41 lines
1.0 KiB
YAML
41 lines
1.0 KiB
YAML
name: Docker Linter
|
|
|
|
on:
|
|
workflow_call:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
lint-docker:
|
|
name: Lint Dockerfile
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run hadolint (produce SARIF)
|
|
id: hadolint
|
|
continue-on-error: true
|
|
uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5
|
|
with:
|
|
dockerfile: ./Dockerfile
|
|
format: sarif
|
|
output-file: hadolint-results.sarif
|
|
failure-threshold: warning
|
|
|
|
- name: Upload analysis results to GitHub
|
|
if: always()
|
|
uses: github/codeql-action/upload-sarif@v4
|
|
with:
|
|
sarif_file: hadolint-results.sarif
|
|
wait-for-processing: true
|
|
category: hadolint
|
|
|
|
- name: Fail if SARIF contains warnings or errors
|
|
if: always()
|
|
run: python3 src/pkgmgr/github/check_hadolint_sarif.py hadolint-results.sarif
|