2026-05-16 07:05:54 +00:00
11 changed files with 52 additions and 312 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1,4 @@
 # https://help.github.com/en/articles/displaying-a-sponsor-button-in-your-repository
 github: brpaz
 patreon: brpaz
 custom: https://www.buymeacoffee.com/Z1Bu6asGV
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -3,49 +3,27 @@ on:
  push:
    branches:
      - master
  pull_request:
 env:
  TEST_IMAGE_NAME: hadolint-action:${{github.sha}}
 permissions:
  contents: write
  issues: write  # Used by Release step to update "The automated release is failing" issue
  pull-requests: write  # Used by ShellCheck Action to add comments on PR
 jobs:
  lint:
    name: Lint
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
-    container: pipelinecomponents/hadolint:0.27.2
+    container: pipelinecomponents/hadolint:0.10.1
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
      - name: Run hadolint
        run: hadolint Dockerfile
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v5
      - name: Run ShellCheck
        uses: reviewdog/action-shellcheck@v1.31.0
        with:
          reporter: github-pr-review
          fail_on_error: true
  build-test:
    name: Build and Test
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
-    needs:
+    needs: ["lint"]
      - lint
      - shellcheck
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
      - name: Build Docker image
        run: docker build -t $TEST_IMAGE_NAME .
@ -56,84 +34,24 @@ jobs:
  integration-tests:
    name: Integration Tests
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
-    needs:
+    needs: build-test
      - build-test
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
-      - name: Run integration test 1
+      - name: Run integration test
        uses: ./
        with:
          dockerfile: testdata/Dockerfile
      - name: Run integration test 2 - ignore a rule
        # This step is supposed to print out an info level rule violation
        # but completely ignore the two rules listed below
        uses: ./
        with:
          dockerfile: testdata/warning.Dockerfile
          ignore: 'DL3014,DL3008'
          no-fail: true
      - name: Run integration test 3 - set failure threshold
        # This step will print out an info level rule violation, but not fail
        # because of the high failure threshold.
        uses: ./
        with:
          dockerfile: testdata/info.Dockerfile
          failure-threshold: warning
      - name: Run integration test 4 - output format
        # This step will never fail, but will print out rule violations as json.
        uses: ./
        with:
          dockerfile: testdata/warning.Dockerfile
          failure-threshold: error
          format: json
      - name: Run integration test 5 - config file
        # This step will never fail, but will print out rule violations
        # because in config is set the error failure threshold.
        id: hadolint5
        uses: ./
        with:
          dockerfile: testdata/warning.Dockerfile
          config: testdata/hadolint.yaml
      - name: Run integration test 6 - verify results output parameter
        # This step will never fail, but will print out the results from step5
        env:
          results: ${{ steps.hadolint5.outputs.results }}
        run: echo "$results"
      - name: Run integration test 7 - set recursive
        # This step will never fail, but will print out rule violations
        # for all the Dockerfiles in repository.
        uses: ./
        with:
          dockerfile: "*Dockerfile"
          failure-threshold: error
          recursive: true
      #- name: Run integration test 8 - output to file
      #  # This step will never fail, but will print out rule violations.
      #  uses: ./
      #  with:
      #    dockerfile: testdata/warning.Dockerfile
      #    format: sarif
      #    output-file: report.sarif
  release:
    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    name: Release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-20.04
-    needs:
+    needs: integration-tests
      - integration-tests
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
-
+      - uses: cycjimmy/semantic-release-action@v2
      - uses: cycjimmy/semantic-release-action@v5
        with:
          extra_plugins: |
            @semantic-release/git
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM ghcr.io/hadolint/hadolint:v2.14.0-debian
+FROM hadolint/hadolint:v1.19.0-alpine
 COPY LICENSE README.md problem-matcher.json /
 COPY hadolint.sh /usr/local/bin/hadolint.sh
--- a/6
+++ b/6
@ -1,7 +1,7 @@
 IMAGE_NAME:=hadolint-action
-lint-dockerfile: ## Runs hadolint against application dockerfile
+lint-dockerfile: ## Runs hadoint against application dockerfile
 	@docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile
 lint-yaml: ## Lints yaml configurations
@ -12,8 +12,8 @@ build: ## Builds the docker image
 test: build ## Runs a test in the image
 	@docker run -i --rm \
-    -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /var/run/docker.sock:/var/run/docker.sock \
-    -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \
+  -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \
    test \
    --image $(IMAGE_NAME) \
    --config test/structure-tests.yaml
--- a/README.md
+++ b/README.md
@ -6,8 +6,8 @@
 [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
 [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
 [![GitHub Workflow Status](https://img.shields.io/github/workflow/status/brpaz/hadolint-action/CI?style=for-the-badge)](https://github.com/brpaz/hadolint-action/action)
 ## Usage
@ -15,63 +15,22 @@ Add the following step to your workflow configuration:
 ```yml
 steps:
-  - uses: actions/checkout@v3
+    - uses: brpaz/hadolint-action@v1.2.1
-  - uses: hadolint/hadolint-action@v3.1.0
+      with:
-    with:
+        dockerfile: Dockerfile
      dockerfile: Dockerfile
 ```
 ## Inputs
-| Name                 | Description                                                                                                                             | Default            |
+| Name       	| Description                             	| Default      	|
-|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------|
+|------------	|-----------------------------------------	|--------------	|
-| `dockerfile`         | The path to the Dockerfile to be tested                                                                                                 | `./Dockerfile`     |
+| dockerfile 	| The path to the Dockerfile to be tested 	| ./Dockerfile 	|
 | `recursive`          | Search for specified dockerfile </br> recursively, from the project root                                                                | `false`            |
 | `config`             | Custom path to a Hadolint config file                                                                                                   | `./.hadolint.yaml` |
 | `output-file`        | A sub-path where to save the </br> output as a file to                                                                                  | `/dev/stdout`      |
 | `no-color`           | Don't create colored output (`true`/`false`)                                                                                            | `false`            |
 | `no-fail`            | Never fail the action (`true`/`false`)                                                                                                  | `false`            |
 | `verbose`            | Output more information (`true`/`false`)                                                                                                | `false`            |
 | `format`             | The output format. One of [`tty` \| `json` \| </br> `checkstyle` \| `codeclimate` \| </br> `gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty`              |
 | `failure-threshold`  | Rule severity threshold for pipeline </br> failure. One of [`error` \| `warning` \| </br>  `info` \| `style` \| `ignore`]               | `info`             |
 | `override-error`     | Comma separated list of rules to treat with `error` severity                                                                            |                    |
 | `override-warning`   | Comma separated list of rules to treat with `warning` severity                                                                          |                    |
 | `override-info`      | Comma separated list of rules to treat with `info` severity                                                                             |                    |
 | `override-style`     | Comma separated list of rules to treat with `style` severity                                                                            |                    |
 | `ignore`             | Comma separated list of Hadolint rules to ignore.                                                                                       | <none>             |
 | `trusted-registries` | Comma separated list of urls of trusted registries                                                                                      |                    |
 ## Output
 The Action will store results in an environment variable that can be used in other steps in a workflow.
 Example to create a comment in a PR:
 ```
 - name: Update Pull Request
  uses: actions/github-script@v6
  if: github.event_name == 'pull_request'
  with:
    script: |
      const output = `
      #### Hadolint: \`${{ steps.hadolint.outcome }}\`
      \`\`\`
      ${process.env.HADOLINT_RESULTS}
      \`\`\`
      `;
      github.rest.issues.createComment({
        issue_number: context.issue.number,
        owner: context.repo.owner,
        repo: context.repo.repo,
        body: output
      })
 ```
 ## Hadolint Configuration
 To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure).
 ## 🤝 Contributing
 Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**.
@ -84,12 +43,17 @@ Contributions are what make the open source community such an amazing place to b
 ## 💛 Support the project
-If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive.
+If this project was useful to you in some form, I would be glad to have your support.  It will help to keep the project alive and to have more time to work on Open Source.
 The sinplest form of support is to give a ⭐️ to this repo.
-This project was originally created by [Bruno Paz](https://github.com/sponsors/brpaz) and incorporated into the Hadolint organization. If you appreciate the work done on this action, Bruno would be happy with your [sponsorship](https://github.com/sponsors/brpaz).
+You can also contribute with [GitHub Sponsors](https://github.com/sponsors/brpaz).
 [![GitHub Sponsors](https://img.shields.io/badge/GitHub%20Sponsors-Sponsor%20Me-red?style=for-the-badge)](https://github.com/sponsors/brpaz)
 Or if you prefer a one time donation to the project, you can simple:
 <a href="https://www.buymeacoffee.com/Z1Bu6asGV" target="_blank"><img src="https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Coffee" style="height: auto !important;width: auto !important;" ></a>
 ## Author
 👤 **Bruno Paz**
@ -99,4 +63,6 @@ This project was originally created by [Bruno Paz](https://github.com/sponsors/b
 ## 📝 License
-[MIT](LICENSE)
+Copyright © 2019 [Bruno Paz](https://github.com/brpaz).
 This project is [MIT](LICENSE) licensed.
--- a/action.yml
+++ b/action.yml
@ -3,98 +3,13 @@ description: 'Action that runs Hadolint Dockerfile linting tool'
 author: 'Bruno Paz'
 inputs:
  dockerfile:
    required: false
    description: 'The path to the Dockerfile to lint'
    default: 'Dockerfile'
  config:
    required: false
    description: 'Path to a config file'
    default:
  recursive:
    required: false
    description:
      'Search for specified dockerfile recursively, from the project root'
    default: 'false'
  output-file:
    required: false
    description: 'The path where to save the linting results to'
    default: "/dev/stdout"
  # standart hadolint options:
  no-color:
    required: false
    description: Don't create colored output.
    default: 'false'
  no-fail:
    required: false
    description: Never exit with a failure status code
    default: 'false'
  verbose:
    required: false
    description: Print more information about the running config
    default: 'false'
  format:
    required: false
    description: |
      The output format, one of [tty (default) | json | checkstyle |
      codeclimate | gitlab_codeclimate | codacy | sarif]
    default: 'tty'
  failure-threshold:
    required: false
    description: |
      Fail the pipeline only if rules with severity above this threshold are
      violated. One of [error | warning | info (default) | style | ignore]
    default: 'info'
  override-error:
    required: false
    description:
      'A comma separated list of rules whose severity will be `error`'
    default:
  override-warning:
    required: false
    description:
      'A comma separated list of rules whose severity will be `warning`'
    default:
  override-info:
    required: false
    description:
      'A comma separated list of rules whose severity will be `info`'
    default:
  override-style:
    required: false
    description:
      'A comma separated list of rules whose severity will be `style`'
    default:
  ignore:
    required: false
    description: 'A comma separated string of rules to ignore'
    default:
  trusted-registries:
    required: false
    description: 'A comma separated list of trusted registry urls'
    default:
 runs:
  using: 'docker'
  image: 'Dockerfile'
  args:
    - ${{ inputs.dockerfile }}
  env:
    NO_COLOR: ${{ inputs.no-color }}
    HADOLINT_NOFAIL: ${{ inputs.no-fail }}
    HADOLINT_VERBOSE: ${{ inputs.verbose }}
    HADOLINT_FORMAT: ${{ inputs.format }}
    HADOLINT_FAILURE_THRESHOLD: ${{ inputs.failure-threshold }}
    HADOLINT_OVERRIDE_ERROR: ${{ inputs.override-error }}
    HADOLINT_OVERRIDE_WARNING: ${{ inputs.override-warning }}
    HADOLINT_OVERRIDE_INFO: ${{ inputs.override-info }}
    HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }}
    HADOLINT_IGNORE: ${{ inputs.ignore }}
    HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }}
    HADOLINT_CONFIG: ${{ inputs.config }}
    HADOLINT_RECURSIVE: ${{ inputs.recursive }}
    HADOLINT_OUTPUT: ${{ inputs.output-file }}
 branding:
  icon: 'layers'
  color: 'purple'
--- a/hadolint.sh
+++ b/hadolint.sh
@ -1,67 +1,14 @@
-#!/bin/bash
+#!/bin/sh
 # The problem-matcher definition must be present in the repository
-# checkout (outside the Docker container running hadolint). We copy
+# checkout (outside the Docker container running hadolint). We create
-# problem-matcher.json to the home folder.
+# a temporary folder and copy problem-matcher.json to it and make it
 # readable.
 TMP_FOLDER=$(mktemp -d -p .)
 cp /problem-matcher.json "${TMP_FOLDER}"
 chmod -R a+rX "${TMP_FOLDER}"
 trap "rm -rf \"${TMP_FOLDER}\"" EXIT
-PROBLEM_MATCHER_FILE="/problem-matcher.json"
+echo "::add-matcher::${TMP_FOLDER}/problem-matcher.json"
 if [ -f "$PROBLEM_MATCHER_FILE" ]; then
  cp "$PROBLEM_MATCHER_FILE" "$HOME/"
 fi
 # After the run has finished we remove the problem-matcher.json from
 # the repository so we don't leave the checkout dirty. We also remove
 # the matcher so it won't take effect in later steps.
 # shellcheck disable=SC2317
 cleanup() {
  echo "::remove-matcher owner=brpaz/hadolint-action::"
 }
 trap cleanup EXIT
-echo "::add-matcher::$HOME/problem-matcher.json"
+hadolint "$@"
 if [ -n "$HADOLINT_CONFIG" ]; then
  HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
 fi
 if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
  unset HADOLINT_TRUSTED_REGISTRIES
 fi
 COMMAND="hadolint $HADOLINT_CONFIG"
 if [ "$HADOLINT_RECURSIVE" = "true" ]; then
  shopt -s globstar
  filename="${!#}"
  flags="${*:1:$#-1}"
  RESULTS=$(eval "$COMMAND $flags" -- **/"$filename")
 else
  flags=$*
  RESULTS=$(eval "$COMMAND" "$flags")
 fi
 FAILED=$?
 if [ -n "$HADOLINT_OUTPUT" ]; then
  if [ -f "$HADOLINT_OUTPUT" ]; then
    HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
  fi
  echo "$RESULTS" >"$HADOLINT_OUTPUT"
 fi
 RESULTS="${RESULTS//$'\\n'/''}"
 {
  echo "results<<EOF"
  echo "$RESULTS"
  echo "EOF"
 } >>"$GITHUB_OUTPUT"
 {
  echo "HADOLINT_RESULTS<<EOF"
  echo "$RESULTS"
  echo "EOF"
 } >>"$GITHUB_ENV"
 [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
 exit $FAILED
--- a/problem-matcher.json
+++ b/problem-matcher.json
@ -1,7 +1,7 @@
 {
  "problemMatcher": [
    {
-      "owner": "brpaz/hadolint-action",
+      "owner": "hadolint",
      "pattern": [
        {
          "regexp": "(.*)\\:(\\d+)\\s(.*)",
--- a/testdata/hadolint.yaml
+++ b/testdata/hadolint.yaml
@ -1 +0,0 @@
 failure-threshold: error
--- a/testdata/info.Dockerfile
+++ b/testdata/info.Dockerfile
@ -1,5 +0,0 @@
 FROM debian:buster
 # info level warning expected here:
 RUN echo "Hello"
 RUN echo "World"
--- a/testdata/warning.Dockerfile
+++ b/testdata/warning.Dockerfile
@ -1,4 +0,0 @@
 FROM debian:buster
 # emits an info and a warning level violation.
 RUN apt-get install foo