mirror of
https://github.com/hadolint/hadolint-action.git
synced 2026-07-13 12:01:39 +00:00
Compare commits
43 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0a6d062e78 | |||
| 0b08ca228d | |||
| 9a555bc2d4 | |||
| e8cde77aa0 | |||
| bc86787e19 | |||
| d2b4ab26ff | |||
| 2bcb99c6e2 | |||
| 63666e594d | |||
| 96339c1113 | |||
| 37f399667b | |||
| aa70df94a2 | |||
| 0bc6199b82 | |||
| 070f68df71 | |||
| 40f98da752 | |||
| 390bcfc1bc | |||
| 98fb3f8040 | |||
| 3cfc69d4b2 | |||
| 03ff2f358b | |||
| d7b3858233 | |||
| fdf6f4b6d2 | |||
| 0bb0c4c131 | |||
| 8af94d9fae | |||
| afcbb72a70 | |||
| 34545a185d | |||
| 1fe9ddfd12 | |||
| 64243a4c85 | |||
| 9c70326916 | |||
| 6c5b4b97b1 | |||
| f49a60108f | |||
| 5f549be9cc | |||
| c27bd9edc1 | |||
| 110e47c1b7 | |||
| 785eabb2d4 | |||
| 136c22c8f8 | |||
| 473e36ba30 | |||
| edc054086d | |||
| b18c7cf9dc | |||
| 20e70041a2 | |||
| 1623ba6171 | |||
| bf7fe9f9b9 | |||
| b56d18750c | |||
| 37cdec0849 | |||
| 7e374b112f |
@@ -1,4 +0,0 @@
|
|||||||
# https://help.github.com/en/articles/displaying-a-sponsor-button-in-your-repository
|
|
||||||
github: brpaz
|
|
||||||
patreon: brpaz
|
|
||||||
custom: https://www.buymeacoffee.com/Z1Bu6asGV
|
|
||||||
+63
-47
@@ -10,74 +10,90 @@ env:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
runs-on: ubuntu-latest
|
name: Lint
|
||||||
container: pipelinecomponents/hadolint:latest
|
runs-on: ubuntu-20.04
|
||||||
|
container: pipelinecomponents/hadolint:0.10.1
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v2
|
||||||
- name: Run hadolint
|
- name: Run hadolint
|
||||||
run: hadolint Dockerfile
|
run: hadolint Dockerfile
|
||||||
|
|
||||||
build:
|
build-test:
|
||||||
runs-on: ubuntu-latest
|
name: Build and Test
|
||||||
needs: ['lint']
|
runs-on: ubuntu-20.04
|
||||||
|
needs: ["lint"]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v2
|
||||||
- name: Build Docker image
|
- name: Build Docker image
|
||||||
run: docker build -t $TEST_IMAGE_NAME .
|
run: docker build -t $TEST_IMAGE_NAME .
|
||||||
|
|
||||||
- name: Save Docker image artifact
|
|
||||||
run: docker save -o action.tar $TEST_IMAGE_NAME
|
|
||||||
|
|
||||||
- name: Upload image artifact
|
|
||||||
uses: actions/upload-artifact@master
|
|
||||||
with:
|
|
||||||
name: action-image
|
|
||||||
path: action.tar
|
|
||||||
|
|
||||||
test:
|
|
||||||
name: Unit Tests
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: build
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v1
|
|
||||||
|
|
||||||
- name: Pull Image artifact
|
|
||||||
uses: actions/download-artifact@master
|
|
||||||
with:
|
|
||||||
name: action-image
|
|
||||||
|
|
||||||
- name: Load image into docker context
|
|
||||||
run: docker load -i action.tar
|
|
||||||
|
|
||||||
- name: Get Image Name
|
|
||||||
id: image_name
|
|
||||||
run: echo "##[set-output name=image;]$(echo $TEST_IMAGE_NAME)"
|
|
||||||
|
|
||||||
- name: Run Structure tests
|
- name: Run Structure tests
|
||||||
uses: brpaz/structure-tests-action@master
|
uses: brpaz/structure-tests-action@v1.1.2
|
||||||
with:
|
with:
|
||||||
image: ${{ steps.image_name.outputs.image }}
|
image: ${{ env.TEST_IMAGE_NAME }}
|
||||||
|
|
||||||
integration:
|
integration-tests:
|
||||||
name: Integration Tests
|
name: Integration Tests
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
needs: test
|
needs: build-test
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Run integration test
|
- name: Run integration test 1
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
dockerfile: testdata/Dockerfile
|
dockerfile: testdata/Dockerfile
|
||||||
|
|
||||||
|
- name: Run integration test 2 - ignore a rule
|
||||||
|
# This step is supposed to print out an info level rule violation
|
||||||
|
# but completely ignore the two rules listed below
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
dockerfile: testdata/warning.Dockerfile
|
||||||
|
ignore: 'DL3014,DL3008'
|
||||||
|
no-fail: true
|
||||||
|
|
||||||
|
- name: Run integration test 3 - set failure threshold
|
||||||
|
# This step will print out an info level rule violation, but not fail
|
||||||
|
# because of the high failure threshold.
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
dockerfile: testdata/info.Dockerfile
|
||||||
|
failure-threshold: warning
|
||||||
|
|
||||||
|
- name: Run integration test 4 - output format
|
||||||
|
# This step will never fail, but will print out rule violations as json.
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
dockerfile: testdata/warning.Dockerfile
|
||||||
|
failure-threshold: error
|
||||||
|
format: json
|
||||||
|
|
||||||
|
- name: Run integration test 5 - output format
|
||||||
|
# This step will never fail, but will print out rule violations.
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
dockerfile: testdata/warning.Dockerfile
|
||||||
|
config: testdata/hadolint.yaml
|
||||||
|
|
||||||
|
#- name: Run integration test 6 - output to file
|
||||||
|
# # This step will never fail, but will print out rule violations.
|
||||||
|
# uses: ./
|
||||||
|
# with:
|
||||||
|
# dockerfile: testdata/warning.Dockerfile
|
||||||
|
# format: sarif
|
||||||
|
# output-file: report.sarif
|
||||||
|
|
||||||
release:
|
release:
|
||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
|
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
|
||||||
name: Release
|
name: Release
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
needs: integration
|
needs: integration-tests
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v2
|
||||||
- name: Semantic Release
|
- uses: cycjimmy/semantic-release-action@v2
|
||||||
uses: brpaz/action-semantic-release@master
|
with:
|
||||||
|
extra_plugins: |
|
||||||
|
@semantic-release/git
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||||
|
|||||||
+2
-2
@@ -1,6 +1,6 @@
|
|||||||
FROM hadolint/hadolint:v1.17.5-alpine
|
FROM hadolint/hadolint:v2.9.3-debian
|
||||||
|
|
||||||
COPY LICENSE README.md /
|
COPY LICENSE README.md problem-matcher.json /
|
||||||
COPY hadolint.sh /usr/local/bin/hadolint.sh
|
COPY hadolint.sh /usr/local/bin/hadolint.sh
|
||||||
|
|
||||||
ENTRYPOINT [ "/usr/local/bin/hadolint.sh" ]
|
ENTRYPOINT [ "/usr/local/bin/hadolint.sh" ]
|
||||||
|
|||||||
@@ -1,26 +1,60 @@
|
|||||||
# Hadolint GitHub Action
|
# Hadolint Action
|
||||||
|
|
||||||
> Action that runs [Hadolint](https://github.com/hadolint/hadolint) Dockerfile linting tool.
|
> GitHub Action that runs [Hadolint](https://github.com/hadolint/hadolint) Dockerfile linting tool.
|
||||||
|
|
||||||
[](https://github.com/features/actions)
|
[](https://github.com/features/actions)
|
||||||
[](LICENSE)
|
[](LICENSE)
|
||||||
[](http://commitizen.github.io/cz-cli/)
|
[](http://commitizen.github.io/cz-cli/)
|
||||||
[](https://github.com/semantic-release/semantic-release?style=for-the-badge)
|
[](https://github.com/semantic-release/semantic-release?style=for-the-badge)
|
||||||
|
|
||||||
[](https://github.com/brpaz/hadolint-action/actions)
|
[](https://github.com/hadolint/hadolint-action/action)
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
Add the following step to your workflow configuration:
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
steps:
|
steps:
|
||||||
uses: brpaz/hadolint-action@master
|
- uses: actions/checkout@v2
|
||||||
|
- uses: hadolint/hadolint-action@v1.6.0
|
||||||
|
with:
|
||||||
|
dockerfile: Dockerfile
|
||||||
```
|
```
|
||||||
|
|
||||||
## Inputs
|
## Inputs
|
||||||
|
|
||||||
**`dockerfile`**
|
| Name | Description | Default |
|
||||||
|
|------------------- |------------------------------------------ |----------------- |
|
||||||
|
| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile |
|
||||||
|
| recursive | Search for specified dockerfile | false |
|
||||||
|
| | recursively, from the project root | |
|
||||||
|
| config | Custom path to a Hadolint config file | ./.hadolint.yaml |
|
||||||
|
| output-file | A sub-path where to save the | |
|
||||||
|
| | output as a file to | |
|
||||||
|
| no-color | Don't create colored output | |
|
||||||
|
| no-fail | Never fail the action | |
|
||||||
|
| verbose | Output more information | |
|
||||||
|
| format | The output format. One of [tty \| json \| | tty |
|
||||||
|
| | checkstyle \| codeclimate \| | |
|
||||||
|
| | gitlab_codeclimate \| codacy \| sarif] | |
|
||||||
|
| failure-threshold | Rule severity threshold for pipeline | info |
|
||||||
|
| | failure. One of [error \| warning \| | |
|
||||||
|
| | info \| style \| ignore] | |
|
||||||
|
| override-error | List of rules to treat with 'error' | |
|
||||||
|
| | severity | |
|
||||||
|
| override-warning | List of rules to treat with 'warning' | |
|
||||||
|
| | severity | |
|
||||||
|
| override-info | List of rules to treat with 'info' | |
|
||||||
|
| | severity | |
|
||||||
|
| override-style | List of rules to treat with 'style' | |
|
||||||
|
| | severity | |
|
||||||
|
| ignore | Space separated list of Hadolint rules to | <none> |
|
||||||
|
| | ignore. | |
|
||||||
|
| trusted-registries | List of urls of trusted registries | |
|
||||||
|
|
||||||
The path to the Dockerfile to be tested. By default it will look for a Dockerfile in the current directory.
|
## Hadolint Configuration
|
||||||
|
|
||||||
|
To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure).
|
||||||
|
|
||||||
## 🤝 Contributing
|
## 🤝 Contributing
|
||||||
|
|
||||||
@@ -32,10 +66,13 @@ Contributions are what make the open source community such an amazing place to b
|
|||||||
4. Push to the Branch (`git push origin feature/AmazingFeature`)
|
4. Push to the Branch (`git push origin feature/AmazingFeature`)
|
||||||
5. Open a Pull Request
|
5. Open a Pull Request
|
||||||
|
|
||||||
## Useful Resources
|
## 💛 Support the project
|
||||||
|
|
||||||
* [Building actions - GitHub Help](https://help.github.com/en/articles/building-actions)
|
If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive.
|
||||||
* [actions/toolkit: The GitHub ToolKit for developing GitHub Actions.](https://github.com/actions/toolkit)
|
|
||||||
|
The sinplest form of support is to give a ⭐️ to this repo.
|
||||||
|
|
||||||
|
This project was originally created by [Bruno Paz](https://github.com/sponsors/brpaz) and incorporated into the Hadolint organization. If you appreciate the work done on this action, Bruno would be happy with your [sponsorship](https://github.com/sponsors/brpaz).
|
||||||
|
|
||||||
## Author
|
## Author
|
||||||
|
|
||||||
@@ -46,6 +83,4 @@ Contributions are what make the open source community such an amazing place to b
|
|||||||
|
|
||||||
## 📝 License
|
## 📝 License
|
||||||
|
|
||||||
Copyright © 2019 [Bruno Paz](https://github.com/brpaz).
|
[MIT](LICENSE)
|
||||||
|
|
||||||
This project is [MIT](LICENSE) licensed.
|
|
||||||
|
|||||||
+85
@@ -3,13 +3,98 @@ description: 'Action that runs Hadolint Dockerfile linting tool'
|
|||||||
author: 'Bruno Paz'
|
author: 'Bruno Paz'
|
||||||
inputs:
|
inputs:
|
||||||
dockerfile:
|
dockerfile:
|
||||||
|
required: false
|
||||||
description: 'The path to the Dockerfile to lint'
|
description: 'The path to the Dockerfile to lint'
|
||||||
default: 'Dockerfile'
|
default: 'Dockerfile'
|
||||||
|
config:
|
||||||
|
required: false
|
||||||
|
description: 'Path to a config file'
|
||||||
|
default:
|
||||||
|
recursive:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
'Search for specified dockerfile recursively, from the project root'
|
||||||
|
default: 'false'
|
||||||
|
output-file:
|
||||||
|
required: false
|
||||||
|
description: 'The path where to save the linting results to'
|
||||||
|
default:
|
||||||
|
|
||||||
|
# standart hadolint options:
|
||||||
|
no-color:
|
||||||
|
required: false
|
||||||
|
description: Don't create colored output.
|
||||||
|
default: 'false'
|
||||||
|
no-fail:
|
||||||
|
required: false
|
||||||
|
description: Never exit with a failure status code
|
||||||
|
default: 'false'
|
||||||
|
verbose:
|
||||||
|
required: false
|
||||||
|
description: Print more information about the running config
|
||||||
|
default: 'false'
|
||||||
|
format:
|
||||||
|
required: false
|
||||||
|
description: |
|
||||||
|
The output format, one of [tty (default) | json | checkstyle |
|
||||||
|
codeclimate | gitlab_codeclimate | codacy | sarif]
|
||||||
|
default: 'tty'
|
||||||
|
failure-threshold:
|
||||||
|
required: false
|
||||||
|
description: |
|
||||||
|
Fail the pipeline only if rules with severity above this threshold are
|
||||||
|
violated. One of [error | warning | info (default) | style | ignore]
|
||||||
|
default: 'info'
|
||||||
|
override-error:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
'A comma separated list of rules whose severity will be `error`'
|
||||||
|
default:
|
||||||
|
override-warning:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
'A comma separated list of rules whose severity will be `warning`'
|
||||||
|
default:
|
||||||
|
override-info:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
'A comma separated list of rules whose severity will be `info`'
|
||||||
|
default:
|
||||||
|
override-style:
|
||||||
|
required: false
|
||||||
|
description:
|
||||||
|
'A comma separated list of rules whose severity will be `style`'
|
||||||
|
default:
|
||||||
|
ignore:
|
||||||
|
required: false
|
||||||
|
description: 'A comma separated string of rules to ignore'
|
||||||
|
default:
|
||||||
|
trusted-registries:
|
||||||
|
required: false
|
||||||
|
description: 'A comma separated list of trusted registry urls'
|
||||||
|
default:
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: 'docker'
|
using: 'docker'
|
||||||
image: 'Dockerfile'
|
image: 'Dockerfile'
|
||||||
args:
|
args:
|
||||||
- ${{ inputs.dockerfile }}
|
- ${{ inputs.dockerfile }}
|
||||||
|
env:
|
||||||
|
NO_COLOR: ${{ inputs.no-color }}
|
||||||
|
HADOLINT_NOFAIL: ${{ inputs.no-fail }}
|
||||||
|
HADOLINT_VERBOSE: ${{ inputs.verbose }}
|
||||||
|
HADOLINT_FORMAT: ${{ inputs.format }}
|
||||||
|
HADOLINT_FAILURE_THRESHOLD: ${{ inputs.failure-threshold }}
|
||||||
|
HADOLINT_OVERRIDE_ERROR: ${{ inputs.override-error }}
|
||||||
|
HADOLINT_OVERRIDE_WARNING: ${{ inputs.override-warning }}
|
||||||
|
HADOLINT_OVERRIDE_INFO: ${{ inputs.override-info }}
|
||||||
|
HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }}
|
||||||
|
HADOLINT_IGNORE: ${{ inputs.ignore }}
|
||||||
|
HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }}
|
||||||
|
|
||||||
|
HADOLINT_CONFIG: ${{ inputs.config }}
|
||||||
|
HADOLINT_RECURSIVE: ${{ inputs.recursive }}
|
||||||
|
HADOLINT_OUTPUT: ${{ inputs.output-file }}
|
||||||
branding:
|
branding:
|
||||||
icon: 'layers'
|
icon: 'layers'
|
||||||
color: 'purple'
|
color: 'purple'
|
||||||
|
|||||||
+47
-3
@@ -1,5 +1,49 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
echo '::add-matcher::problem-matcher.json'
|
# The problem-matcher definition must be present in the repository
|
||||||
|
# checkout (outside the Docker container running hadolint). We copy
|
||||||
|
# problem-matcher.json to the home folder.
|
||||||
|
cp /problem-matcher.json "$HOME/"
|
||||||
|
|
||||||
hadolint "$@"
|
# After the run has finished we remove the problem-matcher.json from
|
||||||
|
# the repository so we don't leave the checkout dirty. We also remove
|
||||||
|
# the matcher so it won't take effect in later steps.
|
||||||
|
cleanup() {
|
||||||
|
echo "::remove-matcher owner=brpaz/hadolint-action::"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
echo "::add-matcher::$HOME/problem-matcher.json"
|
||||||
|
|
||||||
|
if [ -n "$HADOLINT_CONFIG" ]; then
|
||||||
|
HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
|
||||||
|
unset HADOLINT_TRUSTED_REGISTRIES;
|
||||||
|
fi
|
||||||
|
|
||||||
|
OUTPUT=
|
||||||
|
if [ -n "$HADOLINT_OUTPUT" ]; then
|
||||||
|
if [ -f "$HADOLINT_OUTPUT" ]; then
|
||||||
|
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
|
||||||
|
fi
|
||||||
|
OUTPUT=" | tee $HADOLINT_OUTPUT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
FAILED=0
|
||||||
|
if [ "$HADOLINT_RECURSIVE" = "true" ]; then
|
||||||
|
shopt -s globstar
|
||||||
|
|
||||||
|
filename="${!#}"
|
||||||
|
flags="${@:1:$#-1}"
|
||||||
|
|
||||||
|
hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT || FAILED=1
|
||||||
|
else
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
hadolint $HADOLINT_CONFIG "$@" $OUTPUT || FAILED=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
|
||||||
|
|
||||||
|
exit $FAILED
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"problemMatcher": [
|
"problemMatcher": [
|
||||||
{
|
{
|
||||||
"owner": "hadolint",
|
"owner": "brpaz/hadolint-action",
|
||||||
"pattern": [
|
"pattern": [
|
||||||
{
|
{
|
||||||
"regexp": "(.*)\\:(\\d+)\\s(.*)",
|
"regexp": "(.*)\\:(\\d+)\\s(.*)",
|
||||||
|
|||||||
Vendored
+1
@@ -0,0 +1 @@
|
|||||||
|
failure-threshold: error
|
||||||
Vendored
+5
@@ -0,0 +1,5 @@
|
|||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
# info level warning expected here:
|
||||||
|
RUN echo "Hello"
|
||||||
|
RUN echo "World"
|
||||||
Vendored
+4
@@ -0,0 +1,4 @@
|
|||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
# emits an info and a warning level violation.
|
||||||
|
RUN apt-get install foo
|
||||||
Reference in New Issue
Block a user