php-toolbox/.github/workflows/hadolint.yml at main · devdrops/php-toolbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# hadoint is a Dockerfile linter written in Haskell
# that helps you build best practice Docker images.
# More details at https://github.com/hadolint/hadolint

name: Hadolint

on:
  push:
    branches: [ "main" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "main" ]
  schedule:
    - cron: '44 14 * * 3'

permissions:
  contents: read

jobs:
  hadolint-74:
    name: Run hadolint scanning for 7.4
    runs-on: ubuntu-latest
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run hadolint for 7.4
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          dockerfile: ./7.4/Dockerfile
          format: sarif
          output-file: hadolint-7.4-results.sarif
          no-fail: true
      - name: Upload 7.4 analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: hadolint-7.4-results.sarif
          wait-for-processing: true

  hadolint-80:
    name: Run hadolint scanning for 8.0
    runs-on: ubuntu-latest
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run hadolint for 8.0
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          dockerfile: ./8.0/Dockerfile
          format: sarif
          output-file: hadolint-8.0-results.sarif
          no-fail: true
      - name: Upload 8.0 analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: hadolint-8.0-results.sarif
          wait-for-processing: true

  hadolint-81:
    name: Run hadolint scanning for 8.1
    runs-on: ubuntu-latest
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run hadolint for 8.1
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          dockerfile: ./8.1/Dockerfile
          format: sarif
          output-file: hadolint-8.1-results.sarif
          no-fail: true
      - name: Upload 8.1 analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: hadolint-8.1-results.sarif
          wait-for-processing: true

  hadolint-82:
    name: Run hadolint scanning for 8.2
    runs-on: ubuntu-latest
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run hadolint for 8.2
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          dockerfile: ./8.2/Dockerfile
          format: sarif
          output-file: hadolint-8.2-results.sarif
          no-fail: true
      - name: Upload 8.2 analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: hadolint-8.2-results.sarif
          wait-for-processing: true

  hadolint-83:
    name: Run hadolint scanning for 8.3
    runs-on: ubuntu-latest
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run hadolint for 8.3
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          dockerfile: ./8.3/Dockerfile
          format: sarif
          output-file: hadolint-8.3-results.sarif
          no-fail: true
      - name: Upload 8.2 analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: hadolint-8.3-results.sarif
          wait-for-processing: true