47 Commits

Author SHA1 Message Date
José Lorenzo Rodríguez 4b5806eb9c Merge pull request #66 from javoweb/hadolint-2.11
Upgrade hadolint to 2.12
2022-11-11 12:13:19 +01:00
José Lorenzo Rodríguez e977686583 Merge pull request #56 from mgray88/patch-1
Update usage example
2022-11-11 12:10:59 +01:00
José Lorenzo Rodríguez 67d715bb13 Merge pull request #65 from mrdoodles/fix-github-deprecations
fix: update deprecated commands
2022-11-11 12:08:51 +01:00
Gonzalo Tixilima 48c4120377 upgrade hadolint to 2.12 2022-11-11 05:52:50 -05:00
Gonzalo Tixilima e81a8de9db upgrade hadolint to 2.11 2022-11-11 01:18:35 -05:00
mrdoodles 68a2276a3c fix-github-deprecations 2022-11-08 21:33:58 +00:00
José Lorenzo Rodríguez eeab5ede16 Merge pull request #57 from offa/hadolint_2.10
Update hadolint to 2.10
2022-05-13 12:59:47 +02:00
offa 169ddcf265 Update hadolint to 2.10
Use GHCR instead of Dockerhub and a fully qualified FROM
2022-05-13 12:48:12 +02:00
Mike Gray d51839a6b5 Update usage example
"Example to create a comment in a PR" doesn't work with v2.0.0
2022-04-23 10:19:23 -04:00
José Lorenzo Rodríguez f988afea3d Merge pull request #55 from harmw/set-output
feat: expose results of hadolint to env var
2022-03-31 15:57:42 +02:00
Harm Weites 55991004e8 chore: spotted a little typo in readme 2022-03-31 15:32:03 +02:00
Harm Weites d73282b64c chore: update readme 2022-03-31 14:56:53 +02:00
Harm Weites 2faf5c6ef4 chore: remove createComment(), depends on githubToken scopes 2022-03-31 14:17:52 +02:00
Harm Weites 724e05f46b chore: typo in step id 2022-03-31 12:57:54 +02:00
Harm Weites a78be8d386 chore: use env var 2022-03-31 12:52:56 +02:00
Harm Weites 652bc66203 chore: also push results to env var 2022-03-31 12:49:42 +02:00
Harm Weites 1dd44fc493 chore: fix issue with multiline strings in output
Looking at [1] this should do some magic, so let's see.

[1] https://github.community/t/set-output-truncates-multiline-strings/16852
2022-03-31 12:45:58 +02:00
Harm Weites 5fc1b0e2fb chore: escape backticks in results var 2022-03-31 11:14:55 +02:00
Harm Weites a8bbf351c0 chore: update PR with text as test of results 2022-03-31 10:31:29 +02:00
Harm Weites e3462c378d chore: quotes to not parse it by mistake 2022-03-31 10:08:14 +02:00
Harm Weites 0c7fcaa67b chore: typo 2022-03-31 10:03:56 +02:00
Harm Weites 8ea032569b chore: empty commit to trigger ci 2022-03-31 10:01:01 +02:00
Harm Weites 262f403978 chore: add simple integration test 2022-03-31 09:57:07 +02:00
Harm Weites 1878581f63 chore: fix typos 2022-03-31 09:56:25 +02:00
Harm Weites bc289f2eaa feat: use 'set-output name=results'
This will introduce a parameter with name results that holds the
hadolint output. Other steps in a workflow can make use of this.

Also fix an error with the piping to tee that was broken.
2022-03-31 09:51:31 +02:00
José Lorenzo Rodríguez 83b3de1e17 fix example 2022-03-25 10:31:04 +01:00
José Lorenzo Rodríguez 289302ad8f Merge pull request #52 from mikenye/master
Update README.md
2022-03-25 10:28:55 +01:00
Mike Nye 89e60e4868 more info for inputs 2022-03-25 13:09:48 +08:00
Mike Nye 8a428b4815 prettify readme 2022-03-25 13:07:15 +08:00
José Lorenzo Rodríguez 0a6d062e78 disable broken test 2022-03-24 15:36:08 +01:00
José Lorenzo Rodríguez 0b08ca228d fix path 2022-03-24 15:32:24 +01:00
José Lorenzo Rodríguez 9a555bc2d4 run all tests properly 2022-03-24 15:29:17 +01:00
José Lorenzo Rodríguez e8cde77aa0 avoid failing on missing trusted registries 2022-03-24 15:28:03 +01:00
José Lorenzo Rodríguez bc86787e19 bump Hadolint version 2022-03-24 15:18:44 +01:00
José Lorenzo Rodríguez d2b4ab26ff don't fail in CI tests 2022-03-24 15:02:38 +01:00
José Lorenzo Rodríguez 2bcb99c6e2 Merge pull request #50 from paulbarton90/check_exit_status
Apply exit code to hadolint.sh
2022-03-24 14:57:38 +01:00
Paul Barton 63666e594d Apply exit code to hadolint.sh 2022-03-24 13:32:02 +00:00
José Lorenzo Rodríguez 96339c1113 Merge pull request #49 from offa/doc_inputs_typo
Fix typo in input docs
2022-03-22 13:59:30 +01:00
offa 37f399667b Fix markdown 2022-03-22 11:44:03 +01:00
offa aa70df94a2 Fix typo in inputs 2022-03-22 11:40:08 +01:00
José Lorenzo Rodríguez 0bc6199b82 upgrade to 2.9.2 2022-03-22 09:41:42 +01:00
José Lorenzo Rodríguez 070f68df71 Merge pull request #43 from m-ildefons/config-options
features: config options, saving to file, SARIF
2022-03-22 09:41:12 +01:00
José Lorenzo Rodríguez 40f98da752 Merge pull request #45 from mblottiere/fix/missing-problem-matcher
fix: missing problem-matcher
2022-03-22 09:40:46 +01:00
Matthieu Blottière 390bcfc1bc fix: attempt to fix missing problem-matcher
It uses the solution mentioned in
https://github.com/actions/toolkit/issues/305#issuecomment-585515210
2021-12-08 17:26:25 +01:00
Moritz Röhrich 98fb3f8040 features: config options, saving to file, SARIF
- Upgrade to Hadolint 2.8.0, enabling the SARIF formatter
- Expand config options to reflect more of those regularly available
  with Hadolint including `no-fail` and `failure-threshold` options
- Enable the creation of report files

Breaking change: The list of ignored rules is now comma separated and
not space separated.

fixes: #23
fixes: #36
fixes: #42
2021-11-20 12:02:12 +01:00
José Lorenzo Rodríguez 3cfc69d4b2 Merge pull request #41 from revolunet/patch-1
docs: fix example
2021-10-19 16:19:35 +02:00
Julien Bouquillon 03ff2f358b docs: fix example 2021-10-19 15:49:02 +02:00
6 changed files with 159 additions and 48 deletions
+19 -5
View File
@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-20.04
container: pipelinecomponents/hadolint:0.10.1
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Run hadolint
run: hadolint Dockerfile
@@ -23,7 +23,7 @@ jobs:
runs-on: ubuntu-20.04
needs: ["lint"]
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Build Docker image
run: docker build -t $TEST_IMAGE_NAME .
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-20.04
needs: build-test
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Run integration test 1
uses: ./
@@ -50,7 +50,8 @@ jobs:
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
ignore: DL3014 DL3008 DL3015
ignore: 'DL3014,DL3008'
no-fail: true
- name: Run integration test 3 - set failure threshold
# This step will print out an info level rule violation, but not fail
@@ -68,13 +69,26 @@ jobs:
failure-threshold: error
format: json
- name: Run integration test 4 - output format
- name: Run integration test 5 - output format
# This step will never fail, but will print out rule violations.
id: hadolint5
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
config: testdata/hadolint.yaml
- name: Run integration test 6 - verify results output parameter
# This step will never fail, but will print out the results from step5
run: echo "${{ steps.hadolint5.outputs.results }}"
#- name: Run integration test 6 - output to file
# # This step will never fail, but will print out rule violations.
# uses: ./
# with:
# dockerfile: testdata/warning.Dockerfile
# format: sarif
# output-file: report.sarif
release:
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
name: Release
+1 -1
View File
@@ -1,4 +1,4 @@
FROM hadolint/hadolint:v2.7.0-debian
FROM ghcr.io/hadolint/hadolint:v2.12.0-debian
COPY LICENSE README.md problem-matcher.json /
COPY hadolint.sh /usr/local/bin/hadolint.sh
+3 -3
View File
@@ -1,7 +1,7 @@
IMAGE_NAME:=hadolint-action
lint-dockerfile: ## Runs hadoint against application dockerfile
lint-dockerfile: ## Runs hadolint against application dockerfile
@docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile
lint-yaml: ## Lints yaml configurations
@@ -12,8 +12,8 @@ build: ## Builds the docker image
test: build ## Runs a test in the image
@docker run -i --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \
-v /var/run/docker.sock:/var/run/docker.sock \
-v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \
test \
--image $(IMAGE_NAME) \
--config test/structure-tests.yaml
+46 -16
View File
@@ -6,7 +6,6 @@
[![License](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](LICENSE)
[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg?style=for-the-badge)](http://commitizen.github.io/cz-cli/)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg?style=for-the-badge)](https://github.com/semantic-release/semantic-release?style=for-the-badge)
[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/hadolint/hadolint-action/CI?style=for-the-badge)](https://github.com/hadolint/hadolint-action/action)
## Usage
@@ -16,27 +15,57 @@ Add the following step to your workflow configuration:
```yml
steps:
- uses: actions/checkout@v2
- uses: hadolint/hadolint-action@v1.5.0
- uses: hadolint/hadolint-action@v2.1.0
with:
dockerfile: Dockerfile
```
## Inputs
| Name | Description | Default |
|------------------ |------------------------------------------ |----------------- |
| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile |
| recursive | Search for specified dockerfile | false |
| | recursively, from the project root | |
| format | The output format. One of [tty \| json \| | tty |
| | checkstyle \| codeclimate \| | |
| | gitlab_codeclimate] | |
| ignore | Space separated list of Hadolint rules to | <none> |
| | ignore. | |
| config | Custom path to a Hadolint config file | ./.hadolint.yaml |
| failure-threshold | Rule severity threshold for pipeline | info |
| | failure. One of [error \| warning \| | |
| | info \| style \| ignore] | |
| Name | Description | Default |
|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|--------------------|
| `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` |
| `recursive` | Search for specified dockerfile </br> recursively, from the project root | `false` |
| `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` |
| `output-file` | A sub-path where to save the </br> output as a file to | |
| `no-color` | Don't create colored output (`true`/`false`) | |
| `no-fail` | Never fail the action (`true`/`false`) | |
| `verbose` | Output more information (`true`/`false`) | |
| `format` | The output format. One of [`tty` \| `json` \| </br> `checkstyle` \| `codeclimate` \| </br> `gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` |
| `failure-threshold` | Rule severity threshold for pipeline </br> failure. One of [`error` \| `warning` \| </br> `info` \| `style` \| `ignore`] | `info` |
| `override-error` | Comma separated list of rules to treat with `error` severity | |
| `override-warning` | Comma separated list of rules to treat with `warning` severity | |
| `override-info` | Comma separated list of rules to treat with `info` severity | |
| `override-style` | Comma separated list of rules to treat with `style` severity | |
| `ignore` | Comma separated list of Hadolint rules to ignore. | <none> |
| `trusted-registries` | Comma separated list of urls of trusted registries | |
## Output
The Action will store results in an environment variable that can be used in other steps in a workflow.
Example to create a comment in a PR:
```
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
with:
script: |
const output = `
#### Hadolint: \`${{ steps.hadolint.outcome }}\`
\`\`\`
${process.env.HADOLINT_RESULTS}
\`\`\`
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
```
## Hadolint Configuration
@@ -51,6 +80,7 @@ Contributions are what make the open source community such an amazing place to b
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request
## 💛 Support the project
If this project was useful to you in some form, We would be glad to have your support. It will help keeping the project alive.
+61 -10
View File
@@ -6,15 +6,38 @@ inputs:
required: false
description: 'The path to the Dockerfile to lint'
default: 'Dockerfile'
config:
required: false
description: 'Path to a config file'
default:
recursive:
required: false
description: 'Search for specified dockerfile recursively, from the project root'
description:
'Search for specified dockerfile recursively, from the project root'
default: 'false'
output-file:
required: false
description: 'The path where to save the linting results to'
default:
# standart hadolint options:
no-color:
required: false
description: Don't create colored output.
default: 'false'
no-fail:
required: false
description: Never exit with a failure status code
default: 'false'
verbose:
required: false
description: Print more information about the running config
default: 'false'
format:
required: false
description: |
The output format, one of [tty (default) | json | checkstyle |
codeclimate | gitlab_codeclimate ]
codeclimate | gitlab_codeclimate | codacy | sarif]
default: 'tty'
failure-threshold:
required: false
@@ -22,28 +45,56 @@ inputs:
Fail the pipeline only if rules with severity above this threshold are
violated. One of [error | warning | info (default) | style | ignore]
default: 'info'
override-error:
required: false
description:
'A comma separated list of rules whose severity will be `error`'
default:
override-warning:
required: false
description:
'A comma separated list of rules whose severity will be `warning`'
default:
override-info:
required: false
description:
'A comma separated list of rules whose severity will be `info`'
default:
override-style:
required: false
description:
'A comma separated list of rules whose severity will be `style`'
default:
ignore:
required: false
description: 'A space separated string of rules to ignore'
description: 'A comma separated string of rules to ignore'
default:
config:
trusted-registries:
required: false
description: 'Path to a config file'
description: 'A comma separated list of trusted registry urls'
default:
runs:
using: 'docker'
image: 'Dockerfile'
args:
- -f
- ${{ inputs.format }}
- -t
- ${{ inputs.failure-threshold }}
- ${{ inputs.dockerfile }}
env:
HADOLINT_CONFIG: ${{ inputs.config }}
NO_COLOR: ${{ inputs.no-color }}
HADOLINT_NOFAIL: ${{ inputs.no-fail }}
HADOLINT_VERBOSE: ${{ inputs.verbose }}
HADOLINT_FORMAT: ${{ inputs.format }}
HADOLINT_FAILURE_THRESHOLD: ${{ inputs.failure-threshold }}
HADOLINT_OVERRIDE_ERROR: ${{ inputs.override-error }}
HADOLINT_OVERRIDE_WARNING: ${{ inputs.override-warning }}
HADOLINT_OVERRIDE_INFO: ${{ inputs.override-info }}
HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }}
HADOLINT_IGNORE: ${{ inputs.ignore }}
HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }}
HADOLINT_CONFIG: ${{ inputs.config }}
HADOLINT_RECURSIVE: ${{ inputs.recursive }}
HADOLINT_OUTPUT: ${{ inputs.output-file }}
branding:
icon: 'layers'
color: 'purple'
+29 -13
View File
@@ -1,31 +1,27 @@
#!/bin/bash
# The problem-matcher definition must be present in the repository
# checkout (outside the Docker container running hadolint). We create
# a temporary folder and copy problem-matcher.json to it and make it
# readable.
TMP_FOLDER=$(mktemp -d -p .)
cp /problem-matcher.json "${TMP_FOLDER}"
chmod -R a+rX "${TMP_FOLDER}"
# checkout (outside the Docker container running hadolint). We copy
# problem-matcher.json to the home folder.
cp /problem-matcher.json "$HOME/"
# After the run has finished we remove the problem-matcher.json from
# the repository so we don't leave the checkout dirty. We also remove
# the matcher so it won't take effect in later steps.
cleanup() {
echo "::remove-matcher owner=brpaz/hadolint-action::"
rm -rf "${TMP_FOLDER}"
}
trap cleanup EXIT
echo "::add-matcher::${TMP_FOLDER}/problem-matcher.json"
echo "::add-matcher::$HOME/problem-matcher.json"
if [ -n "$HADOLINT_CONFIG" ]; then
HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
fi
for i in $HADOLINT_IGNORE; do
HADOLINT_IGNORE_CMDLINE="${HADOLINT_IGNORE_CMDLINE} --ignore=${i}"
done
if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
unset HADOLINT_TRUSTED_REGISTRIES;
fi
if [ "$HADOLINT_RECURSIVE" = "true" ]; then
shopt -s globstar
@@ -33,8 +29,28 @@ if [ "$HADOLINT_RECURSIVE" = "true" ]; then
filename="${!#}"
flags="${@:1:$#-1}"
hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG $flags **/$filename
RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename)
else
# shellcheck disable=SC2086
hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG "$@"
RESULTS=$(hadolint $HADOLINT_CONFIG "$@")
fi
FAILED=$?
if [ -n "$HADOLINT_OUTPUT" ]; then
if [ -f "$HADOLINT_OUTPUT" ]; then
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
fi
echo "$RESULTS" > $HADOLINT_OUTPUT
fi
RESULTS="${RESULTS//$'\\n'/''}"
echo "results<<EOF" >> $GITHUB_OUTPUT
echo "${RESULTS}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
{ echo "HADOLINT_RESULTS<<EOF"; echo "$RESULTS"; echo "EOF"; } >> $GITHUB_ENV
[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
exit $FAILED