diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3a5f201..ba3bfb3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,49 +3,27 @@ on: push: branches: - master - pull_request: env: TEST_IMAGE_NAME: hadolint-action:${{github.sha}} -permissions: - contents: write - issues: write # Used by Release step to update "The automated release is failing" issue - pull-requests: write # Used by ShellCheck Action to add comments on PR - jobs: lint: name: Lint - runs-on: ubuntu-24.04 - container: pipelinecomponents/hadolint:0.27.2 + runs-on: ubuntu-20.04 + container: pipelinecomponents/hadolint:0.10.1 steps: - - uses: actions/checkout@v5 - + - uses: actions/checkout@v3 - name: Run hadolint run: hadolint Dockerfile - shellcheck: - name: ShellCheck - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v5 - - - name: Run ShellCheck - uses: reviewdog/action-shellcheck@v1.31.0 - with: - reporter: github-pr-review - fail_on_error: true - build-test: name: Build and Test - runs-on: ubuntu-24.04 - needs: - - lint - - shellcheck + runs-on: ubuntu-20.04 + needs: ["lint"] steps: - - uses: actions/checkout@v5 - + - uses: actions/checkout@v3 - name: Build Docker image run: docker build -t $TEST_IMAGE_NAME . @@ -56,11 +34,10 @@ jobs: integration-tests: name: Integration Tests - runs-on: ubuntu-24.04 - needs: - - build-test + runs-on: ubuntu-20.04 + needs: build-test steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v3 - name: Run integration test 1 uses: ./ @@ -92,9 +69,8 @@ jobs: failure-threshold: error format: json - - name: Run integration test 5 - config file - # This step will never fail, but will print out rule violations - # because in config is set the error failure threshold. + - name: Run integration test 5 - output format + # This step will never fail, but will print out rule violations. id: hadolint5 uses: ./ with: @@ -103,20 +79,9 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - env: - results: ${{ steps.hadolint5.outputs.results }} - run: echo "$results" + run: echo "${{ steps.hadolint5.outputs.results }}" - - name: Run integration test 7 - set recursive - # This step will never fail, but will print out rule violations - # for all the Dockerfiles in repository. - uses: ./ - with: - dockerfile: "*Dockerfile" - failure-threshold: error - recursive: true - - #- name: Run integration test 8 - output to file + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ # with: @@ -127,13 +92,11 @@ jobs: release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' name: Release - runs-on: ubuntu-24.04 - needs: - - integration-tests + runs-on: ubuntu-20.04 + needs: integration-tests steps: - - uses: actions/checkout@v5 - - - uses: cycjimmy/semantic-release-action@v5 + - uses: actions/checkout@v2 + - uses: cycjimmy/semantic-release-action@v3 with: extra_plugins: | @semantic-release/git diff --git a/Dockerfile b/Dockerfile index 93a3909..102a9b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.14.0-debian +FROM ghcr.io/hadolint/hadolint:v2.12.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh diff --git a/README.md b/README.md index 0ecee3f..eabcb78 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,7 @@ [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) -[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) - +[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) ## Usage @@ -15,8 +14,8 @@ Add the following step to your workflow configuration: ```yml steps: - - uses: actions/checkout@v3 - - uses: hadolint/hadolint-action@v3.1.0 + - uses: actions/checkout@v2 + - uses: hadolint/hadolint-action@v2.1.0 with: dockerfile: Dockerfile ``` @@ -28,10 +27,10 @@ steps: | `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | | `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | | `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | `/dev/stdout` | -| `no-color` | Don't create colored output (`true`/`false`) | `false` | -| `no-fail` | Never fail the action (`true`/`false`) | `false` | -| `verbose` | Output more information (`true`/`false`) | `false` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | | `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | | `override-error` | Comma separated list of rules to treat with `error` severity | | diff --git a/hadolint.sh b/hadolint.sh index d28035d..4231068 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -1,18 +1,15 @@ #!/bin/bash + # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. +cp /problem-matcher.json "$HOME/" -PROBLEM_MATCHER_FILE="/problem-matcher.json" -if [ -f "$PROBLEM_MATCHER_FILE" ]; then - cp "$PROBLEM_MATCHER_FILE" "$HOME/" -fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. -# shellcheck disable=SC2317 cleanup() { - echo "::remove-matcher owner=brpaz/hadolint-action::" + echo "::remove-matcher owner=brpaz/hadolint-action::" } trap cleanup EXIT @@ -23,21 +20,19 @@ if [ -n "$HADOLINT_CONFIG" ]; then fi if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then - unset HADOLINT_TRUSTED_REGISTRIES + unset HADOLINT_TRUSTED_REGISTRIES; fi -COMMAND="hadolint $HADOLINT_CONFIG" - if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${*:1:$#-1}" + flags="${@:1:$#-1}" - RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") + RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) else - flags=$* - RESULTS=$(eval "$COMMAND" "$flags") + # shellcheck disable=SC2086 + RESULTS=$(hadolint $HADOLINT_CONFIG "$@") fi FAILED=$? @@ -45,22 +40,16 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" >"$HADOLINT_OUTPUT" + echo "$RESULTS" > $HADOLINT_OUTPUT fi RESULTS="${RESULTS//$'\\n'/''}" -{ - echo "results<>"$GITHUB_OUTPUT" +echo "results<> $GITHUB_OUTPUT +echo "${RESULTS}" >> $GITHUB_OUTPUT +echo "EOF" >> $GITHUB_OUTPUT -{ - echo "HADOLINT_RESULTS<>"$GITHUB_ENV" +{ echo "HADOLINT_RESULTS<> $GITHUB_ENV [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"