replaced dockle with hadolint 2.0 (#211)

* replaced dockle with hadolint --------- Co-authored-by: Mathis Marcotte <[email protected]>
StatCan · Jul 3, 2024 · 1933a58 · 1933a58
1 parent a2e109a
commit 1933a58
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 17 deletions.
diff --git a/.github/workflows/build-centraldashboard.yml b/.github/workflows/build-centraldashboard.yml
@@ -56,6 +56,12 @@ jobs:
         username: ${{ secrets.DEV_REGISTRY_USERNAME }}
         password: ${{ secrets.DEV_REGISTRY_PASSWORD }}
 
+    - name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint ./components/centraldashboard/Dockerfile --no-fail
+
     # Container build to a Azure Container registry (ACR)
     - name: Docker build
       run: |
@@ -73,23 +79,6 @@ jobs:
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
         trivy image localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
 
-    # Run Dockle
-    # - name: Run dockle
-    #   uses: goodwithtech/dockle-action@main
-    #   with:
-    #     image: localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }}
-    #     format: 'list'
-    #     exit-code: '0'
-    #     exit-level: 'fatal'
-    #     ignore: 'DKL-DI-0006'
-
-    # On hold to replace dockle
-    # - name: Run Hadolint
-    #   run:  |
-    #     sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
-    #     sudo chmod +x hadolint
-    #     ./hadolint localhost:5000/kubeflow/centraldashboard-aaw2 --no-fail
-
     # Pushes if this is a push to master or an update to a PR that has auto-deploy label
     - name: Test if we should push to ACR
       id: should-i-push

diff --git a/.github/workflows/build-kfam.yml b/.github/workflows/build-kfam.yml
@@ -22,6 +22,7 @@ env:
   CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks
   TRIVY_VERSION: "v0.43.1"
   SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  HADOLINT_VERSION: "2.12.0"
 
 jobs:
   build-push:
@@ -57,6 +58,12 @@ jobs:
         username: ${{ secrets.DEV_REGISTRY_USERNAME }}
         password: ${{ secrets.DEV_REGISTRY_PASSWORD }}
 
+    - name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint ./components/access-management/Dockerfile --no-fail
+
     # Container build to a Azure Container registry (ACR)
     - name: Docker build
       run: |