actions/hadolint-action
2
0
Fork 0
mirror of https://github.com/hadolint/hadolint-action.git synced 2026-05-15 22:55:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: actions:master
Branches Tags
actions:master
actions:v3.3.0
actions:v3.2.0
actions:v3.1.0
actions:v3.0.0
actions:v2.1.0
actions:v2.0.0
actions:v1.7.0
actions:v1.6.0
actions:v1.5.0
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.1
actions:v1.0.2
actions:v1.0.0
..
compare: actions:v1.7.0
Branches Tags
actions:master
actions:v3.3.0
actions:v3.2.0
actions:v3.1.0
actions:v3.0.0
actions:v2.1.0
actions:v2.0.0
actions:v1.7.0
actions:v1.6.0
actions:v1.5.0
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.1
actions:v1.0.2
actions:v1.0.0

No commits in common. "master" and "v1.7.0" have entirely different histories.
master ... v1.7.0

6 changed files with 69 additions and 153 deletions
Download patch file Download diff file Expand all files Collapse all files

82
.github/workflows/ci.yml vendored
View file

@ -3,49 +3,27 @@ on:
push: push:
branches: branches:
- master - master
pull_request: pull_request:
env: env:
TEST_IMAGE_NAME: hadolint-action:${{github.sha}} TEST_IMAGE_NAME: hadolint-action:${{github.sha}}
permissions:
contents: write
issues: write # Used by Release step to update "The automated release is failing" issue
pull-requests: write # Used by ShellCheck Action to add comments on PR
jobs: jobs:
lint: lint:
name: Lint name: Lint
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
container: pipelinecomponents/hadolint:0.27.2 container: pipelinecomponents/hadolint:0.10.1
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- name: Run hadolint - name: Run hadolint
run: hadolint Dockerfile run: hadolint Dockerfile
shellcheck:
name: ShellCheck
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
- name: Run ShellCheck
uses: reviewdog/action-shellcheck@v1.31.0
with:
reporter: github-pr-review
fail_on_error: true
build-test: build-test:
name: Build and Test name: Build and Test
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
needs: needs: ["lint"]
- lint
- shellcheck
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- name: Build Docker image - name: Build Docker image
run: docker build -t $TEST_IMAGE_NAME . run: docker build -t $TEST_IMAGE_NAME .
@ -56,11 +34,10 @@ jobs:
integration-tests: integration-tests:
name: Integration Tests name: Integration Tests
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
needs: needs: build-test
- build-test
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- name: Run integration test 1 - name: Run integration test 1
uses: ./ uses: ./
@ -92,48 +69,29 @@ jobs:
failure-threshold: error failure-threshold: error
format: json format: json
- name: Run integration test 5 - config file - name: Run integration test 5 - output format
# This step will never fail, but will print out rule violations # This step will never fail, but will print out rule violations.
# because in config is set the error failure threshold.
id: hadolint5
uses: ./ uses: ./
with: with:
dockerfile: testdata/warning.Dockerfile dockerfile: testdata/warning.Dockerfile
config: testdata/hadolint.yaml config: testdata/hadolint.yaml
- name: Run integration test 6 - verify results output parameter - name: Run integration test 6 - output to file
# This step will never fail, but will print out the results from step5 # This step will never fail, but will print out rule violations.
env:
results: ${{ steps.hadolint5.outputs.results }}
run: echo "$results"
- name: Run integration test 7 - set recursive
# This step will never fail, but will print out rule violations
# for all the Dockerfiles in repository.
uses: ./ uses: ./
with: with:
dockerfile: "*Dockerfile" dockerfile: testdata/warning.Dockerfile
failure-threshold: error format: sarif
recursive: true output-file: /report.sarif
#- name: Run integration test 8 - output to file
# # This step will never fail, but will print out rule violations.
# uses: ./
# with:
# dockerfile: testdata/warning.Dockerfile
# format: sarif
# output-file: report.sarif
release: release:
if: github.event_name == 'push' && github.ref == 'refs/heads/master' if: github.event_name == 'push' && github.ref == 'refs/heads/master'
name: Release name: Release
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
needs: needs: integration-tests
- integration-tests
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- uses: cycjimmy/semantic-release-action@v2
- uses: cycjimmy/semantic-release-action@v5
with: with:
extra_plugins: | extra_plugins: |
@semantic-release/git @semantic-release/git

2
Dockerfile
View file

@ -1,4 +1,4 @@
FROM ghcr.io/hadolint/hadolint:v2.14.0-debian FROM hadolint/hadolint:v2.9.2-debian
COPY LICENSE README.md problem-matcher.json / COPY LICENSE README.md problem-matcher.json /
COPY hadolint.sh /usr/local/bin/hadolint.sh COPY hadolint.sh /usr/local/bin/hadolint.sh

2
Makefile
View file

@ -1,7 +1,7 @@
IMAGE_NAME:=hadolint-action IMAGE_NAME:=hadolint-action
lint-dockerfile: ## Runs hadolint against application dockerfile lint-dockerfile: ## Runs hadoint against application dockerfile
@docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile @docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile
lint-yaml: ## Lints yaml configurations lint-yaml: ## Lints yaml configurations

77
README.md
View file

@ -6,8 +6,8 @@
[![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
## Usage ## Usage
@ -15,8 +15,8 @@ Add the following step to your workflow configuration:
```yml ```yml
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v2
- uses: hadolint/hadolint-action@v3.1.0 - uses: hadolint/hadolint-action@v1.6.0
with: with:
dockerfile: Dockerfile dockerfile: Dockerfile
``` ```
@ -24,49 +24,33 @@ steps:
## Inputs ## Inputs
| Name | Description | Default | | Name | Description | Default |
|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| |------------------- |------------------------------------------ |----------------- |
| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | | dockerfile | The path to the Dockerfile to be tested | ./Dockerfile |
| `recursive` | Search for specified dockerfile </br> recursively, from the project root | `false` | | recursive | Search for specified dockerfile | false |
| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | | | recursively, from the project root | |
| `output-file` | A sub-path where to save the </br> output as a file to | `/dev/stdout` | | config | Custom path to a Hadolint config file | ./.hadolint.yaml |
| `no-color` | Don't create colored output (`true`/`false`) | `false` | | output-file | A sub-path where to save the | |
| `no-fail` | Never fail the action (`true`/`false`) | `false` | | | output as a file to | |
| `verbose` | Output more information (`true`/`false`) | `false` | | no-color | Don't create colored output | |
| `format` | The output format. One of [`tty` \| `json` \| </br> `checkstyle` \| `codeclimate` \| </br> `gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | no-fail | Never fail the action | |
| `failure-threshold` | Rule severity threshold for pipeline </br> failure. One of [`error` \| `warning` \| </br> `info` \| `style` \| `ignore`] | `info` | | verbose | Output more information | |
| `override-error` | Comma separated list of rules to treat with `error` severity | | | format | The output format. One of [tty \| json \| | tty |
| `override-warning` | Comma separated list of rules to treat with `warning` severity | | | | checkstyle \| codeclimate \| | |
| `override-info` | Comma separated list of rules to treat with `info` severity | | | | gitlab_codeclimate \| codacy \| sarif] | |
| `override-style` | Comma separated list of rules to treat with `style` severity | | | failure-threshold | Rule severity threshold for pipeline | info |
| `ignore` | Comma separated list of Hadolint rules to ignore. | <none> | | | failure. One of [error \| warning \| | |
| `trusted-registries` | Comma separated list of urls of trusted registries | | | | info \| style \| ignore] | |
| override-error | List of rules to treat with 'error' | |
## Output | | severity | |
| override-warning | List of rules to treat with 'warning' | |
The Action will store results in an environment variable that can be used in other steps in a workflow. | | severity | |
| override-info | List of rules to treat with 'info' | |
Example to create a comment in a PR: | | severity | |
| override-style | List of rules to treat with 'style' | |
``` | | severity | |
- name: Update Pull Request | ignore | Space separated list of Hadolint rules to | <none> |
uses: actions/github-script@v6 | | ignore. | |
if: github.event_name == 'pull_request' | trusted-resgitries | List of urls of trusted registries | |
with:
script: |
const output = `
#### Hadolint: \`${{ steps.hadolint.outcome }}\`
\`\`\`
${process.env.HADOLINT_RESULTS}
\`\`\`
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
```
## Hadolint Configuration ## Hadolint Configuration
@ -81,7 +65,6 @@ Contributions are what make the open source community such an amazing place to b
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`) 3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the Branch (`git push origin feature/AmazingFeature`) 4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request 5. Open a Pull Request
## đź’› Support the project ## đź’› Support the project
If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive. If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive.

2
action.yml
View file

@ -18,7 +18,7 @@ inputs:
output-file: output-file:
required: false required: false
description: 'The path where to save the linting results to' description: 'The path where to save the linting results to'
default: "/dev/stdout" default:
# standart hadolint options: # standart hadolint options:
no-color: no-color:

49
hadolint.sh
View file

@ -1,16 +1,13 @@
#!/bin/bash #!/bin/bash
# The problem-matcher definition must be present in the repository # The problem-matcher definition must be present in the repository
# checkout (outside the Docker container running hadolint). We copy # checkout (outside the Docker container running hadolint). We copy
# problem-matcher.json to the home folder. # problem-matcher.json to the home folder.
cp /problem-matcher.json "$HOME/"
PROBLEM_MATCHER_FILE="/problem-matcher.json"
if [ -f "$PROBLEM_MATCHER_FILE" ]; then
cp "$PROBLEM_MATCHER_FILE" "$HOME/"
fi
# After the run has finished we remove the problem-matcher.json from # After the run has finished we remove the problem-matcher.json from
# the repository so we don't leave the checkout dirty. We also remove # the repository so we don't leave the checkout dirty. We also remove
# the matcher so it won't take effect in later steps. # the matcher so it won't take effect in later steps.
# shellcheck disable=SC2317
cleanup() { cleanup() {
echo "::remove-matcher owner=brpaz/hadolint-action::" echo "::remove-matcher owner=brpaz/hadolint-action::"
} }
@ -22,46 +19,24 @@ if [ -n "$HADOLINT_CONFIG" ]; then
HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}" HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
fi fi
if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then OUTPUT=
unset HADOLINT_TRUSTED_REGISTRIES if [ -n "$HADOLINT_OUTPUT" ]; then
if [ -f "$HADOLINT_OUTPUT" ]; then
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
fi
OUTPUT=" | tee $HADOLINT_OUTPUT"
fi fi
COMMAND="hadolint $HADOLINT_CONFIG"
if [ "$HADOLINT_RECURSIVE" = "true" ]; then if [ "$HADOLINT_RECURSIVE" = "true" ]; then
shopt -s globstar shopt -s globstar
filename="${!#}" filename="${!#}"
flags="${*:1:$#-1}" flags="${@:1:$#-1}"
RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT
else else
flags=$* # shellcheck disable=SC2086
RESULTS=$(eval "$COMMAND" "$flags") hadolint $HADOLINT_CONFIG "$@" $OUTPUT
fi fi
FAILED=$?
if [ -n "$HADOLINT_OUTPUT" ]; then
if [ -f "$HADOLINT_OUTPUT" ]; then
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
fi
echo "$RESULTS" >"$HADOLINT_OUTPUT"
fi
RESULTS="${RESULTS//$'\\n'/''}"
{
echo "results<<EOF"
echo "$RESULTS"
echo "EOF"
} >>"$GITHUB_OUTPUT"
{
echo "HADOLINT_RESULTS<<EOF"
echo "$RESULTS"
echo "EOF"
} >>"$GITHUB_ENV"
[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
exit $FAILED