Skip to content

1.0.69 Add ability to build containers with error_reporting #84

1.0.69 Add ability to build containers with error_reporting

1.0.69 Add ability to build containers with error_reporting #84

# Define the name of the workflow.
name: Scan Dockerfile source code files with Hadolint
# Define when the workflow should be triggered.
on:
# Trigger the workflow on the following events:
# Scan changed files in Pull Requests (diff-aware scanning).
pull_request: {}
# Trigger the workflow on-demand through the GitHub Actions interface.
workflow_dispatch: {}
# Scan mainline branches (main and development) and report all findings.
push:
branches: ["development"]
# Define the jobs that should be executed in this workflow.
jobs:
hadolint-job:
name: Hadolint GitHub Action
# Specify the runner environment. Use the latest version of Ubuntu.
runs-on: ubuntu-latest
# Define permissions for specific GitHub Actions.
permissions:
actions: read # Permission to read GitHub Actions.
contents: read # Permission to read repository contents.
security-events: write # Permission to write security events.
# Use matrix strategy to define multiple Dockerfiles to scan.
strategy:
matrix:
dockerfile:
- .build/database/Dockerfile
- .build/database_admin/Dockerfile
- .build/ldap/Dockerfile
- .build/ldap_admin/Dockerfile
- .build/www/Dockerfile
# Define the steps that should be executed in this job.
steps:
- name: Checkout code
uses: actions/checkout@v4
# Step: Checkout code
# Action to check out the code from the repository.
# This step fetches the codebase from the GitHub repository.
- name: Set Dockerfile directory name
id: set-dir-name
run: |
dir_name=$(dirname ${{ matrix.dockerfile }})
base_dir_name=$(basename $dir_name)
echo "BASEDIR=$base_dir_name" >> $GITHUB_ENV
# Step: Set Dockerfile directory name
# Extracts the directory name from the Dockerfile path and sets it as an environment variable.
- name: Run Hadolint Scan with SARIF result
uses: hadolint/hadolint-action@master
with:
dockerfile: ${{ matrix.dockerfile }}
# Specify the Dockerfile from the matrix to be scanned.
recursive: false
# Disable recursive scanning as each Dockerfile is specified directly.
output-file: hadolint-results-${{ env.BASEDIR }}.sarif
# Define the name of the SARIF format output file using the Dockerfile directory name.
no-fail: true
# Continue the workflow even if there are issues found (no-fail set to true).
format: 'sarif'
# Specify the format of the scan results, in this case, SARIF format.
failure-threshold: 'error'
# Define the threshold for failure based on severity (e.g., 'error').
- name: View Results
run: cat hadolint-results-${{ env.BASEDIR }}.sarif
- name: Upload Results to GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: hadolint-results-${{ env.BASEDIR }}.sarif
category: "Hadolint Dockerfile Scan"
if: always()
# Upload the SARIF file with scan results to the GitHub Advanced Security Dashboard.