From 10e833c454420a2972713c67fb043f3ea7307930 Mon Sep 17 00:00:00 2001 From: rhysd Date: Sat, 25 May 2024 21:00:04 +0900 Subject: [PATCH] fix `ghcr.io/` and `docker.io` Docker images are not allowed at `image` in action.yml (Fix #428) --- rule_action.go | 9 ++++++++- .../local_docker_action/ok_docker_docker.io/action.yaml | 7 +++++++ .../local_docker_action/ok_docker_ghcr.io/action.yaml | 7 +++++++ .../projects/local_docker_action/workflows/test.yaml | 2 ++ 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 testdata/projects/local_docker_action/ok_docker_docker.io/action.yaml create mode 100644 testdata/projects/local_docker_action/ok_docker_ghcr.io/action.yaml diff --git a/rule_action.go b/rule_action.go index 51f12ea7f..51e7f512f 100644 --- a/rule_action.go +++ b/rule_action.go @@ -284,6 +284,13 @@ var BrandingIcons = map[string]struct{}{ "zoom-out": {}, } +// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsimage +func isImageOnDockerRegistry(image string) bool { + return strings.HasPrefix(image, "docker://") || + strings.HasPrefix(image, "ghcr.io/") || + strings.HasPrefix(image, "docker.io/") +} + // RuleAction is a rule to check running action in steps of jobs. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses type RuleAction struct { @@ -423,7 +430,7 @@ func (rule *RuleAction) checkRunsFileExists(file, dir, prop, name string, pos *P func (rule *RuleAction) checkLocalDockerActionRuns(r *ActionMetadataRuns, dir, name string, pos *Pos) { if r.Image == "" { rule.missingRunsProp(pos, "image", "Docker", name, dir) - } else if !strings.HasPrefix(r.Image, "docker://") { + } else if !isImageOnDockerRegistry(r.Image) { rule.checkRunsFileExists(r.Image, dir, "image", name, pos) if filepath.Base(filepath.FromSlash(r.Image)) != "Dockerfile" { rule.Errorf(pos, `the local file %q referenced from "image" key must be named "Dockerfile" in %q action. the action is defined at %q`, r.Image, name, dir) diff --git a/testdata/projects/local_docker_action/ok_docker_docker.io/action.yaml b/testdata/projects/local_docker_action/ok_docker_docker.io/action.yaml new file mode 100644 index 000000000..f0ffbb648 --- /dev/null +++ b/testdata/projects/local_docker_action/ok_docker_docker.io/action.yaml @@ -0,0 +1,7 @@ +name: 'Docker action' +author: 'rhysd ' +description: 'Correct Docker action' + +runs: + using: 'docker' + image: 'docker.io/rhysd/actionlint:latest' diff --git a/testdata/projects/local_docker_action/ok_docker_ghcr.io/action.yaml b/testdata/projects/local_docker_action/ok_docker_ghcr.io/action.yaml new file mode 100644 index 000000000..799e4a90c --- /dev/null +++ b/testdata/projects/local_docker_action/ok_docker_ghcr.io/action.yaml @@ -0,0 +1,7 @@ +name: 'Docker action' +author: 'rhysd ' +description: 'Correct Docker action' + +runs: + using: 'docker' + image: 'ghcr.io/rhysd/actionlint:latest' diff --git a/testdata/projects/local_docker_action/workflows/test.yaml b/testdata/projects/local_docker_action/workflows/test.yaml index f28fabab4..7d3aabfe1 100644 --- a/testdata/projects/local_docker_action/workflows/test.yaml +++ b/testdata/projects/local_docker_action/workflows/test.yaml @@ -12,3 +12,5 @@ jobs: - uses: ./missing_files - uses: ./ok_dockerfile_subdir - uses: ./invalid_dockerfile + - uses: ./ok_docker_ghcr.io + - uses: ./ok_docker_docker.io