From 785eabb2d420547928c7b46b030edf61c7a261b0 Mon Sep 17 00:00:00 2001 From: Christian Dywan Date: Sun, 2 May 2021 08:42:56 +0200 Subject: [PATCH 01/63] doc: Add checkout action to the example Fixes: #25 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f760a6c..104f686 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ Add the following step to your workflow configuration: ```yml steps: + - uses: actions/checkout@v2 - uses: hadolint/hadolint-action@v1.4.0 with: dockerfile: Dockerfile From 6c5b4b97b17982c72e90bdc8363912fd26d4ea85 Mon Sep 17 00:00:00 2001 From: Bruno Paz Date: Mon, 17 May 2021 19:06:18 +0100 Subject: [PATCH 02/63] docs(README): update support section and remove funding configuration --- .github/FUNDING.yml | 4 ---- README.md | 15 +++------------ 2 files changed, 3 insertions(+), 16 deletions(-) delete mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 51605a9..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# https://help.github.com/en/articles/displaying-a-sponsor-button-in-your-repository -github: brpaz -patreon: brpaz -custom: https://www.buymeacoffee.com/Z1Bu6asGV diff --git a/README.md b/README.md index b5138b8..62fd557 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ steps: To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure). - ## 🤝 Contributing Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**. @@ -50,20 +49,14 @@ Contributions are what make the open source community such an amazing place to b 3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`) 4. Push to the Branch (`git push origin feature/AmazingFeature`) 5. Open a Pull Request - ## 💛 Support the project -If this project was useful to you in some form, I would be glad to have your support. It will help to keep the project alive and to have more time to work on Open Source. +If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive. The sinplest form of support is to give a ⭐️ to this repo. -You can also contribute with [GitHub Sponsors](https://github.com/sponsors/brpaz). +This project was originally created by [Bruno Paz](https://github.com/sponsors/brpaz) and incorporated into the Hadolint organization. If you appreciate the work done on this action, Bruno would be happy with your [sponsorship](https://github.com/sponsors/brpaz). -[![GitHub Sponsors](https://img.shields.io/badge/GitHub%20Sponsors-Sponsor%20Me-red?style=for-the-badge)](https://github.com/sponsors/brpaz) - -Or if you prefer a one time donation to the project, you can simple: - -Buy Me A Coffee ## Author 👤 **Bruno Paz** @@ -73,6 +66,4 @@ Or if you prefer a one time donation to the project, you can simple: ## 📝 License -Copyright © 2019 [Bruno Paz](https://github.com/brpaz). - -This project is [MIT](LICENSE) licensed. +[MIT](LICENSE) From 9c70326916b3fdacfe271e1cab4d22195a1b9c75 Mon Sep 17 00:00:00 2001 From: Jacob Ward <53442247+jward-bw@users.noreply.github.com> Date: Fri, 4 Jun 2021 16:49:26 +0100 Subject: [PATCH 03/63] Improve readability of `Inputs` table. In my opinion it's still not very easy to read, but it is correctly formatted now. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b5138b8..4c65994 100644 --- a/README.md +++ b/README.md @@ -26,15 +26,15 @@ steps: | Name | Description | Default | |------------------ |------------------------------------------ |----------------- | | dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | -| format | The output format. One of [tty | json | | tty | -| | checkstyle | codeclimate | | | +| format | The output format. One of [tty \| json \| | tty | +| | checkstyle \| codeclimate \| | | | | gitlab_codeclimate] | | | ignore | Space separated list of Hadolint rules to | | | | ignore. | | | config | Custom path to a Hadolint config file | ./.hadolint.yaml | | failure-threshold | Rule severity threshold for pipeline | info | -| | failure. One of [error | warning | info | | | -| | style | ignore] | | +| | failure. One of [error \| warning \| | | +| | info \| style \| ignore] | | ## Hadolint Configuration From 34545a185d851450627a7f76c0369ec9cce26950 Mon Sep 17 00:00:00 2001 From: Itamar Givon Date: Mon, 31 May 2021 13:57:42 +0200 Subject: [PATCH 04/63] Add recursive linting --- action.yml | 5 +++++ hadolint.sh | 15 ++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index e5163ab..5dd038f 100644 --- a/action.yml +++ b/action.yml @@ -6,6 +6,10 @@ inputs: required: false description: 'The path to the Dockerfile to lint' default: 'Dockerfile' + recursive: + required: false + description: 'Search for lint dockerfiles recuresivly' + default: 'false' format: required: false description: | @@ -39,6 +43,7 @@ runs: env: HADOLINT_CONFIG: ${{ inputs.config }} HADOLINT_IGNORE: ${{ inputs.ignore }} + HADOLINT_RECURSIVE: ${{ inputs.recursive }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index e74c807..243bc86 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We create @@ -27,5 +27,14 @@ for i in $HADOLINT_IGNORE; do HADOLINT_IGNORE_CMDLINE="${HADOLINT_IGNORE_CMDLINE} --ignore=${i}" done -# shellcheck disable=SC2086 -hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG "$@" +if [ "$HADOLINT_RECURSIVE" = "true" ]; then + shopt -s globstar + + filename="${!#}" + flags="${@:1:$#-1}" + + hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG $flags **/$filename +else + # shellcheck disable=SC2086 + hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG "$@" +fi From afcbb72a700aeb4430d3511378773ad36db4ae16 Mon Sep 17 00:00:00 2001 From: Itamar Givon Date: Mon, 31 May 2021 17:49:14 +0200 Subject: [PATCH 05/63] Update docs --- README.md | 2 ++ action.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cd4121d..5affe47 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ steps: | Name | Description | Default | |------------------ |------------------------------------------ |----------------- | | dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | +| recursive | Search for specified dockerfile | false | +| | recursively, from the project root | | | format | The output format. One of [tty \| json \| | tty | | | checkstyle \| codeclimate \| | | | | gitlab_codeclimate] | | diff --git a/action.yml b/action.yml index 5dd038f..aff7df6 100644 --- a/action.yml +++ b/action.yml @@ -8,7 +8,7 @@ inputs: default: 'Dockerfile' recursive: required: false - description: 'Search for lint dockerfiles recuresivly' + description: 'Search for specified dockerfile recursively, from the project root' default: 'false' format: required: false From 8af94d9fae639af0fa3c9e4458fa6aa79996838b Mon Sep 17 00:00:00 2001 From: Eng Zer Jun Date: Thu, 26 Aug 2021 17:47:50 +0800 Subject: [PATCH 06/63] build: bump hadolint from v2.4.0 to v2.7.0 Signed-off-by: Eng Zer Jun --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9e20d28..2fd839c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.4.0-debian +FROM hadolint/hadolint:v2.7.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From d7b38582334d9ac11c12021c16f21d63015fa250 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 26 Aug 2021 13:31:58 +0200 Subject: [PATCH 07/63] Make tests pass --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b594e7..256a766 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,7 @@ jobs: uses: ./ with: dockerfile: testdata/warning.Dockerfile - ignore: DL3014 DL3008 + ignore: DL3014 DL3008 DL3015 - name: Run integration test 3 - set failure threshold # This step will print out an info level rule violation, but not fail From 03ff2f358b4d22af6d85f9c3d4d248280c97eb2c Mon Sep 17 00:00:00 2001 From: Julien Bouquillon Date: Tue, 19 Oct 2021 15:49:02 +0200 Subject: [PATCH 08/63] docs: fix example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5affe47..fd3605a 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v1.5.0 + - uses: hadolint/hadolint-action@v1.6.0 with: dockerfile: Dockerfile ``` From 98fb3f8040ee71d7b083cdc749b4f9a81c61c7f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Thu, 18 Nov 2021 13:09:22 +0100 Subject: [PATCH 09/63] features: config options, saving to file, SARIF - Upgrade to Hadolint 2.8.0, enabling the SARIF formatter - Expand config options to reflect more of those regularly available with Hadolint including `no-fail` and `failure-threshold` options - Enable the creation of report files Breaking change: The list of ignored rules is now comma separated and not space separated. fixes: #23 fixes: #36 fixes: #42 --- .github/workflows/ci.yml | 13 ++++++-- Dockerfile | 2 +- README.md | 42 ++++++++++++++++-------- action.yml | 71 ++++++++++++++++++++++++++++++++++------ hadolint.sh | 16 ++++++--- 5 files changed, 112 insertions(+), 32 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 256a766..84ea826 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,8 @@ jobs: uses: ./ with: dockerfile: testdata/warning.Dockerfile - ignore: DL3014 DL3008 DL3015 + ignore: 'DL3014,DL3008' + no-fail: true - name: Run integration test 3 - set failure threshold # This step will print out an info level rule violation, but not fail @@ -68,13 +69,21 @@ jobs: failure-threshold: error format: json - - name: Run integration test 4 - output format + - name: Run integration test 5 - output format # This step will never fail, but will print out rule violations. uses: ./ with: dockerfile: testdata/warning.Dockerfile config: testdata/hadolint.yaml + - name: Run integration test 6 - output to file + # This step will never fail, but will print out rule violations. + uses: ./ + with: + dockerfile: testdata/warning.Dockerfile + format: sarif + output-file: /report.sarif + release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' name: Release diff --git a/Dockerfile b/Dockerfile index 2fd839c..8589b9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.7.0-debian +FROM hadolint/hadolint:v2.8.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh diff --git a/README.md b/README.md index fd3605a..355c85d 100644 --- a/README.md +++ b/README.md @@ -23,20 +23,34 @@ steps: ## Inputs -| Name | Description | Default | -|------------------ |------------------------------------------ |----------------- | -| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | -| recursive | Search for specified dockerfile | false | -| | recursively, from the project root | | -| format | The output format. One of [tty \| json \| | tty | -| | checkstyle \| codeclimate \| | | -| | gitlab_codeclimate] | | -| ignore | Space separated list of Hadolint rules to | | -| | ignore. | | -| config | Custom path to a Hadolint config file | ./.hadolint.yaml | -| failure-threshold | Rule severity threshold for pipeline | info | -| | failure. One of [error \| warning \| | | -| | info \| style \| ignore] | | +| Name | Description | Default | +|------------------- |------------------------------------------ |----------------- | +| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | +| recursive | Search for specified dockerfile | false | +| | recursively, from the project root | | +| config | Custom path to a Hadolint config file | ./.hadolint.yaml | +| output-file | A sub-path where to save the | | +| | output as a file to | | +| no-color | Don't create colored output | | +| no-fail | Never fail the action | | +| verbose | Output more information | | +| format | The output format. One of [tty \| json \| | tty | +| | checkstyle \| codeclimate \| | | +| | gitlab_codeclimate \| codacy \| sarif] | | +| failure-threshold | Rule severity threshold for pipeline | info | +| | failure. One of [error \| warning \| | | +| | info \| style \| ignore] | | +| override-error | List of rules to treat with 'error' | | +| | severity | | +| override-warning | List of rules to treat with 'warning' | | +| | severity | | +| override-info | List of rules to treat with 'info' | | +| | severity | | +| override-style | List of rules to treat with 'style' | | +| | severity | | +| ignore | Space separated list of Hadolint rules to | | +| | ignore. | | +| trusted-resgitries | List of urls of trusted registries | | ## Hadolint Configuration diff --git a/action.yml b/action.yml index aff7df6..443cf93 100644 --- a/action.yml +++ b/action.yml @@ -6,15 +6,38 @@ inputs: required: false description: 'The path to the Dockerfile to lint' default: 'Dockerfile' + config: + required: false + description: 'Path to a config file' + default: recursive: required: false - description: 'Search for specified dockerfile recursively, from the project root' + description: + 'Search for specified dockerfile recursively, from the project root' + default: 'false' + output-file: + required: false + description: 'The path where to save the linting results to' + default: + + # standart hadolint options: + no-color: + required: false + description: Don't create colored output. + default: 'false' + no-fail: + required: false + description: Never exit with a failure status code + default: 'false' + verbose: + required: false + description: Print more information about the running config default: 'false' format: required: false description: | The output format, one of [tty (default) | json | checkstyle | - codeclimate | gitlab_codeclimate ] + codeclimate | gitlab_codeclimate | codacy | sarif] default: 'tty' failure-threshold: required: false @@ -22,28 +45,56 @@ inputs: Fail the pipeline only if rules with severity above this threshold are violated. One of [error | warning | info (default) | style | ignore] default: 'info' + override-error: + required: false + description: + 'A comma separated list of rules whose severity will be `error`' + default: + override-warning: + required: false + description: + 'A comma separated list of rules whose severity will be `warning`' + default: + override-info: + required: false + description: + 'A comma separated list of rules whose severity will be `info`' + default: + override-style: + required: false + description: + 'A comma separated list of rules whose severity will be `style`' + default: ignore: required: false - description: 'A space separated string of rules to ignore' + description: 'A comma separated string of rules to ignore' default: - config: + trusted-registries: required: false - description: 'Path to a config file' + description: 'A comma separated list of trusted registry urls' default: runs: using: 'docker' image: 'Dockerfile' args: - - -f - - ${{ inputs.format }} - - -t - - ${{ inputs.failure-threshold }} - ${{ inputs.dockerfile }} env: - HADOLINT_CONFIG: ${{ inputs.config }} + NO_COLOR: ${{ inputs.no-color }} + HADOLINT_NOFAIL: ${{ inputs.no-fail }} + HADOLINT_VERBOSE: ${{ inputs.verbose }} + HADOLINT_FORMAT: ${{ inputs.format }} + HADOLINT_FAILURE_THRESHOLD: ${{ inputs.failure-threshold }} + HADOLINT_OVERRIDE_ERROR: ${{ inputs.override-error }} + HADOLINT_OVERRIDE_WARNING: ${{ inputs.override-warning }} + HADOLINT_OVERRIDE_INFO: ${{ inputs.override-info }} + HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }} HADOLINT_IGNORE: ${{ inputs.ignore }} + HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }} + + HADOLINT_CONFIG: ${{ inputs.config }} HADOLINT_RECURSIVE: ${{ inputs.recursive }} + HADOLINT_OUTPUT: ${{ inputs.output-file }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index 243bc86..e4d1c4b 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -23,9 +23,13 @@ if [ -n "$HADOLINT_CONFIG" ]; then HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}" fi -for i in $HADOLINT_IGNORE; do - HADOLINT_IGNORE_CMDLINE="${HADOLINT_IGNORE_CMDLINE} --ignore=${i}" -done +OUTPUT= +if [ -n "$HADOLINT_OUTPUT" ]; then + if [ -f "$HADOLINT_OUTPUT" ]; then + HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" + fi + OUTPUT=" | tee $HADOLINT_OUTPUT" +fi if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar @@ -33,8 +37,10 @@ if [ "$HADOLINT_RECURSIVE" = "true" ]; then filename="${!#}" flags="${@:1:$#-1}" - hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG $flags **/$filename + hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT else # shellcheck disable=SC2086 - hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG "$@" + hadolint $HADOLINT_CONFIG "$@" $OUTPUT fi + +[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 390bcfc1bcbdbe0eab20a313ad47a2d297a69441 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthieu=20Blotti=C3=A8re?= Date: Wed, 8 Dec 2021 17:26:25 +0100 Subject: [PATCH 10/63] fix: attempt to fix missing problem-matcher It uses the solution mentioned in https://github.com/actions/toolkit/issues/305#issuecomment-585515210 --- hadolint.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index 243bc86..d891bc3 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -1,23 +1,19 @@ #!/bin/bash # The problem-matcher definition must be present in the repository -# checkout (outside the Docker container running hadolint). We create -# a temporary folder and copy problem-matcher.json to it and make it -# readable. -TMP_FOLDER=$(mktemp -d -p .) -cp /problem-matcher.json "${TMP_FOLDER}" -chmod -R a+rX "${TMP_FOLDER}" +# checkout (outside the Docker container running hadolint). We copy +# problem-matcher.json to the home folder. +cp /problem-matcher.json "$HOME/" # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. cleanup() { echo "::remove-matcher owner=brpaz/hadolint-action::" - rm -rf "${TMP_FOLDER}" } trap cleanup EXIT -echo "::add-matcher::${TMP_FOLDER}/problem-matcher.json" +echo "::add-matcher::$HOME/problem-matcher.json" if [ -n "$HADOLINT_CONFIG" ]; then HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}" From 0bc6199b82f7c6bbd2d41b82d523294df01f8b8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Tue, 22 Mar 2022 09:41:42 +0100 Subject: [PATCH 11/63] upgrade to 2.9.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8589b9b..8c7638b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.8.0-debian +FROM hadolint/hadolint:v2.9.2-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From aa70df94a2a309104631a7c9bd36f998580c59cb Mon Sep 17 00:00:00 2001 From: offa Date: Tue, 22 Mar 2022 11:40:08 +0100 Subject: [PATCH 12/63] Fix typo in inputs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 355c85d..ca81eea 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ steps: | | severity | | | ignore | Space separated list of Hadolint rules to | | | | ignore. | | -| trusted-resgitries | List of urls of trusted registries | | +| trusted-registries | List of urls of trusted registries | | ## Hadolint Configuration From 37f399667b624b594536d3dffa11cbc46d95c349 Mon Sep 17 00:00:00 2001 From: offa Date: Tue, 22 Mar 2022 11:44:03 +0100 Subject: [PATCH 13/63] Fix markdown --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ca81eea..57d4a3e 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ Contributions are what make the open source community such an amazing place to b 3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`) 4. Push to the Branch (`git push origin feature/AmazingFeature`) 5. Open a Pull Request + ## 💛 Support the project If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive. From 63666e594d2012fe7ba9d06d80efbbad3d8fd440 Mon Sep 17 00:00:00 2001 From: Paul Barton <28630076+paulbarton90@users.noreply.github.com> Date: Thu, 24 Mar 2022 12:57:02 +0000 Subject: [PATCH 14/63] Apply exit code to hadolint.sh --- hadolint.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index cb4df62..b8a9911 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -27,16 +27,19 @@ if [ -n "$HADOLINT_OUTPUT" ]; then OUTPUT=" | tee $HADOLINT_OUTPUT" fi +FAILED=0 if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT + hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT || FAILED=1 else # shellcheck disable=SC2086 - hadolint $HADOLINT_CONFIG "$@" $OUTPUT + hadolint $HADOLINT_CONFIG "$@" $OUTPUT || FAILED=1 fi [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" + +exit $FAILED From d2b4ab26ff853b589562d13adaafdc9b1b448bef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 24 Mar 2022 15:02:38 +0100 Subject: [PATCH 15/63] don't fail in CI tests --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 84ea826..086fb43 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,7 @@ jobs: uses: ./ with: dockerfile: testdata/Dockerfile + no-fail: true - name: Run integration test 2 - ignore a rule # This step is supposed to print out an info level rule violation From bc86787e1972382e2e524170a0b5481bce5b24a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 24 Mar 2022 15:18:44 +0100 Subject: [PATCH 16/63] bump Hadolint version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8c7638b..57da5f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.9.2-debian +FROM hadolint/hadolint:v2.9.3-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From e8cde77aa057b2bef05bb3ef290afa214b349602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 24 Mar 2022 15:28:03 +0100 Subject: [PATCH 17/63] avoid failing on missing trusted registries --- hadolint.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hadolint.sh b/hadolint.sh index b8a9911..f0fd926 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -19,6 +19,10 @@ if [ -n "$HADOLINT_CONFIG" ]; then HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}" fi +if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then + unset HADOLINT_TRUSTED_REGISTRIES; +fi + OUTPUT= if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then From 9a555bc2d4ce551b90ad67f294eef541ea486211 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 24 Mar 2022 15:29:17 +0100 Subject: [PATCH 18/63] run all tests properly --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 086fb43..84ea826 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,7 +43,6 @@ jobs: uses: ./ with: dockerfile: testdata/Dockerfile - no-fail: true - name: Run integration test 2 - ignore a rule # This step is supposed to print out an info level rule violation From 0b08ca228dfaedbf8c28837a18c11218f0ec6e85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 24 Mar 2022 15:32:24 +0100 Subject: [PATCH 19/63] fix path --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 84ea826..23904fd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,7 +82,7 @@ jobs: with: dockerfile: testdata/warning.Dockerfile format: sarif - output-file: /report.sarif + output-file: report.sarif release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' From 0a6d062e780d218ea909a18365e0ab2e36d09612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Thu, 24 Mar 2022 15:36:08 +0100 Subject: [PATCH 20/63] disable broken test --- .github/workflows/ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 23904fd..f80523d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,13 +76,13 @@ jobs: dockerfile: testdata/warning.Dockerfile config: testdata/hadolint.yaml - - name: Run integration test 6 - output to file - # This step will never fail, but will print out rule violations. - uses: ./ - with: - dockerfile: testdata/warning.Dockerfile - format: sarif - output-file: report.sarif + #- name: Run integration test 6 - output to file + # # This step will never fail, but will print out rule violations. + # uses: ./ + # with: + # dockerfile: testdata/warning.Dockerfile + # format: sarif + # output-file: report.sarif release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' From 8a428b481548d64b03c26b46529ce1da982d6aff Mon Sep 17 00:00:00 2001 From: Mike Nye Date: Fri, 25 Mar 2022 13:07:15 +0800 Subject: [PATCH 21/63] prettify readme --- README.md | 45 +++++++++++++++++---------------------------- 1 file changed, 17 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 57d4a3e..a882421 100644 --- a/README.md +++ b/README.md @@ -23,34 +23,23 @@ steps: ## Inputs -| Name | Description | Default | -|------------------- |------------------------------------------ |----------------- | -| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | -| recursive | Search for specified dockerfile | false | -| | recursively, from the project root | | -| config | Custom path to a Hadolint config file | ./.hadolint.yaml | -| output-file | A sub-path where to save the | | -| | output as a file to | | -| no-color | Don't create colored output | | -| no-fail | Never fail the action | | -| verbose | Output more information | | -| format | The output format. One of [tty \| json \| | tty | -| | checkstyle \| codeclimate \| | | -| | gitlab_codeclimate \| codacy \| sarif] | | -| failure-threshold | Rule severity threshold for pipeline | info | -| | failure. One of [error \| warning \| | | -| | info \| style \| ignore] | | -| override-error | List of rules to treat with 'error' | | -| | severity | | -| override-warning | List of rules to treat with 'warning' | | -| | severity | | -| override-info | List of rules to treat with 'info' | | -| | severity | | -| override-style | List of rules to treat with 'style' | | -| | severity | | -| ignore | Space separated list of Hadolint rules to | | -| | ignore. | | -| trusted-registries | List of urls of trusted registries | | +| Name | Description | Default | +|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | +| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | +| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `no-color` | Don't create colored output | | +| `no-fail` | Never fail the action | | +| `verbose` | Output more information | | +| `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | +| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | +| `override-error` | List of rules to treat with `error` severity | | +| `override-warning` | List of rules to treat with `warning` severity | | +| `override-info` | List of rules to treat with `info` severity | | +| `override-style` | List of rules to treat with `style` severity | | +| `ignore` | Comma separated list of Hadolint rules to ignore. | | +| `trusted-registries` | List of urls of trusted registries | | ## Hadolint Configuration From 89e60e486833059dfeb56997efe2375d33c7525e Mon Sep 17 00:00:00 2001 From: Mike Nye Date: Fri, 25 Mar 2022 13:09:48 +0800 Subject: [PATCH 22/63] more info for inputs --- README.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a882421..67f6b00 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) - [![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) ## Usage @@ -29,17 +28,17 @@ steps: | `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | | `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | | `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output | | -| `no-fail` | Never fail the action | | -| `verbose` | Output more information | | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | | `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | -| `override-error` | List of rules to treat with `error` severity | | -| `override-warning` | List of rules to treat with `warning` severity | | -| `override-info` | List of rules to treat with `info` severity | | -| `override-style` | List of rules to treat with `style` severity | | +| `override-error` | Comma separated list of rules to treat with `error` severity | | +| `override-warning` | Comma separated list of rules to treat with `warning` severity | | +| `override-info` | Comma separated list of rules to treat with `info` severity | | +| `override-style` | Comma separated list of rules to treat with `style` severity | | | `ignore` | Comma separated list of Hadolint rules to ignore. | | -| `trusted-registries` | List of urls of trusted registries | | +| `trusted-registries` | Comma separated list of urls of trusted registries | | ## Hadolint Configuration From 83b3de1e17b6142475e2db4b6f3b77541cc28902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Fri, 25 Mar 2022 10:31:04 +0100 Subject: [PATCH 23/63] fix example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 67f6b00..84b3c0b 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v1.6.0 + - uses: hadolint/hadolint-action@v2.0.0 with: dockerfile: Dockerfile ``` From bc289f2eaa84c94cc5686b19f6e9d69696dcee46 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:51:31 +0200 Subject: [PATCH 24/63] feat: use 'set-output name=results' This will introduce a parameter with name results that holds the hadolint output. Other steps in a workflow can make use of this. Also fix an error with the piping to tee that was broken. --- hadolint.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index f0fd926..e33a516 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -23,25 +23,26 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi -OUTPUT= -if [ -n "$HADOLINT_OUTPUT" ]; then - if [ -f "$HADOLINT_OUTPUT" ]; then - HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" - fi - OUTPUT=" | tee $HADOLINT_OUTPUT" -fi - -FAILED=0 if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT || FAILED=1 + RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) else # shellcheck disable=SC2086 - hadolint $HADOLINT_CONFIG "$@" $OUTPUT || FAILED=1 + RESULTS=$(hadolint $HADOLINT_CONFIG "$@") +fi +FAILED=$? + +echo "::set-output name=results::$RESULTS" + +if [ -n "$HADOLINT_OUTPUT" ]; then + if [ -f "$HADOLINT_OUTPUT" ]; then + HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" + fi + echo "$RESULTS" > $HADOLINT_OUTPUT fi [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 1878581f63e113f9d829e91aca18c064d776b631 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:56:25 +0200 Subject: [PATCH 25/63] chore: fix typos --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 32cdadb..a35729b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ IMAGE_NAME:=hadolint-action -lint-dockerfile: ## Runs hadoint against application dockerfile +lint-dockerfile: ## Runs hadolint against application dockerfile @docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile lint-yaml: ## Lints yaml configurations @@ -12,8 +12,8 @@ build: ## Builds the docker image test: build ## Runs a test in the image @docker run -i --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ test \ --image $(IMAGE_NAME) \ --config test/structure-tests.yaml From 262f40397810c1a01998430f38b17cd9a7697707 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:57:07 +0200 Subject: [PATCH 26/63] chore: add simple integration test --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f80523d..2d6db56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,11 +71,16 @@ jobs: - name: Run integration test 5 - output format # This step will never fail, but will print out rule violations. + id: hadolint5 uses: ./ with: dockerfile: testdata/warning.Dockerfile config: testdata/hadolint.yaml + - name: Run integration test 6 - verify results output parameter + # This step will never fail, but will print out the results from step5 + run: echo {{ steps.hadolint5.outputs.results }} + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From 8ea032569b24dae3bbdf98a0029fbc1fbb51f067 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:01:01 +0200 Subject: [PATCH 27/63] chore: empty commit to trigger ci From 0c7fcaa67b450ad5a798c9041387d29625497353 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:03:56 +0200 Subject: [PATCH 28/63] chore: typo --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2d6db56..78cbad4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo {{ steps.hadolint5.outputs.results }} + run: echo ${{ steps.hadolint5.outputs.results }} #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. From e3462c378d887a5572c5a13c7a7b4e254dcfa226 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:08:14 +0200 Subject: [PATCH 29/63] chore: quotes to not parse it by mistake --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78cbad4..5af4b0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo ${{ steps.hadolint5.outputs.results }} + run: echo "${{ steps.hadolint5.outputs.results }}" #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. From a8bbf351c01209b4ebd877e26005e8929054dcdb Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:31:29 +0200 Subject: [PATCH 30/63] chore: update PR with text as test of results --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5af4b0d..87d9e3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,6 +81,26 @@ jobs: # This step will never fail, but will print out the results from step5 run: echo "${{ steps.hadolint5.outputs.results }}" + - name: Update Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + with: + script: | + const output = ` + #### Hadolint: \`${{ steps.hadolint.outcome }}\` + _output from integration test 5_ + \`\`\` + ${{ steps.hadolint5.outputs.results }} + \`\`\` + `; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From 5fc1b0e2fbe6dd3e10bb58342a65dd14a3e17282 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 11:14:55 +0200 Subject: [PATCH 31/63] chore: escape backticks in results var --- hadolint.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index e33a516..c08c64b 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -36,8 +36,6 @@ else fi FAILED=$? -echo "::set-output name=results::$RESULTS" - if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" @@ -45,6 +43,9 @@ if [ -n "$HADOLINT_OUTPUT" ]; then echo "$RESULTS" > $HADOLINT_OUTPUT fi +RESULTS="${RESULTS//\`/\\\`}" +echo "::set-output name=results::$RESULTS" + [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" exit $FAILED From 1dd44fc4932800c5a933bcddee6437a2750ec005 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:45:58 +0200 Subject: [PATCH 32/63] chore: fix issue with multiline strings in output Looking at [1] this should do some magic, so let's see. [1] https://github.community/t/set-output-truncates-multiline-strings/16852 --- hadolint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hadolint.sh b/hadolint.sh index c08c64b..56aa1e2 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -43,7 +43,7 @@ if [ -n "$HADOLINT_OUTPUT" ]; then echo "$RESULTS" > $HADOLINT_OUTPUT fi -RESULTS="${RESULTS//\`/\\\`}" +RESULTS="${RESULTS//$'\\n'/''}" echo "::set-output name=results::$RESULTS" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 652bc66203a03ad8b31557e3e24ae3443232cd34 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:49:42 +0200 Subject: [PATCH 33/63] chore: also push results to env var --- hadolint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hadolint.sh b/hadolint.sh index 56aa1e2..cb8503a 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -46,6 +46,8 @@ fi RESULTS="${RESULTS//$'\\n'/''}" echo "::set-output name=results::$RESULTS" +{ echo "HADOLINT_RESULTS<> $GITHUB_ENV + [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" exit $FAILED From a78be8d38674394a7833bd45b59f37243618d966 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:52:56 +0200 Subject: [PATCH 34/63] chore: use env var --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87d9e3b..8cad972 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: #### Hadolint: \`${{ steps.hadolint.outcome }}\` _output from integration test 5_ \`\`\` - ${{ steps.hadolint5.outputs.results }} + ${process.env.HADOLINT_RESULTS} \`\`\` `; From 724e05f46b0c0a5d951dd0e3605d1abf2fffd069 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:57:54 +0200 Subject: [PATCH 35/63] chore: typo in step id --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cad972..311b9ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: with: script: | const output = ` - #### Hadolint: \`${{ steps.hadolint.outcome }}\` + #### Hadolint: \`${{ steps.hadolint5.outcome }}\` _output from integration test 5_ \`\`\` ${process.env.HADOLINT_RESULTS} From 2faf5c6ef4f398f4c20b20759d5b0acb13fff853 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 14:17:52 +0200 Subject: [PATCH 36/63] chore: remove createComment(), depends on githubToken scopes --- .github/workflows/ci.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 311b9ab..5af4b0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,26 +81,6 @@ jobs: # This step will never fail, but will print out the results from step5 run: echo "${{ steps.hadolint5.outputs.results }}" - - name: Update Pull Request - uses: actions/github-script@v6 - if: github.event_name == 'pull_request' - with: - script: | - const output = ` - #### Hadolint: \`${{ steps.hadolint5.outcome }}\` - _output from integration test 5_ - \`\`\` - ${process.env.HADOLINT_RESULTS} - \`\`\` - `; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) - #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From d73282b64c1cb799e8cb5efd4af9834e0bd0b98e Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 14:56:53 +0200 Subject: [PATCH 37/63] chore: update readme --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index 84b3c0b..4630fdd 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,33 @@ steps: | `ignore` | Comma separated list of Hadolint rules to ignore. | | | `trusted-registries` | Comma separated list of urls of trusted registries | | +## Output + +The Action will store results in an environment variable that can be used in other steps in a workflow. + +Example to create a comment in a PR: + +``` +- name: Update Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + with: + script: | + const output = ` + #### Hadolint: \`${{ steps.hadolint5.outcome }}\` + \`\`\` + ${process.env.HADOLINT_RESULTS} + \`\`\` + `; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) +``` + ## Hadolint Configuration To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure). From 55991004e8a2f2476dd7c26f265828099644b503 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 15:31:54 +0200 Subject: [PATCH 38/63] chore: spotted a little typo in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4630fdd..e2e6b74 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Example to create a comment in a PR: with: script: | const output = ` - #### Hadolint: \`${{ steps.hadolint5.outcome }}\` + #### Hadolint: \`${{ steps.hadolint.outcome }}\` \`\`\` ${process.env.HADOLINT_RESULTS} \`\`\` From d51839a6b581264c524e3ad9d7377ae4d89ff106 Mon Sep 17 00:00:00 2001 From: Mike Gray Date: Sat, 23 Apr 2022 10:19:23 -0400 Subject: [PATCH 39/63] Update usage example "Example to create a comment in a PR" doesn't work with v2.0.0 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e2e6b74..eabcb78 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v2.0.0 + - uses: hadolint/hadolint-action@v2.1.0 with: dockerfile: Dockerfile ``` From 169ddcf26544b892e9224ce0e8a862ce8aaa2d49 Mon Sep 17 00:00:00 2001 From: offa Date: Fri, 13 May 2022 12:48:12 +0200 Subject: [PATCH 40/63] Update hadolint to 2.10 Use GHCR instead of Dockerhub and a fully qualified FROM --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 57da5f5..791df4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.9.3-debian +FROM ghcr.io/hadolint/hadolint:v2.10.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 68a2276a3c904096109c871d80d5131d654ee338 Mon Sep 17 00:00:00 2001 From: mrdoodles <19146299+mrdoodles@users.noreply.github.com> Date: Tue, 8 Nov 2022 21:33:58 +0000 Subject: [PATCH 41/63] fix-github-deprecations --- .github/workflows/ci.yml | 6 +++--- hadolint.sh | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5af4b0d..ab0d9c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 container: pipelinecomponents/hadolint:0.10.1 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Run hadolint run: hadolint Dockerfile @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-20.04 needs: ["lint"] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build Docker image run: docker build -t $TEST_IMAGE_NAME . @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-20.04 needs: build-test steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Run integration test 1 uses: ./ diff --git a/hadolint.sh b/hadolint.sh index cb8503a..4231068 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -44,7 +44,10 @@ if [ -n "$HADOLINT_OUTPUT" ]; then fi RESULTS="${RESULTS//$'\\n'/''}" -echo "::set-output name=results::$RESULTS" + +echo "results<> $GITHUB_OUTPUT +echo "${RESULTS}" >> $GITHUB_OUTPUT +echo "EOF" >> $GITHUB_OUTPUT { echo "HADOLINT_RESULTS<> $GITHUB_ENV From e81a8de9db6e97077ca0483f083522437c894ea6 Mon Sep 17 00:00:00 2001 From: Gonzalo Tixilima Date: Fri, 11 Nov 2022 01:18:35 -0500 Subject: [PATCH 42/63] upgrade hadolint to 2.11 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 791df4c..4ae99af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.10.0-debian +FROM ghcr.io/hadolint/hadolint:v2.11.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 48c412037743cf755041f57f8a9d6d5be0f0eba2 Mon Sep 17 00:00:00 2001 From: Gonzalo Tixilima Date: Fri, 11 Nov 2022 05:52:50 -0500 Subject: [PATCH 43/63] upgrade hadolint to 2.12 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4ae99af..102a9b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.11.0-debian +FROM ghcr.io/hadolint/hadolint:v2.12.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 77e79bb879e179a6f5f5a680d99d03589d77cd92 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Tue, 15 Nov 2022 20:14:37 +0100 Subject: [PATCH 44/63] Some shellcheck fixes and new input (#1) --- .github/workflows/ci.yml | 18 +++++++++++++++++- .gitignore | 1 + README.md | 35 ++++++++++++++++++----------------- action.yml | 5 +++++ hadolint.sh | 25 ++++++++++++++++--------- 5 files changed, 57 insertions(+), 27 deletions(-) create mode 100644 .gitignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab0d9c5..1d3450a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,23 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo "${{ steps.hadolint5.outputs.results }}" + env: + results: ${{ steps.hadolint5.outputs.results }} + run: echo "$results" + + - name: Run integration test 7 - set recursive + uses: ./ + with: + dockerfile: "*Dockerfile" + failure-threshold: error + recursive: true + + - name: Run integration test 8 - print results to console + uses: ./ + with: + dockerfile: testdata/warning.Dockerfile + failure-threshold: error + results-to-console: true #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..485dee6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea diff --git a/README.md b/README.md index eabcb78..cfa8820 100644 --- a/README.md +++ b/README.md @@ -22,23 +22,24 @@ steps: ## Inputs -| Name | Description | Default | -|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| -| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | -| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | -| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | -| `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | -| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | -| `override-error` | Comma separated list of rules to treat with `error` severity | | -| `override-warning` | Comma separated list of rules to treat with `warning` severity | | -| `override-info` | Comma separated list of rules to treat with `info` severity | | -| `override-style` | Comma separated list of rules to treat with `style` severity | | -| `ignore` | Comma separated list of Hadolint rules to ignore. | | -| `trusted-registries` | Comma separated list of urls of trusted registries | | +| Name | Description | Default | +|----------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | +| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | +| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `results-to-console` | The flag to print Hadolint results to console | `false` | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | +| `format` | The output format. One of [`tty` \ | `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | +| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \ | `warning` \|
`info` \| `style` \| `ignore`] | `info` | +| `override-error` | Comma separated list of rules to treat with `error` severity | | +| `override-warning` | Comma separated list of rules to treat with `warning` severity | | +| `override-info` | Comma separated list of rules to treat with `info` severity | | +| `override-style` | Comma separated list of rules to treat with `style` severity | | +| `ignore` | Comma separated list of Hadolint rules to ignore. | | +| `trusted-registries` | Comma separated list of urls of trusted registries | | ## Output diff --git a/action.yml b/action.yml index 443cf93..e319998 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,10 @@ inputs: required: false description: 'The path where to save the linting results to' default: + results-to-console: + required: false + description: 'The flag to print Hadolint results to console' + default: false # standart hadolint options: no-color: @@ -95,6 +99,7 @@ runs: HADOLINT_CONFIG: ${{ inputs.config }} HADOLINT_RECURSIVE: ${{ inputs.recursive }} HADOLINT_OUTPUT: ${{ inputs.output-file }} + HADOLINT_RESULTS_TO_CONSOLE: ${{ inputs.results-to-console }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index 4231068..af507de 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -3,7 +3,10 @@ # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -cp /problem-matcher.json "$HOME/" +PROBLEM_MATCHER_FILE="/problem-matcher.json" +if [ -f "$PROBLEM_MATCHER_FILE" ]; then + cp "$PROBLEM_MATCHER_FILE" "$HOME/" +fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove @@ -23,16 +26,18 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi +COMMAND="hadolint $HADOLINT_CONFIG" + if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) + RESULTS=$(eval "$COMMAND $flags" -- **/$filename) else - # shellcheck disable=SC2086 - RESULTS=$(hadolint $HADOLINT_CONFIG "$@") + + RESULTS=$(eval "$COMMAND" "$@") fi FAILED=$? @@ -40,16 +45,18 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > $HADOLINT_OUTPUT + echo "$RESULTS" > "$HADOLINT_OUTPUT" +fi + +if [ "$HADOLINT_RESULTS_TO_CONSOLE" = "true" ]; then + echo "$RESULTS" fi RESULTS="${RESULTS//$'\\n'/''}" -echo "results<> $GITHUB_OUTPUT -echo "${RESULTS}" >> $GITHUB_OUTPUT -echo "EOF" >> $GITHUB_OUTPUT +{ echo "results<> "$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> $GITHUB_ENV +{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 676012c475c665658957b7e3276552fb129bc112 Mon Sep 17 00:00:00 2001 From: Jennifer Cwagenberg Date: Sat, 14 Jan 2023 14:59:41 -0600 Subject: [PATCH 45/63] update example usage in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eabcb78..939f959 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ Add the following step to your workflow configuration: ```yml steps: - - uses: actions/checkout@v2 - - uses: hadolint/hadolint-action@v2.1.0 + - uses: actions/checkout@v3 + - uses: hadolint/hadolint-action@v3.0.0 with: dockerfile: Dockerfile ``` From e88bddc55d1b64a4ddea065683a9a6c0bd078465 Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Tue, 17 Jan 2023 15:05:26 +0100 Subject: [PATCH 46/63] Fix the url to the build badge As suggested in https://github.com/badges/shields/issues/8671 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eabcb78..efe3f8f 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,8 @@ [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) -[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) +[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action) + ## Usage From 1a139ce6cc2975def9376bf648923108a713042b Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Tue, 17 Jan 2023 15:38:26 +0100 Subject: [PATCH 47/63] Make output-file by default to /dev/stdout To fix https://github.com/hadolint/hadolint-action/issues/60 in hadolint-action>v2.0.0 --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 443cf93..e1c9fba 100644 --- a/action.yml +++ b/action.yml @@ -18,7 +18,7 @@ inputs: output-file: required: false description: 'The path where to save the linting results to' - default: + default: "/dev/stdout" # standart hadolint options: no-color: From 54c9adbab1582c2ef04b2016b760714a4bfde3cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Tue, 17 Jan 2023 17:19:55 +0100 Subject: [PATCH 48/63] fix release --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab0d9c5..ba3bfb3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,7 +96,7 @@ jobs: needs: integration-tests steps: - uses: actions/checkout@v2 - - uses: cycjimmy/semantic-release-action@v2 + - uses: cycjimmy/semantic-release-action@v3 with: extra_plugins: | @semantic-release/git From a4d0f06c93b55ad8a6f376988283d88cb988178c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Lorenzo=20Rodr=C3=ADguez?= Date: Wed, 18 Jan 2023 19:22:00 +0100 Subject: [PATCH 49/63] Revert "Some `shellcheck` fixes and new input to print Hadolint results to console" --- .github/workflows/ci.yml | 18 +----------------- .gitignore | 1 - README.md | 35 +++++++++++++++++------------------ action.yml | 6 +----- hadolint.sh | 25 +++++++++---------------- 5 files changed, 28 insertions(+), 57 deletions(-) delete mode 100644 .gitignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 277c0d8..ba3bfb3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,23 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - env: - results: ${{ steps.hadolint5.outputs.results }} - run: echo "$results" - - - name: Run integration test 7 - set recursive - uses: ./ - with: - dockerfile: "*Dockerfile" - failure-threshold: error - recursive: true - - - name: Run integration test 8 - print results to console - uses: ./ - with: - dockerfile: testdata/warning.Dockerfile - failure-threshold: error - results-to-console: true + run: echo "${{ steps.hadolint5.outputs.results }}" #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 485dee6..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.idea diff --git a/README.md b/README.md index 7d6fd9a..3e3809e 100644 --- a/README.md +++ b/README.md @@ -23,24 +23,23 @@ steps: ## Inputs -| Name | Description | Default | -|----------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------| -| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | -| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | -| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `results-to-console` | The flag to print Hadolint results to console | `false` | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | -| `format` | The output format. One of [`tty` \ | `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | -| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \ | `warning` \|
`info` \| `style` \| `ignore`] | `info` | -| `override-error` | Comma separated list of rules to treat with `error` severity | | -| `override-warning` | Comma separated list of rules to treat with `warning` severity | | -| `override-info` | Comma separated list of rules to treat with `info` severity | | -| `override-style` | Comma separated list of rules to treat with `style` severity | | -| `ignore` | Comma separated list of Hadolint rules to ignore. | | -| `trusted-registries` | Comma separated list of urls of trusted registries | | +| Name | Description | Default | +|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| +| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | +| `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | +| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | +| `output-file` | A sub-path where to save the
output as a file to | | +| `no-color` | Don't create colored output (`true`/`false`) | | +| `no-fail` | Never fail the action (`true`/`false`) | | +| `verbose` | Output more information (`true`/`false`) | | +| `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | +| `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | +| `override-error` | Comma separated list of rules to treat with `error` severity | | +| `override-warning` | Comma separated list of rules to treat with `warning` severity | | +| `override-info` | Comma separated list of rules to treat with `info` severity | | +| `override-style` | Comma separated list of rules to treat with `style` severity | | +| `ignore` | Comma separated list of Hadolint rules to ignore. | | +| `trusted-registries` | Comma separated list of urls of trusted registries | | ## Output diff --git a/action.yml b/action.yml index f0fa9ab..e1c9fba 100644 --- a/action.yml +++ b/action.yml @@ -19,10 +19,7 @@ inputs: required: false description: 'The path where to save the linting results to' default: "/dev/stdout" - results-to-console: - required: false - description: 'The flag to print Hadolint results to console' - default: false + # standart hadolint options: no-color: required: false @@ -98,7 +95,6 @@ runs: HADOLINT_CONFIG: ${{ inputs.config }} HADOLINT_RECURSIVE: ${{ inputs.recursive }} HADOLINT_OUTPUT: ${{ inputs.output-file }} - HADOLINT_RESULTS_TO_CONSOLE: ${{ inputs.results-to-console }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index af507de..4231068 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -3,10 +3,7 @@ # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -PROBLEM_MATCHER_FILE="/problem-matcher.json" -if [ -f "$PROBLEM_MATCHER_FILE" ]; then - cp "$PROBLEM_MATCHER_FILE" "$HOME/" -fi +cp /problem-matcher.json "$HOME/" # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove @@ -26,18 +23,16 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi -COMMAND="hadolint $HADOLINT_CONFIG" - if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - RESULTS=$(eval "$COMMAND $flags" -- **/$filename) + RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) else - - RESULTS=$(eval "$COMMAND" "$@") + # shellcheck disable=SC2086 + RESULTS=$(hadolint $HADOLINT_CONFIG "$@") fi FAILED=$? @@ -45,18 +40,16 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > "$HADOLINT_OUTPUT" -fi - -if [ "$HADOLINT_RESULTS_TO_CONSOLE" = "true" ]; then - echo "$RESULTS" + echo "$RESULTS" > $HADOLINT_OUTPUT fi RESULTS="${RESULTS//$'\\n'/''}" -{ echo "results<> "$GITHUB_OUTPUT" +echo "results<> $GITHUB_OUTPUT +echo "${RESULTS}" >> $GITHUB_OUTPUT +echo "EOF" >> $GITHUB_OUTPUT -{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" +{ echo "HADOLINT_RESULTS<> $GITHUB_ENV [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From a17195f03eccfa4994f0a3c2b53175d4b70de259 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Thu, 19 Jan 2023 20:09:05 +0100 Subject: [PATCH 50/63] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#1) --- .github/workflows/ci.yml | 36 +++++++++++++++++++++++++++++++----- README.md | 8 ++++---- hadolint.sh | 26 +++++++++++++++----------- 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba3bfb3..c2f9eb5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,10 +18,24 @@ jobs: - name: Run hadolint run: hadolint Dockerfile + shellcheck: + name: ShellCheck + runs-on: ubuntu-20.04 + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v3 + - name: Run ShellCheck + uses: reviewdog/action-shellcheck@v1.16.0 + with: + reporter: github-pr-review + fail_on_error: true + build-test: name: Build and Test runs-on: ubuntu-20.04 - needs: ["lint"] + needs: [ "lint", "shellcheck" ] steps: - uses: actions/checkout@v3 - name: Build Docker image @@ -69,8 +83,9 @@ jobs: failure-threshold: error format: json - - name: Run integration test 5 - output format - # This step will never fail, but will print out rule violations. + - name: Run integration test 5 - config file + # This step will never fail, but will print out rule violations + # because in config is set the error failure threshold. id: hadolint5 uses: ./ with: @@ -79,9 +94,20 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo "${{ steps.hadolint5.outputs.results }}" + env: + results: ${{ steps.hadolint5.outputs.results }} + run: echo "$results" - #- name: Run integration test 6 - output to file + - name: Run integration test 7 - set recursive + # This step will never fail, but will print out rule violations + # for all the Dockerfiles in repository. + uses: ./ + with: + dockerfile: "*Dockerfile" + failure-threshold: error + recursive: true + + #- name: Run integration test 8 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ # with: diff --git a/README.md b/README.md index 3e3809e..7dade9b 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,10 @@ steps: | `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | | `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | | `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | +| `output-file` | A sub-path where to save the
output as a file to | `/dev/stdout` | +| `no-color` | Don't create colored output (`true`/`false`) | `false` | +| `no-fail` | Never fail the action (`true`/`false`) | `false` | +| `verbose` | Output more information (`true`/`false`) | `false` | | `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | | `override-error` | Comma separated list of rules to treat with `error` severity | | diff --git a/hadolint.sh b/hadolint.sh index 4231068..d0024ff 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -1,13 +1,16 @@ #!/bin/bash - # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -cp /problem-matcher.json "$HOME/" +PROBLEM_MATCHER_FILE="/problem-matcher.json" +if [ -f "$PROBLEM_MATCHER_FILE" ]; then + cp "$PROBLEM_MATCHER_FILE" "$HOME/" +fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. +# shellcheck disable=SC2317 cleanup() { echo "::remove-matcher owner=brpaz/hadolint-action::" } @@ -23,16 +26,19 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi +COMMAND="hadolint $HADOLINT_CONFIG" + if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${@:1:$#-1}" - RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) + flags="${*:1:$#-1}" + + RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") else - # shellcheck disable=SC2086 - RESULTS=$(hadolint $HADOLINT_CONFIG "$@") + flags=$* + RESULTS=$(eval "$COMMAND" "$flags") fi FAILED=$? @@ -40,16 +46,14 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > $HADOLINT_OUTPUT + echo "$RESULTS" > "$HADOLINT_OUTPUT" fi RESULTS="${RESULTS//$'\\n'/''}" -echo "results<> $GITHUB_OUTPUT -echo "${RESULTS}" >> $GITHUB_OUTPUT -echo "EOF" >> $GITHUB_OUTPUT +{ echo "results<> "$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> $GITHUB_ENV +{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 726b0bb29856ca7d00bd951f318365100bac8382 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Thu, 19 Jan 2023 20:16:51 +0100 Subject: [PATCH 51/63] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#2) --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c2f9eb5..3acd3eb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -120,6 +120,8 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: integration-tests + permissions: + contents: write steps: - uses: actions/checkout@v2 - uses: cycjimmy/semantic-release-action@v3 From 218bc411d78ba9386a35739e173a7065f400adb8 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Fri, 20 Jan 2023 09:55:56 +0100 Subject: [PATCH 52/63] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#3) Co-authored-by: OCP4 migration script --- .github/workflows/ci.yml | 10 +++++----- hadolint.sh | 21 ++++++++++++++------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3acd3eb..54763d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,11 @@ on: env: TEST_IMAGE_NAME: hadolint-action:${{github.sha}} +permissions: + contents: write + issues: write # Used by Release step to update "The automated release is failing" issue + pull-requests: write # Used by ShellCheck Action to add comments on PR + jobs: lint: name: Lint @@ -21,9 +26,6 @@ jobs: shellcheck: name: ShellCheck runs-on: ubuntu-20.04 - permissions: - contents: read - pull-requests: write steps: - uses: actions/checkout@v3 - name: Run ShellCheck @@ -120,8 +122,6 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: integration-tests - permissions: - contents: write steps: - uses: actions/checkout@v2 - uses: cycjimmy/semantic-release-action@v3 diff --git a/hadolint.sh b/hadolint.sh index d0024ff..d28035d 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -5,14 +5,14 @@ PROBLEM_MATCHER_FILE="/problem-matcher.json" if [ -f "$PROBLEM_MATCHER_FILE" ]; then - cp "$PROBLEM_MATCHER_FILE" "$HOME/" + cp "$PROBLEM_MATCHER_FILE" "$HOME/" fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. # shellcheck disable=SC2317 cleanup() { - echo "::remove-matcher owner=brpaz/hadolint-action::" + echo "::remove-matcher owner=brpaz/hadolint-action::" } trap cleanup EXIT @@ -23,7 +23,7 @@ if [ -n "$HADOLINT_CONFIG" ]; then fi if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then - unset HADOLINT_TRUSTED_REGISTRIES; + unset HADOLINT_TRUSTED_REGISTRIES fi COMMAND="hadolint $HADOLINT_CONFIG" @@ -32,7 +32,6 @@ if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${*:1:$#-1}" RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") @@ -46,14 +45,22 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > "$HADOLINT_OUTPUT" + echo "$RESULTS" >"$HADOLINT_OUTPUT" fi RESULTS="${RESULTS//$'\\n'/''}" -{ echo "results<> "$GITHUB_OUTPUT" +{ + echo "results<>"$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" +{ + echo "HADOLINT_RESULTS<>"$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 7857e0b9ce8c651778ec7a3ea66f1fe8ebea436b Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Wed, 8 Feb 2023 07:12:24 +0100 Subject: [PATCH 53/63] Example uses 3.1.0, too --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3e3809e..32e9803 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Add the following step to your workflow configuration: ```yml steps: - uses: actions/checkout@v3 - - uses: hadolint/hadolint-action@v3.0.0 + - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile ``` From 715c3070466c5927407738bf9293e6b67858045e Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Sun, 20 Jul 2025 00:26:51 -0300 Subject: [PATCH 54/63] Update hadolint to v2.13.1-beta2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 102a9b9..4a5dcf4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.12.0-debian +FROM ghcr.io/hadolint/hadolint:v2.13.1-beta2-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 2f0331e82152a2dd3f73cf3106b0aa5cd71d161a Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Sun, 20 Jul 2025 00:31:17 -0300 Subject: [PATCH 55/63] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4a5dcf4..8323dfa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.13.1-beta2-debian +FROM hadolint/hadolint:v2.13.1-beta2-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From cc71e1bfd17cf3389c7580e08c43e1bd7defc130 Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Tue, 2 Sep 2025 14:10:17 -0300 Subject: [PATCH 56/63] Update Dockerfile to use stable hadolint version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8323dfa..209d5f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.13.1-beta2-debian +FROM hadolint/hadolint:v2.13.1-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 24598f413ebc646232a0218bac5e314f7a8632ce Mon Sep 17 00:00:00 2001 From: Felipe Santos Date: Tue, 2 Sep 2025 14:10:55 -0300 Subject: [PATCH 57/63] Update base image for Hadolint --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 209d5f7..cbb24e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.13.1-debian +FROM ghcr.io/hadolint/hadolint:v2.13.1-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 8bde06f9ce374f8d841c43a38da556483c397f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Wed, 3 Sep 2025 11:45:35 +0200 Subject: [PATCH 58/63] Update CI yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update versions of runner images and action steps Signed-off-by: Moritz Röhrich --- .github/workflows/ci.yml | 44 ++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54763d8..6c494c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,36 +10,41 @@ env: permissions: contents: write - issues: write # Used by Release step to update "The automated release is failing" issue - pull-requests: write # Used by ShellCheck Action to add comments on PR + issues: write # Used by Release step to update "The automated release is failing" issue + pull-requests: write # Used by ShellCheck Action to add comments on PR jobs: lint: name: Lint - runs-on: ubuntu-20.04 - container: pipelinecomponents/hadolint:0.10.1 + runs-on: ubuntu-24.04 + container: pipelinecomponents/hadolint:0.27.2 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 + - name: Run hadolint run: hadolint Dockerfile shellcheck: name: ShellCheck - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 + - name: Run ShellCheck - uses: reviewdog/action-shellcheck@v1.16.0 + uses: reviewdog/action-shellcheck@v1.31.0 with: reporter: github-pr-review fail_on_error: true build-test: name: Build and Test - runs-on: ubuntu-20.04 - needs: [ "lint", "shellcheck" ] + runs-on: ubuntu-24.04 + needs: + - lint + - shellcheck steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 + - name: Build Docker image run: docker build -t $TEST_IMAGE_NAME . @@ -50,10 +55,11 @@ jobs: integration-tests: name: Integration Tests - runs-on: ubuntu-20.04 - needs: build-test + runs-on: ubuntu-24.04 + needs: + - build-test steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Run integration test 1 uses: ./ @@ -120,11 +126,13 @@ jobs: release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' name: Release - runs-on: ubuntu-20.04 - needs: integration-tests + runs-on: ubuntu-24.04 + needs: + - integration-tests steps: - - uses: actions/checkout@v2 - - uses: cycjimmy/semantic-release-action@v3 + - uses: actions/checkout@v5 + + - uses: cycjimmy/semantic-release-action@v5 with: extra_plugins: | @semantic-release/git From 45eb072a0b555fab4dfc5b7f863a41b150431d11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Wed, 3 Sep 2025 15:22:29 +0200 Subject: [PATCH 59/63] Trigger release workflow on tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moritz Röhrich --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6c494c5..2485573 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,12 @@ name: "CI" on: push: + tags: + - "v*" + branches: - master + pull_request: env: From 3fc49fb50d59c6ab7917a2e4195dba633e515b29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Wed, 3 Sep 2025 15:29:46 +0200 Subject: [PATCH 60/63] feat: new minor release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moritz Röhrich From 0931ae097296863e5f188b8c6a0c5f9b95f79793 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Mon, 22 Sep 2025 13:33:25 +0200 Subject: [PATCH 61/63] Release v3.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moritz Röhrich --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cbb24e2..93a3909 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/hadolint/hadolint:v2.13.1-debian +FROM ghcr.io/hadolint/hadolint:v2.14.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh From 2bfd2b95f895100db2ca84c3054a8ce50f1fc611 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Mon, 22 Sep 2025 13:41:56 +0200 Subject: [PATCH 62/63] Don't trigger release workflow on Tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tags are automatically generated and applied by the release action Signed-off-by: Moritz Röhrich --- .github/workflows/ci.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2485573..3a5f201 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,6 @@ name: "CI" on: push: - tags: - - "v*" - branches: - master From 2332a7b74a6de0dda2e2221d575162eba76ba5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Mon, 22 Sep 2025 13:43:49 +0200 Subject: [PATCH 63/63] feat: trigger release workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Release action only triggers if there is a commit with a keyword in the title since the last release tag was made... Signed-off-by: Moritz Röhrich