feat: trigger release workflow

Release action only triggers if there is a commit with a keyword in the
title since the last release tag was made...

Signed-off-by: Moritz Röhrich <moritz@ildefons.de>

.github/workflows/ci.yml

@@ -3,27 +3,49 @@ on:
   push:
     branches:
       - master
+
   pull_request:
 
 env:
   TEST_IMAGE_NAME: hadolint-action:${{github.sha}}
 
+permissions:
+  contents: write
+  issues: write  # Used by Release step to update "The automated release is failing" issue
+  pull-requests: write  # Used by ShellCheck Action to add comments on PR
+
 jobs:
   lint:
     name: Lint
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
-    container: pipelinecomponents/hadolint:0.10.1
+    container: pipelinecomponents/hadolint:0.27.2
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
+
       - name: Run hadolint
         run: hadolint Dockerfile
 
+  shellcheck:
+    name: ShellCheck
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Run ShellCheck
+        uses: reviewdog/action-shellcheck@v1.31.0
+        with:
+          reporter: github-pr-review
+          fail_on_error: true
+
   build-test:
     name: Build and Test
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
-    needs: ["lint"]
+    needs:
+      - lint
+      - shellcheck
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
+
       - name: Build Docker image
         run: docker build -t $TEST_IMAGE_NAME .
 
@@ -34,10 +56,11 @@ jobs:
 
   integration-tests:
     name: Integration Tests
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
-    needs: build-test
+    needs:
+      - build-test
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
 
       - name: Run integration test 1
         uses: ./
@@ -69,29 +92,48 @@ jobs:
           failure-threshold: error
           format: json
 
-      - name: Run integration test 5 - output format
+      - name: Run integration test 5 - config file
-        # This step will never fail, but will print out rule violations.
+        # This step will never fail, but will print out rule violations
+        # because in config is set the error failure threshold.
+        id: hadolint5
         uses: ./
         with:
           dockerfile: testdata/warning.Dockerfile
           config: testdata/hadolint.yaml
 
-      - name: Run integration test 6 - output to file
+      - name: Run integration test 6 - verify results output parameter
-        # This step will never fail, but will print out rule violations.
+        # This step will never fail, but will print out the results from step5
+        env:
+          results: ${{ steps.hadolint5.outputs.results }}
+        run: echo "$results"
+
+      - name: Run integration test 7 - set recursive
+        # This step will never fail, but will print out rule violations
+        # for all the Dockerfiles in repository.
         uses: ./
         with:
-          dockerfile: testdata/warning.Dockerfile
+          dockerfile: "*Dockerfile"
-          format: sarif
+          failure-threshold: error
-          output-file: /report.sarif
+          recursive: true
+
+      #- name: Run integration test 8 - output to file
+      #  # This step will never fail, but will print out rule violations.
+      #  uses: ./
+      #  with:
+      #    dockerfile: testdata/warning.Dockerfile
+      #    format: sarif
+      #    output-file: report.sarif
 
   release:
     if: github.event_name == 'push' && github.ref == 'refs/heads/master'
     name: Release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
-    needs: integration-tests
+    needs:
+      - integration-tests
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
-      - uses: cycjimmy/semantic-release-action@v2
+
+      - uses: cycjimmy/semantic-release-action@v5
         with:
           extra_plugins: |
             @semantic-release/git

Dockerfile

@@ -1,4 +1,4 @@
-FROM hadolint/hadolint:v2.9.2-debian
+FROM ghcr.io/hadolint/hadolint:v2.14.0-debian
 
 COPY LICENSE README.md problem-matcher.json /
 COPY hadolint.sh /usr/local/bin/hadolint.sh

Makefile

@@ -1,7 +1,7 @@
 
 IMAGE_NAME:=hadolint-action
 
-lint-dockerfile: ## Runs hadoint against application dockerfile
+lint-dockerfile: ## Runs hadolint against application dockerfile
 	@docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile
 
 lint-yaml: ## Lints yaml configurations

README.md

@@ -6,8 +6,8 @@
 [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
 [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
 
-[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
 
 ## Usage
 
@@ -15,8 +15,8 @@ Add the following step to your workflow configuration:
 
 ```yml
 steps:
-  - uses: actions/checkout@v2 
+  - uses: actions/checkout@v3
-  - uses: hadolint/hadolint-action@v1.6.0
+  - uses: hadolint/hadolint-action@v3.1.0
     with:
       dockerfile: Dockerfile
 ```
@@ -24,33 +24,49 @@ steps:
 ## Inputs
 
 | Name                 | Description                                                                                                                             | Default            |
-|------------------- |------------------------------------------ |----------------- |
+|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------|
-| dockerfile         | The path to the Dockerfile to be tested   | ./Dockerfile     |
+| `dockerfile`         | The path to the Dockerfile to be tested                                                                                                 | `./Dockerfile`     |
-| recursive          | Search for specified dockerfile           | false            |
+| `recursive`          | Search for specified dockerfile </br> recursively, from the project root                                                                | `false`            |
-|                    | recursively, from the project root        |                  |
+| `config`             | Custom path to a Hadolint config file                                                                                                   | `./.hadolint.yaml` |
-| config             | Custom path to a Hadolint config file     | ./.hadolint.yaml |
+| `output-file`        | A sub-path where to save the </br> output as a file to                                                                                  | `/dev/stdout`      |
-| output-file        | A sub-path where to save the              |                  |
+| `no-color`           | Don't create colored output (`true`/`false`)                                                                                            | `false`            |
-|                    | output as a file to                       |                  |
+| `no-fail`            | Never fail the action (`true`/`false`)                                                                                                  | `false`            |
-| no-color           | Don't create colored output               |                  |
+| `verbose`            | Output more information (`true`/`false`)                                                                                                | `false`            |
-| no-fail            | Never fail the action                     |                  |
+| `format`             | The output format. One of [`tty` \| `json` \| </br> `checkstyle` \| `codeclimate` \| </br> `gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty`              |
-| verbose            | Output more information                   |                  |
+| `failure-threshold`  | Rule severity threshold for pipeline </br> failure. One of [`error` \| `warning` \| </br>  `info` \| `style` \| `ignore`]               | `info`             |
-| format             | The output format. One of [tty \| json \| | tty              |
+| `override-error`     | Comma separated list of rules to treat with `error` severity                                                                            |                    |
-|                    | checkstyle \| codeclimate \|              |                  |
+| `override-warning`   | Comma separated list of rules to treat with `warning` severity                                                                          |                    |
-|                    | gitlab_codeclimate \| codacy \| sarif]    |                  |
+| `override-info`      | Comma separated list of rules to treat with `info` severity                                                                             |                    |
-| failure-threshold  | Rule severity threshold for pipeline      | info             |
+| `override-style`     | Comma separated list of rules to treat with `style` severity                                                                            |                    |
-|                    | failure. One of [error \| warning \|      |                  |
+| `ignore`             | Comma separated list of Hadolint rules to ignore.                                                                                       | <none>             |
-|                    | info \| style \| ignore]                  |                  |
+| `trusted-registries` | Comma separated list of urls of trusted registries                                                                                      |                    |
-| override-error     | List of rules to treat with 'error'       |                  |
+
-|                    | severity                                  |                  |
+## Output
-| override-warning   | List of rules to treat with 'warning'     |                  |
+
-|                    | severity                                  |                  |
+The Action will store results in an environment variable that can be used in other steps in a workflow.
-| override-info      | List of rules to treat with 'info'        |                  |
+
-|                    | severity                                  |                  |
+Example to create a comment in a PR:
-| override-style     | List of rules to treat with 'style'       |                  |
+
-|                    | severity                                  |                  |
+```
-| ignore             | Space separated list of Hadolint rules to | <none>           |
+- name: Update Pull Request
-|                    | ignore.                                   |                  |
+  uses: actions/github-script@v6
-| trusted-resgitries | List of urls of trusted registries        |                  |
+  if: github.event_name == 'pull_request'
+  with:
+    script: |
+      const output = `
+      #### Hadolint: \`${{ steps.hadolint.outcome }}\`
+      \`\`\`
+      ${process.env.HADOLINT_RESULTS}
+      \`\`\`
+      `;
+
+      github.rest.issues.createComment({
+        issue_number: context.issue.number,
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+        body: output
+      })
+```
 
 ## Hadolint Configuration
 
@@ -65,6 +81,7 @@ Contributions are what make the open source community such an amazing place to b
 3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
 4. Push to the Branch (`git push origin feature/AmazingFeature`)
 5. Open a Pull Request
+
 ## 💛 Support the project
 
 If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive.

action.yml

@@ -18,7 +18,7 @@ inputs:
   output-file:
     required: false
     description: 'The path where to save the linting results to'
-    default:
+    default: "/dev/stdout"
 
   # standart hadolint options:
   no-color:

hadolint.sh

@@ -1,13 +1,16 @@
 #!/bin/bash
-
 # The problem-matcher definition must be present in the repository
 # checkout (outside the Docker container running hadolint). We copy
 # problem-matcher.json to the home folder.
-cp /problem-matcher.json "$HOME/"
 
+PROBLEM_MATCHER_FILE="/problem-matcher.json"
+if [ -f "$PROBLEM_MATCHER_FILE" ]; then
+  cp "$PROBLEM_MATCHER_FILE" "$HOME/"
+fi
 # After the run has finished we remove the problem-matcher.json from
 # the repository so we don't leave the checkout dirty. We also remove
 # the matcher so it won't take effect in later steps.
+# shellcheck disable=SC2317
 cleanup() {
   echo "::remove-matcher owner=brpaz/hadolint-action::"
 }
@@ -19,24 +22,46 @@ if [ -n "$HADOLINT_CONFIG" ]; then
   HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
 fi
 
-OUTPUT=
+if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
-if [ -n "$HADOLINT_OUTPUT" ]; then
+  unset HADOLINT_TRUSTED_REGISTRIES
-  if [ -f "$HADOLINT_OUTPUT" ]; then
-    HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
-  fi
-  OUTPUT=" | tee $HADOLINT_OUTPUT"
 fi
 
+COMMAND="hadolint $HADOLINT_CONFIG"
+
 if [ "$HADOLINT_RECURSIVE" = "true" ]; then
   shopt -s globstar
 
   filename="${!#}"
-  flags="${@:1:$#-1}"
+  flags="${*:1:$#-1}"
 
-  hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT
+  RESULTS=$(eval "$COMMAND $flags" -- **/"$filename")
 else
-  # shellcheck disable=SC2086
+  flags=$*
-  hadolint $HADOLINT_CONFIG "$@" $OUTPUT
+  RESULTS=$(eval "$COMMAND" "$flags")
+fi
+FAILED=$?
+
+if [ -n "$HADOLINT_OUTPUT" ]; then
+  if [ -f "$HADOLINT_OUTPUT" ]; then
+    HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
+  fi
+  echo "$RESULTS" >"$HADOLINT_OUTPUT"
 fi
 
+RESULTS="${RESULTS//$'\\n'/''}"
+
+{
+  echo "results<<EOF"
+  echo "$RESULTS"
+  echo "EOF"
+} >>"$GITHUB_OUTPUT"
+
+{
+  echo "HADOLINT_RESULTS<<EOF"
+  echo "$RESULTS"
+  echo "EOF"
+} >>"$GITHUB_ENV"
+
 [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
+
+exit $FAILED