From 110e47c1b77f2d2b55ce40e9960f06de93f76c55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20R=C3=B6hrich?= Date: Sat, 8 May 2021 13:08:16 +0200 Subject: [PATCH] hadolint: version bump to 2.4.0 - bump Hadolint version to 2.4.0 - change to debian based image - add common config options - expand integration tests for new options fixes: https://github.com/hadolint/hadolint-action/issues/5 fixes: https://github.com/hadolint/hadolint-action/issues/8 fixes: https://github.com/hadolint/hadolint-action/issues/17 fixes: https://github.com/hadolint/hadolint-action/issues/18 fixes: https://github.com/hadolint/hadolint-action/issues/31 --- .github/workflows/ci.yml | 33 ++++++++++++++++++++++++++++++++- Dockerfile | 2 +- README.md | 21 +++++++++++++++------ action.yml | 29 +++++++++++++++++++++++++++++ hadolint.sh | 11 ++++++++++- testdata/hadolint.yaml | 1 + testdata/info.Dockerfile | 5 +++++ testdata/warning.Dockerfile | 4 ++++ 8 files changed, 97 insertions(+), 9 deletions(-) create mode 100644 testdata/hadolint.yaml create mode 100644 testdata/info.Dockerfile create mode 100644 testdata/warning.Dockerfile diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 12b9ea8..3b594e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,11 +39,42 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Run integration test + - name: Run integration test 1 uses: ./ with: dockerfile: testdata/Dockerfile + - name: Run integration test 2 - ignore a rule + # This step is supposed to print out an info level rule violation + # but completely ignore the two rules listed below + uses: ./ + with: + dockerfile: testdata/warning.Dockerfile + ignore: DL3014 DL3008 + + - name: Run integration test 3 - set failure threshold + # This step will print out an info level rule violation, but not fail + # because of the high failure threshold. + uses: ./ + with: + dockerfile: testdata/info.Dockerfile + failure-threshold: warning + + - name: Run integration test 4 - output format + # This step will never fail, but will print out rule violations as json. + uses: ./ + with: + dockerfile: testdata/warning.Dockerfile + failure-threshold: error + format: json + + - name: Run integration test 4 - output format + # This step will never fail, but will print out rule violations. + uses: ./ + with: + dockerfile: testdata/warning.Dockerfile + config: testdata/hadolint.yaml + release: if: github.event_name == 'push' && github.ref == 'refs/heads/master' name: Release diff --git a/Dockerfile b/Dockerfile index 7811781..9e20d28 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM hadolint/hadolint:v2.1.0-alpine +FROM hadolint/hadolint:v2.4.0-debian COPY LICENSE README.md problem-matcher.json / COPY hadolint.sh /usr/local/bin/hadolint.sh diff --git a/README.md b/README.md index f760a6c..9276408 100644 --- a/README.md +++ b/README.md @@ -15,16 +15,25 @@ Add the following step to your workflow configuration: ```yml steps: - - uses: hadolint/hadolint-action@v1.4.0 - with: - dockerfile: Dockerfile + - uses: hadolint/hadolint-action@v1.4.0 + with: + dockerfile: Dockerfile ``` ## Inputs -| Name | Description | Default | -|------------ |----------------------------------------- |-------------- | -| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | +| Name | Description | Default | +|------------------ |------------------------------------------ |----------------- | +| dockerfile | The path to the Dockerfile to be tested | ./Dockerfile | +| format | The output format. One of [tty | json | | tty | +| | checkstyle | codeclimate | | | +| | gitlab_codeclimate] | | +| ignore | Space separated list of Hadolint rules to | | +| | ignore. | | +| config | Custom path to a Hadolint config file | ./.hadolint.yaml | +| failure-threshold | Rule severity threshold for pipeline | info | +| | failure. One of [error | warning | info | | | +| | style | ignore] | | ## Hadolint Configuration diff --git a/action.yml b/action.yml index 2a27000..e5163ab 100644 --- a/action.yml +++ b/action.yml @@ -3,13 +3,42 @@ description: 'Action that runs Hadolint Dockerfile linting tool' author: 'Bruno Paz' inputs: dockerfile: + required: false description: 'The path to the Dockerfile to lint' default: 'Dockerfile' + format: + required: false + description: | + The output format, one of [tty (default) | json | checkstyle | + codeclimate | gitlab_codeclimate ] + default: 'tty' + failure-threshold: + required: false + description: | + Fail the pipeline only if rules with severity above this threshold are + violated. One of [error | warning | info (default) | style | ignore] + default: 'info' + ignore: + required: false + description: 'A space separated string of rules to ignore' + default: + config: + required: false + description: 'Path to a config file' + default: + runs: using: 'docker' image: 'Dockerfile' args: + - -f + - ${{ inputs.format }} + - -t + - ${{ inputs.failure-threshold }} - ${{ inputs.dockerfile }} + env: + HADOLINT_CONFIG: ${{ inputs.config }} + HADOLINT_IGNORE: ${{ inputs.ignore }} branding: icon: 'layers' color: 'purple' diff --git a/hadolint.sh b/hadolint.sh index 34731f5..e74c807 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -19,4 +19,13 @@ trap cleanup EXIT echo "::add-matcher::${TMP_FOLDER}/problem-matcher.json" -hadolint "$@" +if [ -n "$HADOLINT_CONFIG" ]; then + HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}" +fi + +for i in $HADOLINT_IGNORE; do + HADOLINT_IGNORE_CMDLINE="${HADOLINT_IGNORE_CMDLINE} --ignore=${i}" +done + +# shellcheck disable=SC2086 +hadolint $HADOLINT_IGNORE_CMDLINE $HADOLINT_CONFIG "$@" diff --git a/testdata/hadolint.yaml b/testdata/hadolint.yaml new file mode 100644 index 0000000..f8cbb9d --- /dev/null +++ b/testdata/hadolint.yaml @@ -0,0 +1 @@ +failure-threshold: error diff --git a/testdata/info.Dockerfile b/testdata/info.Dockerfile new file mode 100644 index 0000000..3f9ed7c --- /dev/null +++ b/testdata/info.Dockerfile @@ -0,0 +1,5 @@ +FROM debian:buster + +# info level warning expected here: +RUN echo "Hello" +RUN echo "World" diff --git a/testdata/warning.Dockerfile b/testdata/warning.Dockerfile new file mode 100644 index 0000000..24b6d2e --- /dev/null +++ b/testdata/warning.Dockerfile @@ -0,0 +1,4 @@ +FROM debian:buster + +# emits an info and a warning level violation. +RUN apt-get install foo