Install Hadolint instead of dockle

StatCan · Jun 17, 2024 · 9b82abe · 9b82abe
1 parent 6682867
commit 9b82abe
Showing 1 changed file with 17 additions and 8 deletions.
diff --git a/.github/workflows/build-centraldashboard.yml b/.github/workflows/build-centraldashboard.yml
@@ -20,6 +20,7 @@ env:
   CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks
   TRIVY_VERSION: "v0.43.1"
   SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  HADOLINT_VERSION: "2.12.0"
 
 jobs:
   build-push:
@@ -73,14 +74,22 @@ jobs:
         trivy image localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
 
     # Run Dockle
-    - name: Run dockle
-      uses: goodwithtech/dockle-action@main
-      with:
-        image: localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }}
-        format: 'list'
-        exit-code: '0'
-        exit-level: 'fatal'
-        ignore: 'DKL-DI-0006'
+    # - name: Run dockle
+    #   uses: goodwithtech/dockle-action@main
+    #   with:
+    #     image: localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }}
+    #     format: 'list'
+    #     exit-code: '0'
+    #     exit-level: 'fatal'
+    #     ignore: 'DKL-DI-0006'
+
+    - name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint localhost:5000/kubeflow/centraldashboard-aaw2:${{ github.sha }} --no-fail
+      
+
 
     # Pushes if this is a push to master or an update to a PR that has auto-deploy label
     - name: Test if we should push to ACR