Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fail_level not properly enforced #116

Open
HagegeR opened this issue Jan 13, 2025 · 8 comments
Open

fail_level not properly enforced #116

HagegeR opened this issue Jan 13, 2025 · 8 comments

Comments

@HagegeR
Copy link

HagegeR commented Jan 13, 2025

Hello and thanks for these amazing integrations you provide :)

I've encountered a similar issue with this feature integration in reviewdog/action-actionlint#152

message:"Delete the apt-get lists after installing something" location:{path:"Dockerfile" range:{start:{line:10 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3009" url:"https://github.com/hadolint/hadolint/wiki/DL3009"}
message:"Avoid additional packages by specifying --no-install-recommends" location:{path:"Dockerfile" range:{start:{line:10 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3015" url:"https://github.com/hadolint/hadolint/wiki/DL3015"}
message:"Avoid additional packages by specifying --no-install-recommends" location:{path:"Dockerfile" range:{start:{line:79 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3015" url:"https://github.com/hadolint/hadolint/wiki/DL3015"}
message:"Delete the apt-get lists after installing something" location:{path:"Dockerfile" range:{start:{line:79 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3009" url:"https://github.com/hadolint/hadolint/wiki/DL3009"}
message:"Pin versions in npm. Instead of npm install <package> use npm install <package>@<version>" location:{path:"Dockerfile" range:{start:{line:116 column:1}}} severity:WARNING source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3016" url:"https://github.com/hadolint/hadolint/wiki/DL3016"}
message:"Avoid use of wget without progress bar. Use wget --progress=dot:giga <url>. Or consider using -q or -nv (shorthands for --quiet or --no-verbose)." location:{path:"Dockerfile" range:{start:{line:183 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3047" url:"https://github.com/hadolint/hadolint/wiki/DL3047"}

the severity is set to fail on error, but this suffices to show the stage as failed

I believe the same kind of fix that @massongit did would also work here
@massongit
Copy link
Contributor

massongit commented Jan 13, 2025
edited
Loading

I tested using massongit#3.
In this PR, hadolint returned output like below:

https://github.com/massongit/action-hadolint/actions/runs/12743374300/job/35513359427#step:3:39

  message:"Avoid additional packages by specifying `--no-install-recommends`" location:{path:"testdata/Dockerfile" range:{start:{line:3 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3015" url:"https://github.com/hadolint/hadolint/wiki/DL3015"}
  message:"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`" location:{path:"testdata/Dockerfile" range:{start:{line:3 column:1}}} severity:WARNING source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3008" url:"https://github.com/hadolint/hadolint/wiki/DL3008"}
  message:"Multiple consecutive `RUN` instructions. Consider consolidation." location:{path:"testdata/Dockerfile" range:{start:{line:5 column:1}}} severity:INFO source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3059" url:"https://github.com/hadolint/hadolint/wiki/DL3059"}
  message:"Remove space after = if trying to assign a value (for empty string, use var='' ... )." location:{path:"testdata/Dockerfile" range:{start:{line:5 column:1}}} severity:WARNING source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"SC1007" url:"https://github.com/koalaman/shellcheck/wiki/SC1007"}
  message:"Use WORKDIR to switch to a directory" location:{path:"testdata/Dockerfile" range:{start:{line:6 column:1}}} severity:WARNING source:{name:"hadolint" url:"https://github.com/hadolint/hadolint"} code:{value:"DL3003" url:"https://github.com/hadolint/hadolint/wiki/DL3003"}

In the above, the highest severity is WARNING.

https://github.com/massongit/action-hadolint/actions/runs/12743355551/job/35513131418 ( massongit@ca526ae)
If I set fail_level: warning, CI failed.

https://github.com/massongit/action-hadolint/actions/runs/12743374300/job/35513359427 ( massongit@03a245e )
If I set fail_level: error, CI did not fail.

Therefore, fail_level appears to be working properly.

@HagegeR
Copy link
Author

HagegeR commented Jan 13, 2025

Hi, thanks for trying to reproduce my issue!

My use case is:

            - name: Run Hadolint
              continue-on-error: true
              uses: reviewdog/action-hadolint@v1
              with:
                fail_level: error
                hadolint_flags: -c .github/.hadolint/hadolint.yml

hadolint.yml:
ignored: [DL3042, DL3059]

I added continue-on-error: true because of my issue, fail_level: error is used
still, it's not working for me for some reason.
image

maybe the reporter is affecting how the result severity is parsed?

@massongit
Copy link
Contributor

https://github.com/massongit/action-hadolint/actions/runs/12744513322/job/35516568361 ( massongit@89e935a )
I remove reporter.
However, CI do not fail.

@HagegeR
Copy link
Author

HagegeR commented Jan 13, 2025
edited
Loading

I can see the check is marked as fail:
image
image
https://github.com/massongit/action-hadolint/pull/3/checks?check_run_id=35516790648
if this is not marked as pass, then it can't be enabled as a required stage for CI

@massongit
Copy link
Contributor

massongit commented Jan 13, 2025
edited
Loading

I think it is possible to enable hadolint's CI as a required stage by setting only runner / hadolint (github-pr-review) to required without reviewdog / hadolint required.
For example: massongit#4.

@HagegeR
Copy link
Author

HagegeR commented Jan 13, 2025

but that is not correct in my case, I have multiple linter launched form the job that launch hadolint
I wanted to add hadolint result specifically as the required build, this is how all other actions work, their status can be added as passed or fail, not their launcher job

@massongit
Copy link
Contributor

massongit commented Jan 13, 2025
edited
Loading

II think that I do not understand your conditions.
Therefore, I recommend that you do the following:

  1. You fork this repository
  2. You create a PR that reproduces the necessary conditions with reference to Test massongit/action-hadolint#3 and Update Dockerfile massongit/action-hadolint#4 in your fork
  3. You indicate it in this issue

@HagegeR
Copy link
Author

HagegeR commented Jan 13, 2025
edited
Loading

Ok, I think I reproduced the behavior I want to work: HagegeR#1
@massongit do you think the stage not passing when error level is fail is the expected behavior? from the other actions in reviewdog I used like reviewdog/action-actionlint, the fail_level and status check aligned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@massongit @HagegeR