From a17195f03eccfa4994f0a3c2b53175d4b70de259 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Thu, 19 Jan 2023 20:09:05 +0100 Subject: [PATCH 1/3] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#1) --- .github/workflows/ci.yml | 36 +++++++++++++++++++++++++++++++----- README.md | 8 ++++---- hadolint.sh | 26 +++++++++++++++----------- 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba3bfb3..c2f9eb5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,10 +18,24 @@ jobs: - name: Run hadolint run: hadolint Dockerfile + shellcheck: + name: ShellCheck + runs-on: ubuntu-20.04 + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v3 + - name: Run ShellCheck + uses: reviewdog/action-shellcheck@v1.16.0 + with: + reporter: github-pr-review + fail_on_error: true + build-test: name: Build and Test runs-on: ubuntu-20.04 - needs: ["lint"] + needs: [ "lint", "shellcheck" ] steps: - uses: actions/checkout@v3 - name: Build Docker image @@ -69,8 +83,9 @@ jobs: failure-threshold: error format: json - - name: Run integration test 5 - output format - # This step will never fail, but will print out rule violations. + - name: Run integration test 5 - config file + # This step will never fail, but will print out rule violations + # because in config is set the error failure threshold. id: hadolint5 uses: ./ with: @@ -79,9 +94,20 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo "${{ steps.hadolint5.outputs.results }}" + env: + results: ${{ steps.hadolint5.outputs.results }} + run: echo "$results" - #- name: Run integration test 6 - output to file + - name: Run integration test 7 - set recursive + # This step will never fail, but will print out rule violations + # for all the Dockerfiles in repository. + uses: ./ + with: + dockerfile: "*Dockerfile" + failure-threshold: error + recursive: true + + #- name: Run integration test 8 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ # with: diff --git a/README.md b/README.md index 3e3809e..7dade9b 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,10 @@ steps: | `dockerfile` | The path to the Dockerfile to be tested | `./Dockerfile` | | `recursive` | Search for specified dockerfile
recursively, from the project root | `false` | | `config` | Custom path to a Hadolint config file | `./.hadolint.yaml` | -| `output-file` | A sub-path where to save the
output as a file to | | -| `no-color` | Don't create colored output (`true`/`false`) | | -| `no-fail` | Never fail the action (`true`/`false`) | | -| `verbose` | Output more information (`true`/`false`) | | +| `output-file` | A sub-path where to save the
output as a file to | `/dev/stdout` | +| `no-color` | Don't create colored output (`true`/`false`) | `false` | +| `no-fail` | Never fail the action (`true`/`false`) | `false` | +| `verbose` | Output more information (`true`/`false`) | `false` | | `format` | The output format. One of [`tty` \| `json` \|
`checkstyle` \| `codeclimate` \|
`gitlab_codeclimate` \| `codacy` \| `sarif`] | `tty` | | `failure-threshold` | Rule severity threshold for pipeline
failure. One of [`error` \| `warning` \|
`info` \| `style` \| `ignore`] | `info` | | `override-error` | Comma separated list of rules to treat with `error` severity | | diff --git a/hadolint.sh b/hadolint.sh index 4231068..d0024ff 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -1,13 +1,16 @@ #!/bin/bash - # The problem-matcher definition must be present in the repository # checkout (outside the Docker container running hadolint). We copy # problem-matcher.json to the home folder. -cp /problem-matcher.json "$HOME/" +PROBLEM_MATCHER_FILE="/problem-matcher.json" +if [ -f "$PROBLEM_MATCHER_FILE" ]; then + cp "$PROBLEM_MATCHER_FILE" "$HOME/" +fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. +# shellcheck disable=SC2317 cleanup() { echo "::remove-matcher owner=brpaz/hadolint-action::" } @@ -23,16 +26,19 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi +COMMAND="hadolint $HADOLINT_CONFIG" + if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${@:1:$#-1}" - RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) + flags="${*:1:$#-1}" + + RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") else - # shellcheck disable=SC2086 - RESULTS=$(hadolint $HADOLINT_CONFIG "$@") + flags=$* + RESULTS=$(eval "$COMMAND" "$flags") fi FAILED=$? @@ -40,16 +46,14 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > $HADOLINT_OUTPUT + echo "$RESULTS" > "$HADOLINT_OUTPUT" fi RESULTS="${RESULTS//$'\\n'/''}" -echo "results<> $GITHUB_OUTPUT -echo "${RESULTS}" >> $GITHUB_OUTPUT -echo "EOF" >> $GITHUB_OUTPUT +{ echo "results<> "$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> $GITHUB_ENV +{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 726b0bb29856ca7d00bd951f318365100bac8382 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Thu, 19 Jan 2023 20:16:51 +0100 Subject: [PATCH 2/3] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#2) --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c2f9eb5..3acd3eb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -120,6 +120,8 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: integration-tests + permissions: + contents: write steps: - uses: actions/checkout@v2 - uses: cycjimmy/semantic-release-action@v3 From 218bc411d78ba9386a35739e173a7065f400adb8 Mon Sep 17 00:00:00 2001 From: Viacheslav Kudinov Date: Fri, 20 Jan 2023 09:55:56 +0100 Subject: [PATCH 3/3] Fix of ShellCheck and doc update. Int testing updates. Added ShellCheck action. (#3) Co-authored-by: OCP4 migration script --- .github/workflows/ci.yml | 10 +++++----- hadolint.sh | 21 ++++++++++++++------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3acd3eb..54763d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,11 @@ on: env: TEST_IMAGE_NAME: hadolint-action:${{github.sha}} +permissions: + contents: write + issues: write # Used by Release step to update "The automated release is failing" issue + pull-requests: write # Used by ShellCheck Action to add comments on PR + jobs: lint: name: Lint @@ -21,9 +26,6 @@ jobs: shellcheck: name: ShellCheck runs-on: ubuntu-20.04 - permissions: - contents: read - pull-requests: write steps: - uses: actions/checkout@v3 - name: Run ShellCheck @@ -120,8 +122,6 @@ jobs: name: Release runs-on: ubuntu-20.04 needs: integration-tests - permissions: - contents: write steps: - uses: actions/checkout@v2 - uses: cycjimmy/semantic-release-action@v3 diff --git a/hadolint.sh b/hadolint.sh index d0024ff..d28035d 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -5,14 +5,14 @@ PROBLEM_MATCHER_FILE="/problem-matcher.json" if [ -f "$PROBLEM_MATCHER_FILE" ]; then - cp "$PROBLEM_MATCHER_FILE" "$HOME/" + cp "$PROBLEM_MATCHER_FILE" "$HOME/" fi # After the run has finished we remove the problem-matcher.json from # the repository so we don't leave the checkout dirty. We also remove # the matcher so it won't take effect in later steps. # shellcheck disable=SC2317 cleanup() { - echo "::remove-matcher owner=brpaz/hadolint-action::" + echo "::remove-matcher owner=brpaz/hadolint-action::" } trap cleanup EXIT @@ -23,7 +23,7 @@ if [ -n "$HADOLINT_CONFIG" ]; then fi if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then - unset HADOLINT_TRUSTED_REGISTRIES; + unset HADOLINT_TRUSTED_REGISTRIES fi COMMAND="hadolint $HADOLINT_CONFIG" @@ -32,7 +32,6 @@ if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" - flags="${*:1:$#-1}" RESULTS=$(eval "$COMMAND $flags" -- **/"$filename") @@ -46,14 +45,22 @@ if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" fi - echo "$RESULTS" > "$HADOLINT_OUTPUT" + echo "$RESULTS" >"$HADOLINT_OUTPUT" fi RESULTS="${RESULTS//$'\\n'/''}" -{ echo "results<> "$GITHUB_OUTPUT" +{ + echo "results<>"$GITHUB_OUTPUT" -{ echo "HADOLINT_RESULTS<> "$GITHUB_ENV" +{ + echo "HADOLINT_RESULTS<>"$GITHUB_ENV" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"