37 Commits

Author SHA1 Message Date
José Lorenzo Rodríguez 0bc6199b82 upgrade to 2.9.2 2022-03-22 09:41:42 +01:00
José Lorenzo Rodríguez 070f68df71 Merge pull request #43 from m-ildefons/config-options
features: config options, saving to file, SARIF
2022-03-22 09:41:12 +01:00
José Lorenzo Rodríguez 40f98da752 Merge pull request #45 from mblottiere/fix/missing-problem-matcher
fix: missing problem-matcher
2022-03-22 09:40:46 +01:00
Matthieu Blottière 390bcfc1bc fix: attempt to fix missing problem-matcher
It uses the solution mentioned in
https://github.com/actions/toolkit/issues/305#issuecomment-585515210
2021-12-08 17:26:25 +01:00
Moritz Röhrich 98fb3f8040 features: config options, saving to file, SARIF
- Upgrade to Hadolint 2.8.0, enabling the SARIF formatter
- Expand config options to reflect more of those regularly available
  with Hadolint including `no-fail` and `failure-threshold` options
- Enable the creation of report files

Breaking change: The list of ignored rules is now comma separated and
not space separated.

fixes: #23
fixes: #36
fixes: #42
2021-11-20 12:02:12 +01:00
José Lorenzo Rodríguez 3cfc69d4b2 Merge pull request #41 from revolunet/patch-1
docs: fix example
2021-10-19 16:19:35 +02:00
Julien Bouquillon 03ff2f358b docs: fix example 2021-10-19 15:49:02 +02:00
José Lorenzo Rodríguez d7b3858233 Make tests pass 2021-08-26 13:31:58 +02:00
José Lorenzo Rodríguez fdf6f4b6d2 Merge pull request #34 from itamargiv/feature/recursive-dir-check
Feature: Recursive dir check - Lint multiple files
2021-08-26 13:29:29 +02:00
José Lorenzo Rodríguez 0bb0c4c131 Merge pull request #39 from Juneezee/hadolint-v2.7.0
build: bump hadolint from v2.4.0 to v2.7.0
2021-08-26 12:42:52 +02:00
Eng Zer Jun 8af94d9fae build: bump hadolint from v2.4.0 to v2.7.0
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2021-08-26 17:47:50 +08:00
Itamar Givon afcbb72a70 Update docs 2021-06-14 12:02:23 +02:00
Itamar Givon 34545a185d Add recursive linting 2021-06-14 12:01:11 +02:00
José Lorenzo Rodríguez 1fe9ddfd12 Merge pull request #33 from brpaz/update-readme
update support section and remove funding configuration
2021-06-13 13:20:59 +02:00
José Lorenzo Rodríguez 64243a4c85 Merge pull request #35 from jward-bw/patch-1
Improve readability of `Inputs` table.
2021-06-13 13:19:51 +02:00
Jacob Ward 9c70326916 Improve readability of Inputs table.
In my opinion it's still not very easy to read, but it is correctly formatted now.
2021-06-04 16:49:26 +01:00
Bruno Paz 6c5b4b97b1 docs(README): update support section and remove funding configuration 2021-05-17 19:06:18 +01:00
José Lorenzo Rodríguez f49a60108f Merge pull request #30 from kalikiana/docs_readme_checkout
doc: Add checkout action to the example
2021-05-10 11:31:15 +02:00
José Lorenzo Rodríguez 5f549be9cc Merge branch 'master' into docs_readme_checkout 2021-05-10 11:31:03 +02:00
José Lorenzo Rodríguez c27bd9edc1 Merge pull request #32 from m-ildefons/hadolint-240
hadolint: version bump to 2.4.0
2021-05-10 11:27:49 +02:00
Moritz Röhrich 110e47c1b7 hadolint: version bump to 2.4.0
- bump Hadolint version to 2.4.0
- change to debian based image
- add common config options
- expand integration tests for new options

fixes: https://github.com/hadolint/hadolint-action/issues/5
fixes: https://github.com/hadolint/hadolint-action/issues/8
fixes: https://github.com/hadolint/hadolint-action/issues/17
fixes: https://github.com/hadolint/hadolint-action/issues/18
fixes: https://github.com/hadolint/hadolint-action/issues/31
2021-05-08 14:54:03 +02:00
Christian Dywan 785eabb2d4 doc: Add checkout action to the example
Fixes: #25
2021-05-02 08:45:07 +02:00
José Lorenzo Rodríguez 136c22c8f8 fix example 2021-04-15 13:44:25 +02:00
José Lorenzo Rodríguez 473e36ba30 Merge pull request #28 from hadolint/dependabot/docker/hadolint/hadolint-v2.1.0-alpine
build(deps): bump hadolint/hadolint from v1.19.0-alpine to v2.1.0-alpine
2021-04-15 13:40:41 +02:00
José Lorenzo Rodríguez edc054086d Merge pull request #29 from hadolint/hadolint-org
Updates to reflect changes to the Hadolint organization
2021-04-15 13:38:42 +02:00
Bruno Paz b18c7cf9dc Update README.md 2021-04-14 19:25:02 +01:00
dependabot[bot] 20e70041a2 build(deps): bump hadolint/hadolint from v1.19.0-alpine to v2.1.0-alpine
Bumps hadolint/hadolint from v1.19.0-alpine to v2.1.0-alpine.

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-05 07:53:42 +00:00
Arne Jørgensen 1623ba6171 fix: Remove problem matcher after run (#16) 2020-12-06 19:10:45 +00:00
Bruno Paz bf7fe9f9b9 feat: misc updates 2020-12-06 09:54:22 +00:00
dependabot[bot] b56d18750c build(deps): bump hadolint/hadolint (#12)
Bumps hadolint/hadolint from v1.17.5-alpine to v1.19.0-alpine.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-06 09:47:34 +00:00
Bruno Paz 37cdec0849 chore: update README and CI pipeline 2020-12-06 09:46:26 +00:00
Arne Jørgensen 7e374b112f fix: Fix problem matcher (#14) 2020-12-05 18:38:01 +00:00
Arne Jørgensen 88386d9893 feat: Add problem matcher
* Add problem matcher

* Fix loading tar file from artifacts
2020-12-05 17:34:32 +00:00
Arne Jørgensen 836016a45f chore: add dependabot config 2020-12-05 17:23:00 +00:00
Bruno Paz eb9b96be61 feat: update hadolint version and use alpine 2020-04-10 11:54:11 +01:00
Bruno Paz 2a819735f7 chore: create FUNDING.yml 2019-12-03 20:08:54 +00:00
Bruno Paz 5a3e6fd90a docs: Change name in readme 2019-10-03 21:31:44 +01:00
10 changed files with 275 additions and 63 deletions
+10
View File
@@ -0,0 +1,10 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
+63 -47
View File
@@ -10,74 +10,90 @@ env:
jobs:
lint:
runs-on: ubuntu-latest
container: pipelinecomponents/hadolint:latest
name: Lint
runs-on: ubuntu-20.04
container: pipelinecomponents/hadolint:0.10.1
steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: Run hadolint
run: hadolint Dockerfile
build:
runs-on: ubuntu-latest
needs: ['lint']
build-test:
name: Build and Test
runs-on: ubuntu-20.04
needs: ["lint"]
steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: Build Docker image
run: docker build -t $TEST_IMAGE_NAME .
- name: Save Docker image artifact
run: docker save -o action.tar $TEST_IMAGE_NAME
- name: Upload image artifact
uses: actions/upload-artifact@master
with:
name: action-image
path: action.tar
test:
name: Unit Tests
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v1
- name: Pull Image artifact
uses: actions/download-artifact@master
with:
name: action-image
- name: Load image into docker context
run: docker load -i action-image/action.tar
- name: Get Image Name
id: image_name
run: echo "##[set-output name=image;]$(echo $TEST_IMAGE_NAME)"
- name: Run Structure tests
uses: brpaz/structure-tests-action@master
uses: brpaz/structure-tests-action@v1.1.2
with:
image: ${{ steps.image_name.outputs.image }}
image: ${{ env.TEST_IMAGE_NAME }}
integration:
integration-tests:
name: Integration Tests
runs-on: ubuntu-latest
needs: test
runs-on: ubuntu-20.04
needs: build-test
steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v2
- name: Run integration test
- name: Run integration test 1
uses: ./
with:
dockerfile: testdata/Dockerfile
- name: Run integration test 2 - ignore a rule
# This step is supposed to print out an info level rule violation
# but completely ignore the two rules listed below
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
ignore: 'DL3014,DL3008'
no-fail: true
- name: Run integration test 3 - set failure threshold
# This step will print out an info level rule violation, but not fail
# because of the high failure threshold.
uses: ./
with:
dockerfile: testdata/info.Dockerfile
failure-threshold: warning
- name: Run integration test 4 - output format
# This step will never fail, but will print out rule violations as json.
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
failure-threshold: error
format: json
- name: Run integration test 5 - output format
# This step will never fail, but will print out rule violations.
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
config: testdata/hadolint.yaml
- name: Run integration test 6 - output to file
# This step will never fail, but will print out rule violations.
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
format: sarif
output-file: /report.sarif
release:
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
name: Release
runs-on: ubuntu-latest
needs: integration
runs-on: ubuntu-20.04
needs: integration-tests
steps:
- uses: actions/checkout@v1
- name: Semantic Release
uses: brpaz/action-semantic-release@master
- uses: actions/checkout@v2
- uses: cycjimmy/semantic-release-action@v2
with:
extra_plugins: |
@semantic-release/git
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+4 -4
View File
@@ -1,6 +1,6 @@
FROM hadolint/hadolint:v1.17.2
FROM hadolint/hadolint:v2.9.2-debian
COPY LICENSE README.md /
ENTRYPOINT [ "hadolint" ]
COPY LICENSE README.md problem-matcher.json /
COPY hadolint.sh /usr/local/bin/hadolint.sh
ENTRYPOINT [ "/usr/local/bin/hadolint.sh" ]
+46 -12
View File
@@ -1,26 +1,60 @@
# hadolint-action Action
# Hadolint Action
> Action that runs [Hadolint](https://github.com/hadolint/hadolint) Dockerfile linting tool.
> GitHub Action that runs [Hadolint](https://github.com/hadolint/hadolint) Dockerfile linting tool.
[![GitHub Action](https://img.shields.io/badge/GitHub-Action-blue?style=for-the-badge)](https://github.com/features/actions)
[![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
[![GitHub Actions](https://github.com/brpaz/hadolint-action/workflows/CI/badge.svg?style=for-the-badge)](https://github.com/brpaz/hadolint-action/actions)
[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
## Usage
Add the following step to your workflow configuration:
```yml
steps:
uses: brpaz/hadolint-action@master
- uses: actions/checkout@v2
- uses: hadolint/hadolint-action@v1.6.0
with:
dockerfile: Dockerfile
```
## Inputs
**`dockerfile`**
| Name | Description | Default |
|------------------- |------------------------------------------ |----------------- |
| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile |
| recursive | Search for specified dockerfile | false |
| | recursively, from the project root | |
| config | Custom path to a Hadolint config file | ./.hadolint.yaml |
| output-file | A sub-path where to save the | |
| | output as a file to | |
| no-color | Don't create colored output | |
| no-fail | Never fail the action | |
| verbose | Output more information | |
| format | The output format. One of [tty \| json \| | tty |
| | checkstyle \| codeclimate \| | |
| | gitlab_codeclimate \| codacy \| sarif] | |
| failure-threshold | Rule severity threshold for pipeline | info |
| | failure. One of [error \| warning \| | |
| | info \| style \| ignore] | |
| override-error | List of rules to treat with 'error' | |
| | severity | |
| override-warning | List of rules to treat with 'warning' | |
| | severity | |
| override-info | List of rules to treat with 'info' | |
| | severity | |
| override-style | List of rules to treat with 'style' | |
| | severity | |
| ignore | Space separated list of Hadolint rules to | <none> |
| | ignore. | |
| trusted-resgitries | List of urls of trusted registries | |
The path to the Dockerfile to be tested. By default it will look for a Dockerfile in the current directory.
## Hadolint Configuration
To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure).
## 🤝 Contributing
@@ -31,11 +65,13 @@ Contributions are what make the open source community such an amazing place to b
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request
## 💛 Support the project
## Useful Resources
If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive.
* [Building actions - GitHub Help](https://help.github.com/en/articles/building-actions)
* [actions/toolkit: The GitHub ToolKit for developing GitHub Actions.](https://github.com/actions/toolkit)
The sinplest form of support is to give a ⭐️ to this repo.
This project was originally created by [Bruno Paz](https://github.com/sponsors/brpaz) and incorporated into the Hadolint organization. If you appreciate the work done on this action, Bruno would be happy with your [sponsorship](https://github.com/sponsors/brpaz).
## Author
@@ -46,6 +82,4 @@ Contributions are what make the open source community such an amazing place to b
## 📝 License
Copyright © 2019 [Bruno Paz](https://github.com/brpaz).
This project is [MIT](LICENSE) licensed.
[MIT](LICENSE)
+85
View File
@@ -3,13 +3,98 @@ description: 'Action that runs Hadolint Dockerfile linting tool'
author: 'Bruno Paz'
inputs:
dockerfile:
required: false
description: 'The path to the Dockerfile to lint'
default: 'Dockerfile'
config:
required: false
description: 'Path to a config file'
default:
recursive:
required: false
description:
'Search for specified dockerfile recursively, from the project root'
default: 'false'
output-file:
required: false
description: 'The path where to save the linting results to'
default:
# standart hadolint options:
no-color:
required: false
description: Don't create colored output.
default: 'false'
no-fail:
required: false
description: Never exit with a failure status code
default: 'false'
verbose:
required: false
description: Print more information about the running config
default: 'false'
format:
required: false
description: |
The output format, one of [tty (default) | json | checkstyle |
codeclimate | gitlab_codeclimate | codacy | sarif]
default: 'tty'
failure-threshold:
required: false
description: |
Fail the pipeline only if rules with severity above this threshold are
violated. One of [error | warning | info (default) | style | ignore]
default: 'info'
override-error:
required: false
description:
'A comma separated list of rules whose severity will be `error`'
default:
override-warning:
required: false
description:
'A comma separated list of rules whose severity will be `warning`'
default:
override-info:
required: false
description:
'A comma separated list of rules whose severity will be `info`'
default:
override-style:
required: false
description:
'A comma separated list of rules whose severity will be `style`'
default:
ignore:
required: false
description: 'A comma separated string of rules to ignore'
default:
trusted-registries:
required: false
description: 'A comma separated list of trusted registry urls'
default:
runs:
using: 'docker'
image: 'Dockerfile'
args:
- ${{ inputs.dockerfile }}
env:
NO_COLOR: ${{ inputs.no-color }}
HADOLINT_NOFAIL: ${{ inputs.no-fail }}
HADOLINT_VERBOSE: ${{ inputs.verbose }}
HADOLINT_FORMAT: ${{ inputs.format }}
HADOLINT_FAILURE_THRESHOLD: ${{ inputs.failure-threshold }}
HADOLINT_OVERRIDE_ERROR: ${{ inputs.override-error }}
HADOLINT_OVERRIDE_WARNING: ${{ inputs.override-warning }}
HADOLINT_OVERRIDE_INFO: ${{ inputs.override-info }}
HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }}
HADOLINT_IGNORE: ${{ inputs.ignore }}
HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }}
HADOLINT_CONFIG: ${{ inputs.config }}
HADOLINT_RECURSIVE: ${{ inputs.recursive }}
HADOLINT_OUTPUT: ${{ inputs.output-file }}
branding:
icon: 'layers'
color: 'purple'
Executable
+42
View File
@@ -0,0 +1,42 @@
#!/bin/bash
# The problem-matcher definition must be present in the repository
# checkout (outside the Docker container running hadolint). We copy
# problem-matcher.json to the home folder.
cp /problem-matcher.json "$HOME/"
# After the run has finished we remove the problem-matcher.json from
# the repository so we don't leave the checkout dirty. We also remove
# the matcher so it won't take effect in later steps.
cleanup() {
echo "::remove-matcher owner=brpaz/hadolint-action::"
}
trap cleanup EXIT
echo "::add-matcher::$HOME/problem-matcher.json"
if [ -n "$HADOLINT_CONFIG" ]; then
HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
fi
OUTPUT=
if [ -n "$HADOLINT_OUTPUT" ]; then
if [ -f "$HADOLINT_OUTPUT" ]; then
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
fi
OUTPUT=" | tee $HADOLINT_OUTPUT"
fi
if [ "$HADOLINT_RECURSIVE" = "true" ]; then
shopt -s globstar
filename="${!#}"
flags="${@:1:$#-1}"
hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT
else
# shellcheck disable=SC2086
hadolint $HADOLINT_CONFIG "$@" $OUTPUT
fi
[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
+15
View File
@@ -0,0 +1,15 @@
{
"problemMatcher": [
{
"owner": "brpaz/hadolint-action",
"pattern": [
{
"regexp": "(.*)\\:(\\d+)\\s(.*)",
"file": 1,
"line": 2,
"message": 3
}
]
}
]
}
+1
View File
@@ -0,0 +1 @@
failure-threshold: error
+5
View File
@@ -0,0 +1,5 @@
FROM debian:buster
# info level warning expected here:
RUN echo "Hello"
RUN echo "World"
+4
View File
@@ -0,0 +1,4 @@
FROM debian:buster
# emits an info and a warning level violation.
RUN apt-get install foo