-
Notifications
You must be signed in to change notification settings - Fork 63
46 lines (43 loc) · 1.34 KB
/
hadolint_check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Dockerfiles check
on:
push:
paths:
- 'dockerfiles/**/*ockerfile'
pull_request:
paths:
- 'dockerfiles/**/*ockerfile'
permissions: read-all
jobs:
hadolint_check:
runs-on: ubuntu-20.04
steps:
- name: Code checkout
uses: actions/checkout@v2
- name: Run hadolint dockerfiles check
shell: bash
run: |
set -o pipefail
has_issues=0
while IFS= read -r -d '' dockerfile
do
echo "Scanning $dockerfile"
docker run --rm -i hadolint/hadolint:latest hadolint \
--ignore DL3059 \
--ignore DL3006 \
--ignore DL3008 \
- < "$dockerfile" | tee "${dockerfile}".log || has_issues=1
grep -in proxy "$dockerfile" | tee -a "${dockerfile}".log && has_issues=1 || true
echo
name=$(echo "$dockerfile" | grep -oP '(?<=dockerfiles/).*' | tr / _)
cp "$dockerfile" "$name"
cp "$dockerfile".log "${name}.log"
done < <(find dockerfiles/ \( -name '*.dockerfile' -o -name 'Dockerfile' \) -print0)
exit "$has_issues"
- name: Collecting artifacts
uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: hadolint_results
path: |
./*.log
./*ockerfile