This action runs hadolint with reviewdog on pull requests to lint Dockerfile and validate inline bash.

By default, with reporter: github-pr-check an annotation is added to the line:

With reporter: github-pr-review a comment is added to the Pull Request Conversation:

Optional. ${{ github.token }} is used by default.

Optional. Pass hadolint flags:

with:
  hadolint_flags: --trusted-registry docker.io

Optional. Pass hadolint rules to ignore them:

with:
  hadolint_ignore: DL3009 DL3008

Optional. Tool name to use for reviewdog reporter. Useful when running multiple actions with different config.

Optional. List of folders and files to exclude from checking.

Use /%FOLDER%/* to exclude whole folder or %FILENAME% to exclude certain files.

Note that you can use wildcard to exclude certain file extensions, like Dockerfile.* will exclude Dockerfile.dev, but will not exclude Dockerfile.

You can combine those rules as you wish (i.e. exclude certain files from certain folders only):

with:
  exclude: |
    /vendor/*
    Dockerfile.*

Optional. Defaults to *Dockerfile*. List of folders and files to use for checking.

Use /%FOLDER%/* to include whole folder or %FILENAME% to include certain files.

Note that you can use wildcard to include certain file extensions, like Dockerfile.* will include Dockerfile.dev, but will not include Dockerfile.

You can combine those rules as you wish (i.e. exclude certain files from certain folders only):

with:
  include: |
    subfolder/Dockerfile.*

Optional. Report level for reviewdog [info, warning, error]. It's same as -level flag of reviewdog.

Optional. Reporter of reviewdog command [github-pr-check, github-pr-review]. The default is github-pr-check.

Optional. Filtering mode for the reviewdog command [added, diff_context, file, nofilter]. Default is added.

Optional. If set to none, always use exit code 0 for reviewdog. Otherwise, exit code 1 for reviewdog if it finds at least 1 issue with severity greater than or equal to the given level. Possible values: [none, any, info, warning, error] Default is none.

Deprecated, use fail_level instead. Optional. Exit code for reviewdog when errors are found [true, false] Default is false.

Optional. Additional reviewdog flags.

name: reviewdog
on: [pull_request]
jobs:
  hadolint:
    name: runner / hadolint
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: hadolint
        uses: reviewdog/action-hadolint@fc7ee4a9f71e521bc43e370819247b70e5327540 # v1.50.2
        with:
          reporter: github-pr-review # Default is github-pr-check

MIT