search

hadolint / hadolint-action

GitHub action for Hadolint, A Dockerfile linting tool
MIT License
194 stars 52 forks source link

How do I run multiple files #3

Open lukewiwa opened 4 years ago

lukewiwa commented 4 years ago

Locally I can run something like this hadolint docker/**/*Dockerfile to capture all the dockerfiles in a directory but that doesn't seem to work in the pipeline.

Any suggestions?

brpaz commented 4 years ago

Hi. I didn't knew this was possible. This action simply passes the contents of the "dockerfile" action variable as an argument to the hadolint command so I guess it should work.

What error do you got?

justinas-marozas commented 4 years ago

I'm dealing with the same issue. Hadolint accepts both a glob and a list of filepaths and trying either in a github action end up with an error:

hadolint: ./**/Dockerfile: openBinaryFile: does not exist (No such file or directory)

OR

hadolint: ./a/Dockerfile ./b/Dockerfile ./c/Dockerfile: openBinaryFile: does not exist (No such file or directory)

One workaround I've found is to use the hadolint docker image in a steps.run like this:

jobs:

  lint_dockerfiles:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Lint Dockerfiles
      run: docker run --rm -v $(pwd):/repo -i hadolint/hadolint sh -c "cd /repo && hadolint ./**/Dockerfile"
brpaz commented 4 years ago

This action just use the hadolint command as entrypoint. It supports a input argument "dockerfile" that is passed as single argument to the command.

While this was meant to be a path to a single Dockerfile, passing a glob should work I guess.

Something like this:

     uses: brpaz/hadolint-action@master
      with:
         dockerfile:  "docker/**/*Dockerfile"

Unless the way GitHub parses arguments is doing something that makes it not working.

Anyway, PRs are welcome. I only ever used hadolint with a single line myself

timbru31 commented 4 years ago

Unless the way GitHub parses arguments is doing something that makes it not working.

That seems the case ;) - like Justinaz already stated, globs are resulting in openBinaryFile: does not exist (No such file or directory).

Edit:
I assume this is a limitation of using Docker and pipiing the input. It won't work that way either:

$ docker run --rm -i hadolint/hadolint hadolint - < "./**/Dockerfile"
bash: ./**/Dockerfile: No such file or directory
lukewiwa commented 4 years ago

Honestly for multiple files I just went and did it from scratch using the hadolint container. Here's a github actions yaml snippet:

  docker:
    runs-on: ubuntu-latest

    container: hadolint/hadolint

    steps:
      - uses: actions/checkout@v2
      - name: hadolint
        run: hadolint ./**/*Dockerfile
mloskot commented 3 years ago

@lukewiwa Do you still use your solution from https://github.com/hadolint/hadolint-action/issues/3#issuecomment-646366920 ? I tried it verbatim with the latest hadolint container and it failed for me:

Starting job container
  /usr/bin/docker pull hadolint/hadolint
  Using default tag: latest
  latest: Pulling from hadolint/hadolint
  4fc54f9b225a: Pulling fs layer
  4fc54f9b225a: Verifying Checksum
  4fc54f9b225a: Download complete
  4fc54f9b225a: Pull complete
  Digest: sha256:5bd624ce29f153036a3b03083af66f9ac040d2cb0673b2b4785394425e66f10b
  Status: Downloaded newer image for hadolint/hadolint:latest
  docker.io/hadolint/hadolint:latest
  /usr/bin/docker create --name 4949b719bd154b7681ce88e7bd783ca6_hadolinthadolint_39fe7c --label 5588e4 --workdir /__w/docker-images/docker-images --network github_network_33f62ade6b72421bbaf6fabd14b8b2d6  -e "HOME=/github/home" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work":"/__w" -v "/home/runner/runners/2.277.1/externals":"/__e":ro -v "/home/runner/work/_temp":"/__w/_temp" -v "/home/runner/work/_actions":"/__w/_actions" -v "/opt/hostedtoolcache":"/__t" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" --entrypoint "tail" hadolint/hadolint "-f" "/dev/null"
  58579c5762e83e9ea0a1f98fc6a575bb3a5d474d1b7af65a461b3547940d3513
  /usr/bin/docker start 58579c5762e83e9ea0a1f98fc6a575bb3a5d474d1b7af65a461b3547940d3513
  Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "tail": executable file not found in $PATH: unknown
  Error: failed to start containers: 58579c5762e83e9ea0a1f98fc6a575bb3a5d474d1b7af65a461b3547940d3513
  Error: Docker start fail with exit code 1
mloskot commented 3 years ago

@justinas-marozas Do you still use your solution from https://github.com/hadolint/hadolint-action/issues/3#issuecomment-635424476 ?

It looks like the hadolint container changed, stripping everything but hadolint executable:

docker run --rm -i -v $(pwd):/repo hadolint/hadolint sh -c "cd /repo && hadolint ./**/Dockerfile"
docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "sh": executable file not found in $PATH: unknown.
docker run --rm -i -v $(pwd):/repo hadolint/hadolint bash -c "cd /repo && hadolint ./**/Dockerfile"
docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: exec: "bash": executable file not found in $PATH: unknown.

It also looks like hadolint command line changed and it only accepts single file, as this works fine:

docker run --rm -i -v $(pwd):/repo hadolint/hadolint hadolint /repo/Dockerfile

but this does not

docker run --rm -i -v $(pwd):/repo hadolint/hadolint hadolint /repo/**/Dockerfile
hadolint: /repo/**/Dockerfile: openBinaryFile: does not exist (No such file or directory)
lorenzo commented 3 years ago

I think the action needs to be changed so that it uses debian based image. @mloskot would you like to contribute this feature?

mloskot commented 3 years ago

@lorenzo Aha! I confess, as end-user and as I aimed for the container and not installation, I have not read further than just the https://github.com/hadolint/hadolint#how-to-use section Thanks!

lukewiwa commented 3 years ago

@mloskot I confess I got the same error and moved on to using this https://github.com/marketplace/actions/hadolint-github-action

GSvensk commented 3 years ago

Debian or alpine images are needed to get a shell. https://github.com/hadolint/hadolint/issues/611

Change the tag to get the correct image.

  lint:
    runs-on: ubuntu-latest
    container: hadolint/hadolint:latest-debian
    steps:
    - uses: actions/checkout@v2
    - name: hadolint
      run: hadolint ./**/*Dockerfile*
paulbarton90 commented 2 years ago

It appears the way you can get it to scan some of the files recursively is with the below configuration in your action. This should be the same as running it with hadolint **/Dockerfile locally.

  lint-docker:
    runs-on: ubuntu-latest
    env:
      HADOLINT_RECURSIVE: "true"
    steps:
      - uses: actions/checkout@v3
      - name: Lint dockerfiles
        uses: hadolint/hadolint-action@v2.0.0
        with:
          dockerfile: "Dockerfile"
mvs5465 commented 1 year ago

@paulbarton90 's solution worked for us

    env:
      HADOLINT_RECURSIVE: "true"
    steps:
      - name: Run Hadolint
        uses: hadolint/hadolint-action@v2.0.0
        with:
          recursive: true