Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #80 no Dockerfile in any directory or subdirectory #84

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
35 changes: 32 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
name: "CI"
on:
push:
Expand Down Expand Up @@ -37,7 +38,9 @@ jobs:
build-test:
name: Build and Test
runs-on: ubuntu-20.04
needs: [ "lint", "shellcheck" ]
needs:
- lint
- shellcheck
steps:
- uses: actions/checkout@v3
- name: Build Docker image
Expand All @@ -55,7 +58,7 @@ jobs:
steps:
- uses: actions/checkout@v3

- name: Run integration test 1
- name: Run integration test 1 - good Dockerfile
uses: ./
with:
dockerfile: testdata/Dockerfile
Expand Down Expand Up @@ -100,7 +103,7 @@ jobs:
results: ${{ steps.hadolint5.outputs.results }}
run: echo "$results"

- name: Run integration test 7 - set recursive
- name: Run integration test 7 - set recursive matching *Dockerfile (warning/info)
# This step will never fail, but will print out rule violations
# for all the Dockerfiles in repository.
uses: ./
Expand All @@ -117,6 +120,32 @@ jobs:
# format: sarif
# output-file: report.sarif

- name: Run integration test 9 - set recursive with one matching file (good)
# This step will never fail, but will print out rule violations
# for all the Dockerfiles in repository.
uses: ./
with:
dockerfile: "*Dockerfile"
recursive: true
working-directory: testdata/test_good_single_file/

- name: Run integration test 10 - set recursive with non-matching files
# This step will never fail, but will print out rule violations
# for all the Dockerfiles in repository.
uses: ./
with:
dockerfile: "*Dockerfile_non_existent"
recursive: true

- name: Run integration test 11 - run with no Dockerfiles
# This should not fail if no Dockerfiles are found in the path
# especially if git change deletes Dockerfile
uses: ./
with:
dockerfile: "*Dockerfile"
recursive: true
working-directory: testdata/test_empty_dir/

release:
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
name: Release
Expand Down
35 changes: 23 additions & 12 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,12 +1,23 @@
- repo: local
hooks:
- id: lint-dockerfile
name: Lint Dockerfile
entry: make lint-dockerfile
language: system
files: \.yml$
- id: lint-yaml
name: Lint YAML
entry: make lint-yaml
language: system
files: \.yml$
---
repos:
- repo: local
hooks:
- id: lint-dockerfile
name: Lint Dockerfile
entry: make lint-dockerfile
language: system
files: \.yml$

- id: lint-yaml
name: Lint YAML
entry: make lint-yaml
language: system
files: \.yml$
- repo: https://github.com/adrienverge/yamllint
rev: v1.33.0
hooks:
- id: yamllint
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.9.0
hooks:
- id: shellcheck
2 changes: 2 additions & 0 deletions .yamllint → .yamllint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,5 @@ rules:
max: 80
level: warning
document-start: disable
truthy:
level: warning
5 changes: 5 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,10 @@ inputs:
required: false
description: 'A comma separated list of trusted registry urls'
default:
working-directory:
required: false
description: 'Path where you want to start scanning for Dockerfiles'
default:

runs:
using: 'docker'
Expand All @@ -91,6 +95,7 @@ runs:
HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }}
HADOLINT_IGNORE: ${{ inputs.ignore }}
HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }}
HADOLINT_WORKING_DIRECTORY: ${{ inputs.working-directory }}

HADOLINT_CONFIG: ${{ inputs.config }}
HADOLINT_RECURSIVE: ${{ inputs.recursive }}
Expand Down
74 changes: 54 additions & 20 deletions hadolint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,22 @@
# checkout (outside the Docker container running hadolint). We copy
# problem-matcher.json to the home folder.

# unset certain env vars to empty values
RESULTS=''
# shellcheck disable=SC2034
HADOLINT_RESULTS=''

# disable cheks for undefined env vars, in here mostly githu env vars
# shellcheck disable=SC2154

if [[ -n "${HADOLINT_WORKING_DIRECTORY}" ]]; then
cd "${HADOLINT_WORKING_DIRECTORY}" \
|| { echo "Error: failed to change path to ${HADOLINT_WORKING_DIRECTORY}, check if exists, if is a directory directory permissions etc"; exit 1; }
fi

PROBLEM_MATCHER_FILE="/problem-matcher.json"
if [ -f "$PROBLEM_MATCHER_FILE" ]; then
cp "$PROBLEM_MATCHER_FILE" "$HOME/"
if [[ -f "${PROBLEM_MATCHER_FILE}" ]]; then
cp "${PROBLEM_MATCHER_FILE}" "${HOME}/"
fi
# After the run has finished we remove the problem-matcher.json from
# the repository so we don't leave the checkout dirty. We also remove
Expand All @@ -16,52 +29,73 @@ cleanup() {
}
trap cleanup EXIT

echo "::add-matcher::$HOME/problem-matcher.json"
echo "::add-matcher::${HOME}/problem-matcher.json"

if [ -n "$HADOLINT_CONFIG" ]; then
if [[ -n "${HADOLINT_CONFIG}" ]]; then
HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
fi

if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
if [[ -z "${HADOLINT_TRUSTED_REGISTRIES}" ]]; then
unset HADOLINT_TRUSTED_REGISTRIES
fi

COMMAND="hadolint $HADOLINT_CONFIG"
COMMAND="hadolint ${HADOLINT_CONFIG}"

if [ "$HADOLINT_RECURSIVE" = "true" ]; then
if [[ "${HADOLINT_RECURSIVE}" = "true" ]]; then
shopt -s globstar

filename="${!#}"
flags="${*:1:$#-1}"

RESULTS=$(eval "$COMMAND $flags" -- **/"$filename")
files_found=false
# try to find files to scan but do not end with eror if no files found
# notice that $filename can contain glob char so we add exception here
# shellcheck disable=SC2231
for file in **/${filename}
do
if [[ -e "${file}" ]]
then
files_found=true
break
fi
done

if [[ "${files_found}" = "true" ]]; then
# notice that $filename can contain glob char so we add exception here
# shellcheck disable=SC2086,SC2231,SC2248
RESULTS=$(eval "${COMMAND} ${flags}" -- **/${filename})
else
RESULTS=''
echo "No Dockerfiles detected, skipping processing";
fi

else
flags=$*
RESULTS=$(eval "$COMMAND" "$flags")
RESULTS=$(eval "${COMMAND}" "${flags}")
fi
FAILED=$?

if [ -n "$HADOLINT_OUTPUT" ]; then
if [ -f "$HADOLINT_OUTPUT" ]; then
HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
if [[ -n "${HADOLINT_OUTPUT}" ]]; then
if [[ -f "${HADOLINT_OUTPUT}" ]]; then
HADOLINT_OUTPUT="${TMP_FOLDER}/${HADOLINT_OUTPUT}"
fi
echo "$RESULTS" >"$HADOLINT_OUTPUT"
echo "${RESULTS}" >"${HADOLINT_OUTPUT}"
fi

RESULTS="${RESULTS//$'\\n'/''}"

{
echo "results<<EOF"
echo "$RESULTS"
echo "${RESULTS}"
echo "EOF"
} >>"$GITHUB_OUTPUT"
} >>"${GITHUB_OUTPUT}"

{
echo "HADOLINT_RESULTS<<EOF"
echo "$RESULTS"
echo "${RESULTS}"
echo "EOF"
} >>"$GITHUB_ENV"
} >>"${GITHUB_ENV}"

[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
[[ -z "${HADOLINT_OUTPUT}" ]] || echo "Hadolint output saved to: ${HADOLINT_OUTPUT}"

exit $FAILED
# shellcheck disable=SC2248
exit ${FAILED}
4 changes: 4 additions & 0 deletions testdata/test_empty_dir/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
This directory is intentionally empty.

It is used by the test suite to verify that hadolint action is not executed
if processed directory does not contain any Dockerfile.
3 changes: 3 additions & 0 deletions testdata/test_good_single_file/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
FROM alpine:3.10

RUN echo "Hello"