 Sep 2025 13:43:49 +0200 Subject: [PATCH 43/43] feat: trigger release workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Release action only triggers if there is a commit with a keyword in the title since the last release tag was made... Signed-off-by: Moritz Röhrich