A tool to validate your Dockerfiles using hadolint.
This tool has been tested against the following:
- GitHub Actions
- Travis CI
- CircleCI
- BitBucket pipelines
- Local command line
However due to the way that they are built they should work on most CICD platforms where you can run arbitrary scripts.
We provide a script which pulls the latest copy of all the CICD tools and places them in a local bin directory to allow them to be run any time locally for added validation.
on: [push, pull_request]
jobs:
build:
name: Hadolint
runs-on: ubuntu-latest
steps:
- name: Checkout the Repository
uses: actions/checkout@v4
- name: Run Hadolint
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/hadolint/master/pipeline.sh)The following environment variables can be set in order to customise the script.
| Name | Default Value | Purpose |
|---|---|---|
| INCLUDE_FILES | Unset | A comma separated list of files to include for being scanned. You can also use regex to do pattern matching. |
| EXCLUDE_FILES | Unset | A comma separated list of files to exclude from being scanned. You can also use regex to do pattern matching. |
| NO_COLOR | False | Turn off the color in the output. |
| REPORT_ONLY | False | Generate the report but do not fail the build even if an error occurred. |
| SHOW_ERRORS | True | Show the actual errors instead of just which files had errors. |
| SHOW_SKIPPED | False | Show which files are being skipped. |
If you set INCLUDE_FILES - it will skip ALL files that do not match, including anything in EXCLUDE_FILES.
You can use any combination of the above settings.
on: [push, pull_request]
jobs:
build:
name: Hadolint
runs-on: ubuntu-latest
steps:
- name: Checkout the Repository
uses: actions/checkout@v4
- name: Run Hadolint
env:
REPORT_ONLY: true
SHOW_ERRORS: true
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/hadolint/master/pipeline.sh)This is an example of the output report generated by this tool, this is the actual output from the tool running against itself.
--------------------------------------------------------------------- Stage 1: Parameters --
No parameters given
---------------------------------------------------------- Stage 2: Install Prerequisites --
[ OK ] docker pull --quiet hadolint/hadolint
------------------------------------------------ Stage 3: Run hadolint/hadolint (v2.12.1) --
[ OK ] tests/Dockerfile
------------------------------------------------------------------------- Stage 4: Report --
Total: 1, OK: 1, Failed: 0, Skipped: 0
----------------------------------------------------------------------- Stage 5: Complete --
Target files are identified using the following code:
[[ ${filename} =~ \Dockerfile$ ]]There is not magic type for Dockerfiles files so file -b is of not use for identifying the files.
