Open alexgit2k opened 2 years ago
You could also use tee
to output it into several destinations without needing to re-run hadolint. That implies that tee
binary is installed on the server/docker though, now that would also output JSON into your terminal - which isn't ideal either so, you could also use jq .
> echo '{"foo": "bar"}' | tee -a file.log
{"foo": "bar"}
> cat file.log
{"foo": "bar"}
> jq . file.log
{
"foo": "bar"
}
I know it doesn't quite solve your issue, but figured you might eventually save a bit of time instead of running it several times; and those might be of interested for those who don't know them.
Interesting idea!
The two hadolint-runs only take 6 seconds including docker-start. So I think it's a lot of more work to find out the right parameters for jq to get near the default format output of hadolint.
In case maintainers don't like the idea of multiple outputs in a single run, I'm just linking an alternative approach that trivy uses now, which is a little convert
subcommand that can achieve the same without expensive repeated calls.
https://aquasecurity.github.io/trivy/v0.52/docs/configuration/reporting/#converting
Since the example above uses GitLab, this is what our current trivy setup looks like using convert to save/show multiple different formats.
lint-repo:
script:
- trivy fs --no-progress --ignore-unfixed --format json --output trivy-results.json $CI_PROJECT_DIR
- trivy convert --format template --template "@/contrib/junit.tpl" --output trivy-junit.xml trivy-results.json
- trivy convert --exit-code 1 --format table trivy-results.json
Expected behavior
When integrating Hadolint in Gitlab with the codeclimate-report (see https://github.com/hadolint/hadolint/blob/master/docs/INTEGRATION.md#gitlab-ci) the result is only displayed if
If these conditions are not met and the check fails you will not see the errors in the pipeline-output (only in the artefact which needs to be downloaded and is in JSON-Format).
Therefore it would be good, if there are additional options for output-file/format, e.g.: hadolint --ignore ... Dockerfile --file reports/hadolint-$CI_COMMIT_SHA.json --file-format gitlab_codeclimate
Actual behavior
Output is redirected to a file
hadolint Dockerfile --format gitlab_codeclimate > reports/hadolint-$CI_COMMIT_SHA.json
Steps to reproduce the behavior
See https://github.com/hadolint/hadolint/blob/master/docs/INTEGRATION.md#gitlab-ci
Workaround
Run hadlint twice: