name: Hadolint permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true on: [ push, pull_request ] defaults: run: shell: bash jobs: hadolint: name: Validate Dockerfile syntax runs-on: ubuntu-24.04 timeout-minutes: 30 steps: # Start Docker Buildx - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 # https://github.com/moby/buildkit/issues/3969 # Also set max parallelism to 2, the default of 4 breaks GitHub Actions and causes OOMKills with: buildkitd-config-inline: | [worker.oci] max-parallelism = 2 driver-opts: | network=host # Checkout the repo - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false # End Checkout the repo # Test Dockerfiles with hadolint # Uses the Docker-based action (hadolint pre-bundled in ghcr.io/hadolint/hadolint:v2.14.0-debian) # so no binary is downloaded at runtime. Pinned by commit SHA for supply-chain safety. - name: Run hadolint on Dockerfile.debian uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 with: dockerfile: docker/Dockerfile.debian - name: Run hadolint on Dockerfile.alpine uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 with: dockerfile: docker/Dockerfile.alpine # End Test Dockerfiles with hadolint # Test Dockerfiles with docker build checks - name: Run docker build check run: | echo "Checking docker/Dockerfile.debian" docker build --check . -f docker/Dockerfile.debian echo "Checking docker/Dockerfile.alpine" docker build --check . -f docker/Dockerfile.alpine # End Test Dockerfiles with docker build checks