-
Notifications
You must be signed in to change notification settings - Fork 53
143 lines (126 loc) · 4.11 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
---
name: "CI"
on:
push:
branches:
- master
pull_request:
env:
TEST_IMAGE_NAME: hadolint-action:${{github.sha}}
permissions:
contents: write
issues: write # Used by Release step to update "The automated release is failing" issue
pull-requests: write # Used by ShellCheck Action to add comments on PR
jobs:
lint:
name: Lint
runs-on: ubuntu-20.04
container: pipelinecomponents/hadolint:0.10.1
steps:
- uses: actions/checkout@v3
- name: Run hadolint
run: hadolint Dockerfile
shellcheck:
name: ShellCheck
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Run ShellCheck
uses: reviewdog/[email protected]
with:
reporter: github-pr-review
fail_on_error: true
build-test:
name: Build and Test
runs-on: ubuntu-20.04
needs:
- lint
- shellcheck
steps:
- uses: actions/checkout@v3
- name: Build Docker image
run: docker build -t $TEST_IMAGE_NAME .
- name: Run Structure tests
uses: brpaz/[email protected]
with:
image: ${{ env.TEST_IMAGE_NAME }}
integration-tests:
name: Integration Tests
runs-on: ubuntu-20.04
needs: build-test
steps:
- uses: actions/checkout@v3
- name: Run integration test 1 - good Dockerfile
uses: ./
with:
dockerfile: testdata/Dockerfile
- name: Run integration test 2 - ignore a rule
# This step is supposed to print out an info level rule violation
# but completely ignore the two rules listed below
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
ignore: 'DL3014,DL3008'
no-fail: true
- name: Run integration test 3 - set failure threshold
# This step will print out an info level rule violation, but not fail
# because of the high failure threshold.
uses: ./
with:
dockerfile: testdata/info.Dockerfile
failure-threshold: warning
- name: Run integration test 4 - output format
# This step will never fail, but will print out rule violations as json.
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
failure-threshold: error
format: json
- name: Run integration test 5 - config file
# This step will never fail, but will print out rule violations
# because in config is set the error failure threshold.
id: hadolint5
uses: ./
with:
dockerfile: testdata/warning.Dockerfile
config: testdata/hadolint.yaml
- name: Run integration test 6 - verify results output parameter
# This step will never fail, but will print out the results from step5
env:
results: ${{ steps.hadolint5.outputs.results }}
run: echo "$results"
- name: Run integration test 7 - set recursive
# This step will never fail, but will print out rule violations
# for all the Dockerfiles in repository.
uses: ./
with:
dockerfile: "*Dockerfile"
failure-threshold: error
recursive: true
#- name: Run integration test 8 - output to file
# # This step will never fail, but will print out rule violations.
# uses: ./
# with:
# dockerfile: testdata/warning.Dockerfile
# format: sarif
# output-file: report.sarif
- name: Run integration test 9 - run with no Dockerfiles
# This should not fail if no Dockerfiles are found in the path
# especially if git change deletes Dockerfile
uses: testdata/test_empty_dir
with:
failure-threshold: error
recursive: true
release:
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
name: Release
runs-on: ubuntu-20.04
needs: integration-tests
steps:
- uses: actions/checkout@v2
- uses: cycjimmy/semantic-release-action@v3
with:
extra_plugins: |
@semantic-release/git
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}