-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI: Add hadolint validation via GitHub workflow #3761
Conversation
.github/workflows/hadolint.yml
Outdated
dockerfile: './container/webui/Dockerfile' | ||
- uses: brpaz/[email protected] | ||
with: | ||
dockerfile: './container/worker/Dockerfile' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess using our own shell style call for this could help to catch all Dockerfiles, not just the ones that are explicitly specified
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is #3 about this, so basically we could run hadolint ./container/**/Dockerfile
with container: hadolint/hadolint
. Upstream seems happy to take fixes, not sure how easy that is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but what I am suggesting is to not rely on github action specific stuff that people can not reproduce locally and also is not complete but rather use simple shell scripts that solve both points, same as in https://github.com/os-autoinst/os-autoinst/pull/1604/files#diff-1af57dc1e7a5a58067566f2787f0030953af77313ae8d5488b06f71a851640b7R11
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a totally different point. But yes, I also brought it up in a daily last week, where these points came up:
- You can see the reproducer in the PR description but by default GHAs don't advertise how to reproduce them locally.
- GHAs are nice and concise snippets which we don't have to maintain.
- Usually makefile targets are the most convenient to reproduce something locally.
So maybe what we want here is a test-containers-hadolint
target, and test-containers-compose
for #3758 respectively.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, not as straightforward as I thought, I'm getting all kinds of funny errors trying to simply translate the glob to something running in the container... but added the new target with two individual lines anyway
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have seen and understood the line
https://github.com/os-autoinst/os-autoinst/pull/1604/files#diff-1af57dc1e7a5a58067566f2787f0030953af77313ae8d5488b06f71a851640b7R11
?
Maybe you forgot to pass the current working directory into the container because the globbing works on passing paths to hadolint within the container so hadolint needs to be able to find the Dockerfile's within the container environment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seen yes, probably not understood. I get "command not found" type errors with different variations and I have no idea how the current working directory relates to the command I'm running. I assume the escaping is also different.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is more obvious to you, I'd welcome a one-line suggestion to make it work in the Makefile
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Variants including -v $(pwd):/root --workdir=/root
and $(readlink -f "$(dirname "$0")"/..):/root --workdir=/root
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I consider the best approach doing the same as in os-autoinst, so trying with #3772
Codecov Report
@@ Coverage Diff @@
## master #3761 +/- ##
==========================================
- Coverage 96.49% 96.44% -0.05%
==========================================
Files 368 368
Lines 32438 32432 -6
==========================================
- Hits 31302 31280 -22
- Misses 1136 1152 +16
Continue to review full report at Codecov.
|
2271ab9
to
8aab657
Compare
Using hadolint via GHA, locally tested like so:
See: poo#88451