1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
|
---
name: Hadolint
permissions: read-all
on:
workflow_call:
inputs:
output_prefix:
description: 'Prefix to add to output artifacts'
required: false
default: ''
type: string
jobs:
scan:
runs-on: [self-hosted, linux, docker]
steps:
- name: Cleanup workspace
run: sudo rm -rf ..?* .[!.]* *
- name: Checkout PR branch
uses: actions/checkout@v4
with:
path: source
- name: Pull docker image
run: docker pull hadolint/hadolint
- name: Lint
run: |
mkdir artifact
echo "Hadolint Report" \
> artifact/hadolint.txt
walk_dir () {
shopt -s nullglob dotglob
for pathname in "$1"/*; do
retVal=0
if [ -d "$pathname" ]; then
walk_dir "$pathname" || retVal=$?
if [ $retVal -ne 0 ]; then
RC=$retVal
fi
else
case "$pathname" in
*Dockerfile*|*dockerfile*)
echo "Checking $pathname"
echo "" >> artifact/hadolint.txt
echo " $pathname" \
>> artifact/hadolint.txt
echo "----------" \
>> artifact/hadolint.txt
docker run --rm \
-i --attach stderr --attach stdout \
-v $(pwd)/source:/source \
-w /source \
hadolint/hadolint \
< $pathname 2>&1 \
>> artifact/hadolint.txt \
|| retVal=$?
if [ $retVal -ne 0 ]; then
RC=$retVal
fi
esac
fi
done
return $RC
}
walk_dir "$(pwd)/source"
- name: Summarize
if: (failure())
run: |
echo '```' >> $GITHUB_STEP_SUMMARY
cat artifact/hadolint.txt \
>> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Report
if: (success() || failure())
run: |
cat artifact/hadolint.txt
- name: Record Artifacts
uses: actions/upload-artifact@v4
if: (success() || failure())
with:
name: ${{ inputs.output_prefix }}hadolint
path: artifact/*
- name: Cleanup workspace
run: sudo rm -rf ..?* .[!.]* *
|