This action runs hadolint with reviewdog on pull requests to lint Dockerfile and validate inline bash.

By default, with reporter: github-pr-check an annotation is added to the line:

With reporter: github-pr-review a comment is added to the Pull Request Conversation:

Optional. ${{ github.token }} is used by default.

Optional. Pass hadolint flags:

with:
  hadolint_flags: --trusted-registry docker.io

Optional. Pass hadolint rules to ignore them:

with:
  hadolint_ignore: DL3009 DL3008

Optional. Tool name to use for reviewdog reporter. Useful when running multiple actions with different config.

Optional. List of folders and files to exclude from checking.

Use /%FOLDER%/* to exclude whole folder or %FILENAME% to exclude certain files.

Note that you can use wildcard to exclude certain file extensions, like Dockerfile.* will exclude Dockerfile.dev, but will not exclude Dockerfile.

You can combine those rules as you wish (i.e. exclude certain files from certain folders only):

with:
  exclude: |
    /vendor/*
    Dockerfile.*

Optional. Report level for reviewdog [info, warning, error]. It's same as -level flag of reviewdog.

Optional. Reporter of reviewdog command [github-pr-check, github-pr-review]. The default is github-pr-check.

Optional. Filtering mode for the reviewdog command [added, diff_context, file, nofilter]. Default is added.

Optional. Exit code for reviewdog when errors are found [true, false] Default is false.

Optional. Additional reviewdog flags.

name: reviewdog
on: [pull_request]
jobs:
  hadolint:
    name: runner / hadolint
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v4
      - name: hadolint
        uses: reviewdog/action-hadolint@v1
        with:
          reporter: github-pr-review # Default is github-pr-check

MIT