actions/hadolint-action
2
0
Fork 0
mirror of https://github.com/hadolint/hadolint-action.git synced 2026-05-16 07:05:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: actions:master
Branches Tags
actions:master
actions:v3.3.0
actions:v3.2.0
actions:v3.1.0
actions:v3.0.0
actions:v2.1.0
actions:v2.0.0
actions:v1.7.0
actions:v1.6.0
actions:v1.5.0
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.1
actions:v1.0.2
actions:v1.0.0
..
compare: actions:v2.0.0
Branches Tags
actions:master
actions:v3.3.0
actions:v3.2.0
actions:v3.1.0
actions:v3.0.0
actions:v2.1.0
actions:v2.0.0
actions:v1.7.0
actions:v1.6.0
actions:v1.5.0
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.1
actions:v1.0.2
actions:v1.0.0

No commits in common. "master" and "v2.0.0" have entirely different histories.
master ... v2.0.0

6 changed files with 68 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

74
.github/workflows/ci.yml vendored
View file

@ -3,49 +3,27 @@ on:
push: push:
branches: branches:
- master - master
pull_request: pull_request:
env: env:
TEST_IMAGE_NAME: hadolint-action:${{github.sha}} TEST_IMAGE_NAME: hadolint-action:${{github.sha}}
permissions:
contents: write
issues: write # Used by Release step to update "The automated release is failing" issue
pull-requests: write # Used by ShellCheck Action to add comments on PR
jobs: jobs:
lint: lint:
name: Lint name: Lint
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
container: pipelinecomponents/hadolint:0.27.2 container: pipelinecomponents/hadolint:0.10.1
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- name: Run hadolint - name: Run hadolint
run: hadolint Dockerfile run: hadolint Dockerfile
shellcheck:
name: ShellCheck
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
- name: Run ShellCheck
uses: reviewdog/action-shellcheck@v1.31.0
with:
reporter: github-pr-review
fail_on_error: true
build-test: build-test:
name: Build and Test name: Build and Test
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
needs: needs: ["lint"]
- lint
- shellcheck
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- name: Build Docker image - name: Build Docker image
run: docker build -t $TEST_IMAGE_NAME . run: docker build -t $TEST_IMAGE_NAME .
@ -56,11 +34,10 @@ jobs:
integration-tests: integration-tests:
name: Integration Tests name: Integration Tests
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
needs: needs: build-test
- build-test
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- name: Run integration test 1 - name: Run integration test 1
uses: ./ uses: ./
@ -92,31 +69,14 @@ jobs:
failure-threshold: error failure-threshold: error
format: json format: json
- name: Run integration test 5 - config file - name: Run integration test 5 - output format
# This step will never fail, but will print out rule violations # This step will never fail, but will print out rule violations.
# because in config is set the error failure threshold.
id: hadolint5
uses: ./ uses: ./
with: with:
dockerfile: testdata/warning.Dockerfile dockerfile: testdata/warning.Dockerfile
config: testdata/hadolint.yaml config: testdata/hadolint.yaml
- name: Run integration test 6 - verify results output parameter #- name: Run integration test 6 - output to file
# This step will never fail, but will print out the results from step5
env:
results: ${{ steps.hadolint5.outputs.results }}
run: echo "$results"
- name: Run integration test 7 - set recursive
# This step will never fail, but will print out rule violations
# for all the Dockerfiles in repository.
uses: ./
with:
dockerfile: "*Dockerfile"
failure-threshold: error
recursive: true
#- name: Run integration test 8 - output to file
# # This step will never fail, but will print out rule violations. # # This step will never fail, but will print out rule violations.
# uses: ./ # uses: ./
# with: # with:
@ -127,13 +87,11 @@ jobs:
release: release:
if: github.event_name == 'push' && github.ref == 'refs/heads/master' if: github.event_name == 'push' && github.ref == 'refs/heads/master'
name: Release name: Release
runs-on: ubuntu-24.04 runs-on: ubuntu-20.04
needs: needs: integration-tests
- integration-tests
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v2
- uses: cycjimmy/semantic-release-action@v2
- uses: cycjimmy/semantic-release-action@v5
with: with:
extra_plugins: | extra_plugins: |
@semantic-release/git @semantic-release/git

2
Dockerfile
View file

@ -1,4 +1,4 @@
FROM ghcr.io/hadolint/hadolint:v2.14.0-debian FROM hadolint/hadolint:v2.9.3-debian
COPY LICENSE README.md problem-matcher.json / COPY LICENSE README.md problem-matcher.json /
COPY hadolint.sh /usr/local/bin/hadolint.sh COPY hadolint.sh /usr/local/bin/hadolint.sh

6
Makefile
View file

@ -1,7 +1,7 @@
IMAGE_NAME:=hadolint-action IMAGE_NAME:=hadolint-action
lint-dockerfile: ## Runs hadolint against application dockerfile lint-dockerfile: ## Runs hadoint against application dockerfile
@docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile @docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile
lint-yaml: ## Lints yaml configurations lint-yaml: ## Lints yaml configurations
@ -12,8 +12,8 @@ build: ## Builds the docker image
test: build ## Runs a test in the image test: build ## Runs a test in the image
@docker run -i --rm \ @docker run -i --rm \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \
test \ test \
--image $(IMAGE_NAME) \ --image $(IMAGE_NAME) \
--config test/structure-tests.yaml --config test/structure-tests.yaml

78
README.md
View file

@ -6,8 +6,8 @@
[![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE) [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/) [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
## Usage ## Usage
@ -15,58 +15,42 @@ Add the following step to your workflow configuration:
```yml ```yml
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v2
- uses: hadolint/hadolint-action@v3.1.0 - uses: hadolint/hadolint-action@v1.6.0
with: with:
dockerfile: Dockerfile dockerfile: Dockerfile
``` ```
## Inputs ## Inputs
| Name | Description | Default | | Name | Description | Default |
|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------| |------------------- |------------------------------------------ |----------------- |
| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | | dockerfile | The path to the Dockerfile to be tested | ./Dockerfile |
| `recursive` | Search for specified dockerfile </br> recursively, from the project root | `false` | | recursive | Search for specified dockerfile | false |
| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | | | recursively, from the project root | |
| `output-file` | A sub-path where to save the </br> output as a file to | `/dev/stdout` | | config | Custom path to a Hadolint config file | ./.hadolint.yaml |
| `no-color` | Don't create colored output (`true`/`false`) | `false` | | output-file | A sub-path where to save the | |
| `no-fail` | Never fail the action (`true`/`false`) | `false` | | | output as a file to | |
| `verbose` | Output more information (`true`/`false`) | `false` | | no-color | Don't create colored output | |
| `format` | The output format. One of [`tty` \| `json` \| </br> `checkstyle` \| `codeclimate` \| </br> `gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | no-fail | Never fail the action | |
| `failure-threshold` | Rule severity threshold for pipeline </br> failure. One of [`error` \| `warning` \| </br> `info` \| `style` \| `ignore`] | `info` | | verbose | Output more information | |
| `override-error` | Comma separated list of rules to treat with `error` severity | | | format | The output format. One of [tty \| json \| | tty |
| `override-warning` | Comma separated list of rules to treat with `warning` severity | | | | checkstyle \| codeclimate \| | |
| `override-info` | Comma separated list of rules to treat with `info` severity | | | | gitlab_codeclimate \| codacy \| sarif] | |
| `override-style` | Comma separated list of rules to treat with `style` severity | | | failure-threshold | Rule severity threshold for pipeline | info |
| `ignore` | Comma separated list of Hadolint rules to ignore. | <none> | | | failure. One of [error \| warning \| | |
| `trusted-registries` | Comma separated list of urls of trusted registries | | | | info \| style \| ignore] | |
| override-error | List of rules to treat with 'error' | |
## Output | | severity | |
| override-warning | List of rules to treat with 'warning' | |
The Action will store results in an environment variable that can be used in other steps in a workflow. | | severity | |
| override-info | List of rules to treat with 'info' | |
Example to create a comment in a PR: | | severity | |
| override-style | List of rules to treat with 'style' | |
``` | | severity | |
- name: Update Pull Request | ignore | Space separated list of Hadolint rules to | <none> |
uses: actions/github-script@v6 | | ignore. | |
if: github.event_name == 'pull_request' | trusted-registries | List of urls of trusted registries | |
with:
script: |
const output = `
#### Hadolint: \`${{ steps.hadolint.outcome }}\`
\`\`\`
${process.env.HADOLINT_RESULTS}
\`\`\`
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
```
## Hadolint Configuration ## Hadolint Configuration

2
action.yml
View file

@ -18,7 +18,7 @@ inputs:
output-file: output-file:
required: false required: false
description: 'The path where to save the linting results to' description: 'The path where to save the linting results to'
default: "/dev/stdout" default:
# standart hadolint options: # standart hadolint options:
no-color: no-color:

50
hadolint.sh
View file

@ -1,18 +1,15 @@
#!/bin/bash #!/bin/bash
# The problem-matcher definition must be present in the repository # The problem-matcher definition must be present in the repository
# checkout (outside the Docker container running hadolint). We copy # checkout (outside the Docker container running hadolint). We copy
# problem-matcher.json to the home folder. # problem-matcher.json to the home folder.
cp /problem-matcher.json "$HOME/"
PROBLEM_MATCHER_FILE="/problem-matcher.json"
if [ -f "$PROBLEM_MATCHER_FILE" ]; then
cp "$PROBLEM_MATCHER_FILE" "$HOME/"
fi
# After the run has finished we remove the problem-matcher.json from # After the run has finished we remove the problem-matcher.json from
# the repository so we don't leave the checkout dirty. We also remove # the repository so we don't leave the checkout dirty. We also remove
# the matcher so it won't take effect in later steps. # the matcher so it won't take effect in later steps.
# shellcheck disable=SC2317
cleanup() { cleanup() {
echo "::remove-matcher owner=brpaz/hadolint-action::" echo "::remove-matcher owner=brpaz/hadolint-action::"
} }
trap cleanup EXIT trap cleanup EXIT
@ -23,44 +20,29 @@ if [ -n "$HADOLINT_CONFIG" ]; then
fi fi
if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
unset HADOLINT_TRUSTED_REGISTRIES unset HADOLINT_TRUSTED_REGISTRIES;
fi fi
COMMAND="hadolint $HADOLINT_CONFIG" OUTPUT=
if [ "$HADOLINT_RECURSIVE" = "true" ]; then
shopt -s globstar
filename="${!#}"
flags="${*:1:$#-1}"
RESULTS=$(eval "$COMMAND $flags" -- **/"$filename")
else
flags=$*
RESULTS=$(eval "$COMMAND" "$flags")
fi
FAILED=$?
if [ -n "$HADOLINT_OUTPUT" ]; then if [ -n "$HADOLINT_OUTPUT" ]; then
if [ -f "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
fi fi
echo "$RESULTS" >"$HADOLINT_OUTPUT" OUTPUT=" | tee $HADOLINT_OUTPUT"
fi fi
RESULTS="${RESULTS//$'\\n'/''}" FAILED=0
if [ "$HADOLINT_RECURSIVE" = "true" ]; then
shopt -s globstar
{ filename="${!#}"
echo "results<<EOF" flags="${@:1:$#-1}"
echo "$RESULTS"
echo "EOF"
} >>"$GITHUB_OUTPUT"
{ hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT || FAILED=1
echo "HADOLINT_RESULTS<<EOF" else
echo "$RESULTS" # shellcheck disable=SC2086
echo "EOF" hadolint $HADOLINT_CONFIG "$@" $OUTPUT || FAILED=1
} >>"$GITHUB_ENV" fi
[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"