hadolint_output is empty

jbergstroem / hadolint-gh-action

A hadolint linter for github actions that provides code annotations (and more)

MIT License

12 stars 5 forks source link

hadolint_output is empty #147

Open pascalgulikers opened 8 months ago

pascalgulikers commented 8 months ago

- uses: jbergstroem/hadolint-gh-action@v1
  id: hadolint
  with:
    dockerfile: ./Dockerfile
    #output_format: sarif

- name: Debug
  shell: bash
  run: |
    echo "${{ steps.hadolint.outputs.hadolint_version }}"
    echo "${{ steps.hadolint.outputs.hadolint_gh_action_version }}"
    echo "${{ steps.hadolint.outputs.hadolint_output }}"

Produces: Run echo "2.12.0" echo "2.12.0" echo "1.12.0" echo ""

In other words: the hadolint_output output variable is empty, no matter which output_format is specified. It looks like it's being caused by: https://github.com/jbergstroem/hadolint-gh-action/blob/4683c5d968121c56e9488f204ee5002db792dd13/lib/main.sh#L52

Possible solution: change echo "hadolint_output=${OUTPUT//$'\n'/'%0A'} >> \$GITHUB_OUTPUT" to echo "hadolint_output=${OUTPUT//$'\n'/'%0A'}" >> "${GITHUB_OUTPUT}"

jbergstroem commented 8 months ago

Thanks for the bug report. Will look at it tonight!

jbergstroem commented 8 months ago

Was able to repro with the draft PR as a e2e test. Here's the problem:

++ eval hadolint --no-fail --no-color '' -f json test/fixtures/Dockerfile-warning
+++ hadolint --no-fail --no-color -f json test/fixtures/Dockerfile-warning
+ OUTPUT='[{"code":"DL3018","column":1,"file":"test/fixtures/Dockerfile-warning","level":"warning","line":3,"message":"Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`"}]'
+ echo 'hadolint_output=[{"code":"DL3018","column":1,"file":"test/fixtures/Dockerfile-warning","level":"warning","line":3,"message":"Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`"}] >> /dev/null'
hadolint_output=[{"code":"DL3018","column":1,"file":"test/fixtures/Dockerfile-warning","level":"warning","line":3,"message":"Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`"}] >> /dev/null

Note: the e2e test is incorrect as well.

jbergstroem commented 8 months ago

Been chasing this for a bit. I believe that parsing %0A (newline escaping) might have changed in github actions.

pascalgulikers commented 8 months ago

Any update on this?

jbergstroem commented 8 months ago

Any update on this?

Been busy with work; will make an re-attempt at the fix this week. Sorry for the delay.

pascalgulikers commented 7 months ago

Sorry, is there any update on this?