Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The --failure-threshold setting is treated as inclusive instead of exclusive #788

Closed
1 of 3 tasks
kingrichard2005 opened this issue Mar 10, 2022 · 2 comments · Fixed by #789
Closed
1 of 3 tasks

The --failure-threshold setting is treated as inclusive instead of exclusive #788

kingrichard2005 opened this issue Mar 10, 2022 · 2 comments · Fixed by #789

Comments

@kingrichard2005
Copy link

  • This is a bug report
  • This is a feature request
  • I searched existing issues before opening this one

Expected behavior

hadolint should treat the --failure-threshold setting as exclusive per documentation which indicates Exit with failure code only when rules with a severity above THRESHOLD are violated.

Actual behavior

hadolint treats the --failure-threshold setting as inclusive i.e. if the number of validation errors is equal to or greater than the threshold, the lint validation fails.

Steps to reproduce the behavior

Output of hadolint --version or
docker run --rm hadolint/hadolint hadolint --version or
docker run --rm ghcr.io/hadolint/hadolint hadolint --version:

:: Not sure if this is a separate issue, but using the latest version 2.8.0 Windows binaries 
:: outputs UNKNOWN instead of the version number
C:\path\to\hadolint.exe --version
Haskell Dockerfile Linter UNKNOWN

C:\path\to\hadolint\hadolint.exe --failure-threshold info C:\srcs\33\docker-base-images\node-10-buster-slim\Dockerfile
C:\srcs\33\docker-base-images\node-10-buster-slim\Dockerfile:16 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
C:\srcs\33\docker-base-images\node-10-buster-slim\Dockerfile:18 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.

C:\path\to\ echo %ErrorLevel%
1

C:\path\to\hadolint\hadolint.exe --failure-threshold warning C:\srcs\33\docker-base-images\node-10-buster-slim\Dockerfile
C:\srcs\33\docker-base-images\node-10-buster-slim\Dockerfile:16 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
C:\srcs\33\docker-base-images\node-10-buster-slim\Dockerfile:18 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.

C:\path\to\ echo %ErrorLevel%
0

Dockerfile (if relevant)

FROM node:10.22-buster-slim

ENV TZ=America/Los_Angeles
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates=20200601~deb10u2 \
        tzdata=2021a-0+deb10u1 \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /usr/local/share/ca-certificates/my-ca-certificates
COPY ./certs .
	
RUN update-ca-certificates --fresh

RUN useradd -rm -d /home/debian -s /bin/bash -g root -G sudo -u 1001 debian

RUN yarn config set @my-private-repo:registry https://artifactory.my-private-repo.com/artifactory/api/npm/ows-npm-virtual

WORKDIR /

Additional environment details (OS, stack version, etc.)

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.18363 N/A Build 18363
m-ildefons added a commit to m-ildefons/hadolint that referenced this issue Mar 13, 2022
@m-ildefons
documentation: fix and update readme
505c290 
- Fix wrong information about the behavior of the `--failure-threshold`
  option.

- Add instructions on how to build Hadolint against modified libraries
  to the development section.

Since hadolint#653 , Hadolint has
treated the failure threshold set by the `--failure-threshold` option as
inclusive and this has been reflected in the `--help` message text. But
the readme has never been updated.

fixes: hadolint#788
@m-ildefons
Copy link
Collaborator

Hi @kingrichard2005 ,
thanks for bringing it up. I'm sorry for the confusion. The desired behavior has been discussed at length here and the program matches that. This is also correctly described in the --help text, it is just that the readme is out of sync here.

@m-ildefons m-ildefons mentioned this issue Mar 13, 2022
Merged
lorenzo pushed a commit that referenced this issue Mar 14, 2022
@m-ildefons
documentation: fix and update readme (#789)
7e29359 
- Fix wrong information about the behavior of the `--failure-threshold`
  option.

- Add instructions on how to build Hadolint against modified libraries
  to the development section.

Since #653 , Hadolint has
treated the failure threshold set by the `--failure-threshold` option as
inclusive and this has been reflected in the `--help` message text. But
the readme has never been updated.

fixes: #788
@kingrichard2005
Copy link
Author

Hi @m-ildefons , thanks for the quick follow-up and resolution. Glad to hear it was just a README update that was needed, that'll definitely help avoid confusion moving forward.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

documentation: fix and update readme m-ildefons/hadolint
2 participants
@kingrichard2005 @m-ildefons