From bc289f2eaa84c94cc5686b19f6e9d69696dcee46 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:51:31 +0200 Subject: [PATCH 01/15] feat: use 'set-output name=results' This will introduce a parameter with name results that holds the hadolint output. Other steps in a workflow can make use of this. Also fix an error with the piping to tee that was broken. --- hadolint.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index f0fd926..e33a516 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -23,25 +23,26 @@ if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then unset HADOLINT_TRUSTED_REGISTRIES; fi -OUTPUT= -if [ -n "$HADOLINT_OUTPUT" ]; then - if [ -f "$HADOLINT_OUTPUT" ]; then - HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" - fi - OUTPUT=" | tee $HADOLINT_OUTPUT" -fi - -FAILED=0 if [ "$HADOLINT_RECURSIVE" = "true" ]; then shopt -s globstar filename="${!#}" flags="${@:1:$#-1}" - hadolint $HADOLINT_CONFIG $flags **/$filename $OUTPUT || FAILED=1 + RESULTS=$(hadolint $HADOLINT_CONFIG $flags **/$filename) else # shellcheck disable=SC2086 - hadolint $HADOLINT_CONFIG "$@" $OUTPUT || FAILED=1 + RESULTS=$(hadolint $HADOLINT_CONFIG "$@") +fi +FAILED=$? + +echo "::set-output name=results::$RESULTS" + +if [ -n "$HADOLINT_OUTPUT" ]; then + if [ -f "$HADOLINT_OUTPUT" ]; then + HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" + fi + echo "$RESULTS" > $HADOLINT_OUTPUT fi [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 1878581f63e113f9d829e91aca18c064d776b631 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:56:25 +0200 Subject: [PATCH 02/15] chore: fix typos --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 32cdadb..a35729b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ IMAGE_NAME:=hadolint-action -lint-dockerfile: ## Runs hadoint against application dockerfile +lint-dockerfile: ## Runs hadolint against application dockerfile @docker run --rm -v "$(PWD):/data" -w "/data" hadolint/hadolint hadolint Dockerfile lint-yaml: ## Lints yaml configurations @@ -12,8 +12,8 @@ build: ## Builds the docker image test: build ## Runs a test in the image @docker run -i --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v ${PWD}:/test zemanlx/container-structure-test:v1.8.0-alpine \ test \ --image $(IMAGE_NAME) \ --config test/structure-tests.yaml From 262f40397810c1a01998430f38b17cd9a7697707 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 09:57:07 +0200 Subject: [PATCH 03/15] chore: add simple integration test --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f80523d..2d6db56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,11 +71,16 @@ jobs: - name: Run integration test 5 - output format # This step will never fail, but will print out rule violations. + id: hadolint5 uses: ./ with: dockerfile: testdata/warning.Dockerfile config: testdata/hadolint.yaml + - name: Run integration test 6 - verify results output parameter + # This step will never fail, but will print out the results from step5 + run: echo {{ steps.hadolint5.outputs.results }} + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From 0c7fcaa67b450ad5a798c9041387d29625497353 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:03:56 +0200 Subject: [PATCH 05/15] chore: typo --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2d6db56..78cbad4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo {{ steps.hadolint5.outputs.results }} + run: echo ${{ steps.hadolint5.outputs.results }} #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. From e3462c378d887a5572c5a13c7a7b4e254dcfa226 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:08:14 +0200 Subject: [PATCH 06/15] chore: quotes to not parse it by mistake --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78cbad4..5af4b0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,7 +79,7 @@ jobs: - name: Run integration test 6 - verify results output parameter # This step will never fail, but will print out the results from step5 - run: echo ${{ steps.hadolint5.outputs.results }} + run: echo "${{ steps.hadolint5.outputs.results }}" #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. From a8bbf351c01209b4ebd877e26005e8929054dcdb Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 10:31:29 +0200 Subject: [PATCH 07/15] chore: update PR with text as test of results --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5af4b0d..87d9e3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,6 +81,26 @@ jobs: # This step will never fail, but will print out the results from step5 run: echo "${{ steps.hadolint5.outputs.results }}" + - name: Update Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + with: + script: | + const output = ` + #### Hadolint: \`${{ steps.hadolint.outcome }}\` + _output from integration test 5_ + \`\`\` + ${{ steps.hadolint5.outputs.results }} + \`\`\` + `; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From 5fc1b0e2fbe6dd3e10bb58342a65dd14a3e17282 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 11:14:55 +0200 Subject: [PATCH 08/15] chore: escape backticks in results var --- hadolint.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hadolint.sh b/hadolint.sh index e33a516..c08c64b 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -36,8 +36,6 @@ else fi FAILED=$? -echo "::set-output name=results::$RESULTS" - if [ -n "$HADOLINT_OUTPUT" ]; then if [ -f "$HADOLINT_OUTPUT" ]; then HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT" @@ -45,6 +43,9 @@ if [ -n "$HADOLINT_OUTPUT" ]; then echo "$RESULTS" > $HADOLINT_OUTPUT fi +RESULTS="${RESULTS//\`/\\\`}" +echo "::set-output name=results::$RESULTS" + [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" exit $FAILED From 1dd44fc4932800c5a933bcddee6437a2750ec005 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:45:58 +0200 Subject: [PATCH 09/15] chore: fix issue with multiline strings in output Looking at [1] this should do some magic, so let's see. [1] https://github.community/t/set-output-truncates-multiline-strings/16852 --- hadolint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hadolint.sh b/hadolint.sh index c08c64b..56aa1e2 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -43,7 +43,7 @@ if [ -n "$HADOLINT_OUTPUT" ]; then echo "$RESULTS" > $HADOLINT_OUTPUT fi -RESULTS="${RESULTS//\`/\\\`}" +RESULTS="${RESULTS//$'\\n'/''}" echo "::set-output name=results::$RESULTS" [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" From 652bc66203a03ad8b31557e3e24ae3443232cd34 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:49:42 +0200 Subject: [PATCH 10/15] chore: also push results to env var --- hadolint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hadolint.sh b/hadolint.sh index 56aa1e2..cb8503a 100755 --- a/hadolint.sh +++ b/hadolint.sh @@ -46,6 +46,8 @@ fi RESULTS="${RESULTS//$'\\n'/''}" echo "::set-output name=results::$RESULTS" +{ echo "HADOLINT_RESULTS<> $GITHUB_ENV + [ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT" exit $FAILED From a78be8d38674394a7833bd45b59f37243618d966 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:52:56 +0200 Subject: [PATCH 11/15] chore: use env var --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87d9e3b..8cad972 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: #### Hadolint: \`${{ steps.hadolint.outcome }}\` _output from integration test 5_ \`\`\` - ${{ steps.hadolint5.outputs.results }} + ${process.env.HADOLINT_RESULTS} \`\`\` `; From 724e05f46b0c0a5d951dd0e3605d1abf2fffd069 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 12:57:54 +0200 Subject: [PATCH 12/15] chore: typo in step id --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cad972..311b9ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: with: script: | const output = ` - #### Hadolint: \`${{ steps.hadolint.outcome }}\` + #### Hadolint: \`${{ steps.hadolint5.outcome }}\` _output from integration test 5_ \`\`\` ${process.env.HADOLINT_RESULTS} From 2faf5c6ef4f398f4c20b20759d5b0acb13fff853 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 14:17:52 +0200 Subject: [PATCH 13/15] chore: remove createComment(), depends on githubToken scopes --- .github/workflows/ci.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 311b9ab..5af4b0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,26 +81,6 @@ jobs: # This step will never fail, but will print out the results from step5 run: echo "${{ steps.hadolint5.outputs.results }}" - - name: Update Pull Request - uses: actions/github-script@v6 - if: github.event_name == 'pull_request' - with: - script: | - const output = ` - #### Hadolint: \`${{ steps.hadolint5.outcome }}\` - _output from integration test 5_ - \`\`\` - ${process.env.HADOLINT_RESULTS} - \`\`\` - `; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) - #- name: Run integration test 6 - output to file # # This step will never fail, but will print out rule violations. # uses: ./ From d73282b64c1cb799e8cb5efd4af9834e0bd0b98e Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 14:56:53 +0200 Subject: [PATCH 14/15] chore: update readme --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index 84b3c0b..4630fdd 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,33 @@ steps: | `ignore` | Comma separated list of Hadolint rules to ignore. | | | `trusted-registries` | Comma separated list of urls of trusted registries | | +## Output + +The Action will store results in an environment variable that can be used in other steps in a workflow. + +Example to create a comment in a PR: + +``` +- name: Update Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + with: + script: | + const output = ` + #### Hadolint: \`${{ steps.hadolint5.outcome }}\` + \`\`\` + ${process.env.HADOLINT_RESULTS} + \`\`\` + `; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) +``` + ## Hadolint Configuration To configure Hadolint (for example ignore rules), you can create an `.hadolint.yaml` file in the root of your repository. Please check the Hadolint [documentation](https://github.com/hadolint/hadolint#configure). From 55991004e8a2f2476dd7c26f265828099644b503 Mon Sep 17 00:00:00 2001 From: Harm Weites Date: Thu, 31 Mar 2022 15:31:54 +0200 Subject: [PATCH 15/15] chore: spotted a little typo in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4630fdd..e2e6b74 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Example to create a comment in a PR: with: script: | const output = ` - #### Hadolint: \`${{ steps.hadolint5.outcome }}\` + #### Hadolint: \`${{ steps.hadolint.outcome }}\` \`\`\` ${process.env.HADOLINT_RESULTS} \`\`\`