Skip to content
Docker Lint

adjust docker-lint to use hadolint #637

Sign in to view logs

adjust docker-lint to use hadolint

adjust docker-lint to use hadolint #637

Workflow file for this run

.github/workflows/docker-lint.yml at 723173b
name: Docker Lint
on:
pull_request:
# paths:
# - 'Containers/**'
push:
branches:
- main
paths:
- 'Containers/**'
permissions:
contents: read
concurrency:
group: docker-lint-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
docker-lint:
runs-on: ubuntu-latest
name: docker-lint
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install hadolint
run: |
sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint
sudo chmod +x /usr/bin/hadolint
- name: run lint
run: |
DOCKERFILES="$(find ./Containers -name Dockerfile)"
mapfile -t DOCKERFILES <<< "$DOCKERFILES"
for file in "${DOCKERFILES[@]}"; do
# DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
# DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
# DL3002 warning: Last USER should not be root
# DL3003 warning: Use WORKDIR to switch to a directory
# DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root
# DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
hadolint "$file" --ignore DL3018 --ignore DL3008 --ignore DL3002 --ignore DL3003 --ignore DL3004 --ignore DL4006 | tee -a ./hadolint.log
done
cat ./hadolint.log
if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
exit 1
fi