From 1933a58e786f3de2a8ea3599f3a0d4ae5d8148c5 Mon Sep 17 00:00:00 2001
From: Mathis <84033116+mathis-marcotte@users.noreply.github.com>
Date: Wed, 3 Jul 2024 12:54:02 +0000
Subject: [PATCH] replaced dockle with hadolint 2.0 (#211)

* replaced dockle with hadolint

---------

Co-authored-by: Mathis Marcotte <mathis.marcotte@statcan.gc.ca>
---
 .github/workflows/build-centraldashboard.yml | 23 +++++---------------
 .github/workflows/build-kfam.yml             |  7 ++++++
 2 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/build-centraldashboard.yml b/.github/workflows/build-centraldashboard.yml
index 22fb6304d9a..f84801a9202 100644
--- a/.github/workflows/build-centraldashboard.yml
+++ b/.github/workflows/build-centraldashboard.yml
@@ -56,6 +56,12 @@ jobs:
         username: ${{ secrets.DEV_REGISTRY_USERNAME }}
         password: ${{ secrets.DEV_REGISTRY_PASSWORD }}
 
+    - name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint ./components/centraldashboard/Dockerfile --no-fail
+
     # Container build to a Azure Container registry (ACR)
     - name: Docker build
       run: |
@@ -73,23 +79,6 @@ jobs:
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
         trivy image localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
 
-    # Run Dockle
-    # - name: Run dockle
-    #   uses: goodwithtech/dockle-action@main
-    #   with:
-    #     image: localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }}
-    #     format: 'list'
-    #     exit-code: '0'
-    #     exit-level: 'fatal'
-    #     ignore: 'DKL-DI-0006'
-    
-    # On hold to replace dockle
-    # - name: Run Hadolint
-    #   run:  |
-    #     sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
-    #     sudo chmod +x hadolint
-    #     ./hadolint localhost:5000/kubeflow/centraldashboard-aaw2 --no-fail
-
     # Pushes if this is a push to master or an update to a PR that has auto-deploy label
     - name: Test if we should push to ACR
       id: should-i-push
diff --git a/.github/workflows/build-kfam.yml b/.github/workflows/build-kfam.yml
index 6f38a9c40e5..9d48daef0b0 100644
--- a/.github/workflows/build-kfam.yml
+++ b/.github/workflows/build-kfam.yml
@@ -22,6 +22,7 @@ env:
   CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks
   TRIVY_VERSION: "v0.43.1"
   SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  HADOLINT_VERSION: "2.12.0"
 
 jobs:
   build-push:
@@ -57,6 +58,12 @@ jobs:
         username: ${{ secrets.DEV_REGISTRY_USERNAME }}
         password: ${{ secrets.DEV_REGISTRY_PASSWORD }}
 
+    - name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint ./components/access-management/Dockerfile --no-fail
+
     # Container build to a Azure Container registry (ACR)
     - name: Docker build
       run: |