From b6633ec292d288db36de6e7d68e525bb129492c3 Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Tue, 26 Apr 2022 22:00:20 -0700 Subject: [PATCH 1/3] Add starter workflow for hadolint --- code-scanning/hadolint.yml | 46 ++++++ .../properties/hadolint.properties.json | 6 + icons/hadolint.svg | 131 ++++++++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 code-scanning/hadolint.yml create mode 100644 code-scanning/properties/hadolint.properties.json create mode 100644 icons/hadolint.svg diff --git a/code-scanning/hadolint.yml b/code-scanning/hadolint.yml new file mode 100644 index 0000000..f941b95 --- /dev/null +++ b/code-scanning/hadolint.yml @@ -0,0 +1,46 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# hadoint is a Dockerfile linter written in Haskell +# that helps you build best practice Docker images. +# More details at https://github.com/hadolint/hadolint + +name: Hadolint + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + hadolint: + name: Run hadolint scanning + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Run hado-lint + uses: hadolint/hadolint-action@v2.1.0 + with: + dockerfile: ./Dockerfile + format: sarif + output-file: hadolint-results.sarif + no-fail: true + + - name: Upload analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: hadolint-results.sarif + wait-for-processing: true \ No newline at end of file diff --git a/code-scanning/properties/hadolint.properties.json b/code-scanning/properties/hadolint.properties.json new file mode 100644 index 0000000..b4f7141 --- /dev/null +++ b/code-scanning/properties/hadolint.properties.json @@ -0,0 +1,6 @@ +{ + "name": "Haskell Dockerfile Linter", + "description": "A smarter Dockerfile linter that helps you build best practice Docker images.", + "iconName": "hadolint", + "categories": ["Code Scanning", "Dockerfile"] +} \ No newline at end of file diff --git a/icons/hadolint.svg b/icons/hadolint.svg new file mode 100644 index 0000000..048b86c --- /dev/null +++ b/icons/hadolint.svg @@ -0,0 +1,131 @@ + + + + From ee2bbcf8d8f90b72461d884114f1f2f427779fb1 Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Mon, 2 May 2022 01:53:59 -0700 Subject: [PATCH 2/3] update step name --- code-scanning/hadolint.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/code-scanning/hadolint.yml b/code-scanning/hadolint.yml index f941b95..fbbf914 100644 --- a/code-scanning/hadolint.yml +++ b/code-scanning/hadolint.yml @@ -27,11 +27,12 @@ jobs: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + steps: - name: Checkout code uses: actions/checkout@v3 - - name: Run hado-lint + - name: Run hadolint uses: hadolint/hadolint-action@v2.1.0 with: dockerfile: ./Dockerfile From fc57d752748ceaef22641be7fa94b6a17e691e13 Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Mon, 9 May 2022 11:16:42 -0700 Subject: [PATCH 3/3] use action commitment sha --- code-scanning/hadolint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/hadolint.yml b/code-scanning/hadolint.yml index fbbf914..2f554e4 100644 --- a/code-scanning/hadolint.yml +++ b/code-scanning/hadolint.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@v3 - name: Run hadolint - uses: hadolint/hadolint-action@v2.1.0 + uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183 with: dockerfile: ./Dockerfile format: sarif