feat: trigger release workflow

Release action only triggers if there is a commit with a keyword in the
title since the last release tag was made...

Signed-off-by: Moritz Röhrich <moritz@ildefons.de>

.github/workflows/ci.yml

@@ -3,27 +3,49 @@ on:
   push:
     branches:
       - master
+
   pull_request:
 
 env:
   TEST_IMAGE_NAME: hadolint-action:${{github.sha}}
 
+permissions:
+  contents: write
+  issues: write  # Used by Release step to update "The automated release is failing" issue
+  pull-requests: write  # Used by ShellCheck Action to add comments on PR
+
 jobs:
   lint:
     name: Lint
-    runs-on: ubuntu-20.04
-    container: pipelinecomponents/hadolint:0.10.1
+    runs-on: ubuntu-24.04
+    container: pipelinecomponents/hadolint:0.27.2
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
+
       - name: Run hadolint
         run: hadolint Dockerfile
 
+  shellcheck:
+    name: ShellCheck
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Run ShellCheck
+        uses: reviewdog/action-shellcheck@v1.31.0
+        with:
+          reporter: github-pr-review
+          fail_on_error: true
+
   build-test:
     name: Build and Test
-    runs-on: ubuntu-20.04
-    needs: ["lint"]
+    runs-on: ubuntu-24.04
+    needs:
+      - lint
+      - shellcheck
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
+
       - name: Build Docker image
         run: docker build -t $TEST_IMAGE_NAME .
 
@@ -34,10 +56,11 @@ jobs:
 
   integration-tests:
     name: Integration Tests
-    runs-on: ubuntu-20.04
-    needs: build-test
+    runs-on: ubuntu-24.04
+    needs:
+      - build-test
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v5
 
       - name: Run integration test 1
         uses: ./
@@ -69,8 +92,9 @@ jobs:
           failure-threshold: error
           format: json
 
-      - name: Run integration test 5 - output format
-        # This step will never fail, but will print out rule violations.
+      - name: Run integration test 5 - config file
+        # This step will never fail, but will print out rule violations
+        # because in config is set the error failure threshold.
         id: hadolint5
         uses: ./
         with:
@@ -79,9 +103,20 @@ jobs:
 
       - name: Run integration test 6 - verify results output parameter
         # This step will never fail, but will print out the results from step5
-        run: echo "${{ steps.hadolint5.outputs.results }}"
+        env:
+          results: ${{ steps.hadolint5.outputs.results }}
+        run: echo "$results"
 
-      #- name: Run integration test 6 - output to file
+      - name: Run integration test 7 - set recursive
+        # This step will never fail, but will print out rule violations
+        # for all the Dockerfiles in repository.
+        uses: ./
+        with:
+          dockerfile: "*Dockerfile"
+          failure-threshold: error
+          recursive: true
+
+      #- name: Run integration test 8 - output to file
       #  # This step will never fail, but will print out rule violations.
       #  uses: ./
       #  with:
@@ -92,11 +127,13 @@ jobs:
   release:
     if: github.event_name == 'push' && github.ref == 'refs/heads/master'
     name: Release
-    runs-on: ubuntu-20.04
-    needs: integration-tests
+    runs-on: ubuntu-24.04
+    needs:
+      - integration-tests
     steps:
-      - uses: actions/checkout@v2
-      - uses: cycjimmy/semantic-release-action@v2
+      - uses: actions/checkout@v5
+
+      - uses: cycjimmy/semantic-release-action@v5
         with:
           extra_plugins: |
             @semantic-release/git

Dockerfile

@@ -1,4 +1,4 @@
-FROM hadolint/hadolint:v2.9.3-debian
+FROM ghcr.io/hadolint/hadolint:v2.14.0-debian
 
 COPY LICENSE README.md problem-matcher.json /
 COPY hadolint.sh /usr/local/bin/hadolint.sh

README.md

@@ -6,7 +6,8 @@
 [![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
 [![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
-[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/hadolint/hadolint-action/ci.yml?branch=master&style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
+
 
 ## Usage
 
@@ -14,8 +15,8 @@ Add the following step to your workflow configuration:
 
 ```yml
 steps:
-  - uses: actions/checkout@v2 
-  - uses: hadolint/hadolint-action@v2.0.0
+  - uses: actions/checkout@v3
+  - uses: hadolint/hadolint-action@v3.1.0
     with:
       dockerfile: Dockerfile
 ```
@@ -27,10 +28,10 @@ steps:
 | `dockerfile`         | The path to the Dockerfile to be tested                                                                                                 | `./Dockerfile`     |
 | `recursive`          | Search for specified dockerfile </br> recursively, from the project root                                                                | `false`            |
 | `config`             | Custom path to a Hadolint config file                                                                                                   | `./.hadolint.yaml` |
-| `output-file`        | A sub-path where to save the </br> output as a file to                                                                                  |                    |
-| `no-color`           | Don't create colored output (`true`/`false`)                                                                                            |                    |
-| `no-fail`            | Never fail the action (`true`/`false`)                                                                                                  |                    |
-| `verbose`            | Output more information (`true`/`false`)                                                                                                |                    |
+| `output-file`        | A sub-path where to save the </br> output as a file to                                                                                  | `/dev/stdout`      |
+| `no-color`           | Don't create colored output (`true`/`false`)                                                                                            | `false`            |
+| `no-fail`            | Never fail the action (`true`/`false`)                                                                                                  | `false`            |
+| `verbose`            | Output more information (`true`/`false`)                                                                                                | `false`            |
 | `format`             | The output format. One of [`tty` \| `json` \| </br> `checkstyle` \| `codeclimate` \| </br> `gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty`              |
 | `failure-threshold`  | Rule severity threshold for pipeline </br> failure. One of [`error` \| `warning` \| </br>  `info` \| `style` \| `ignore`]               | `info`             |
 | `override-error`     | Comma separated list of rules to treat with `error` severity                                                                            |                    |

action.yml

@@ -18,7 +18,7 @@ inputs:
   output-file:
     required: false
     description: 'The path where to save the linting results to'
-    default:
+    default: "/dev/stdout"
 
   # standart hadolint options:
   no-color:

hadolint.sh

@@ -1,15 +1,18 @@
 #!/bin/bash
-
 # The problem-matcher definition must be present in the repository
 # checkout (outside the Docker container running hadolint). We copy
 # problem-matcher.json to the home folder.
-cp /problem-matcher.json "$HOME/"
 
+PROBLEM_MATCHER_FILE="/problem-matcher.json"
+if [ -f "$PROBLEM_MATCHER_FILE" ]; then
+  cp "$PROBLEM_MATCHER_FILE" "$HOME/"
+fi
 # After the run has finished we remove the problem-matcher.json from
 # the repository so we don't leave the checkout dirty. We also remove
 # the matcher so it won't take effect in later steps.
+# shellcheck disable=SC2317
 cleanup() {
-    echo "::remove-matcher owner=brpaz/hadolint-action::"
+  echo "::remove-matcher owner=brpaz/hadolint-action::"
 }
 trap cleanup EXIT
 
@@ -20,19 +23,21 @@ if [ -n "$HADOLINT_CONFIG" ]; then
 fi
 
 if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
-  unset HADOLINT_TRUSTED_REGISTRIES;
+  unset HADOLINT_TRUSTED_REGISTRIES
 fi
 
+COMMAND="hadolint $HADOLINT_CONFIG"
+
 if [ "$HADOLINT_RECURSIVE" = "true" ]; then
   shopt -s globstar
 
   filename="${!#}"
-  flags="${@:1:$#-1}"
+  flags="${*:1:$#-1}"
 
-  RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename)
+  RESULTS=$(eval "$COMMAND $flags" -- **/"$filename")
 else
-  # shellcheck disable=SC2086
-  RESULTS=$(hadolint $HADOLINT_CONFIG "$@")
+  flags=$*
+  RESULTS=$(eval "$COMMAND" "$flags")
 fi
 FAILED=$?
 
@@ -40,13 +45,22 @@ if [ -n "$HADOLINT_OUTPUT" ]; then
   if [ -f "$HADOLINT_OUTPUT" ]; then
     HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
   fi
-  echo "$RESULTS" > $HADOLINT_OUTPUT
+  echo "$RESULTS" >"$HADOLINT_OUTPUT"
 fi
 
 RESULTS="${RESULTS//$'\\n'/''}"
-echo "::set-output name=results::$RESULTS"
 
-{ echo "HADOLINT_RESULTS<<EOF"; echo "$RESULTS"; echo "EOF"; } >> $GITHUB_ENV
+{
+  echo "results<<EOF"
+  echo "$RESULTS"
+  echo "EOF"
+} >>"$GITHUB_OUTPUT"
+
+{
+  echo "HADOLINT_RESULTS<<EOF"
+  echo "$RESULTS"
+  echo "EOF"
+} >>"$GITHUB_ENV"
 
 [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"