Replaced Dockle with hadolint

StatCan · Jun 26, 2024 · 63a9a2b · 63a9a2b
1 parent 6c4b579
commit 63a9a2b
Showing 1 changed file with 5 additions and 10 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -63,6 +63,11 @@ jobs:
         username: ${{ secrets.DEV_REGISTRY_USERNAME }}
         password: ${{ secrets.DEV_REGISTRY_PASSWORD }}
 
+- name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint . --no-fail
     
     - name: Build image locally
       run: |
@@ -74,16 +79,6 @@ jobs:
       run: |
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
         trivy image localhost:5000/jupyter-apis:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
-  
-    # Run Dockle
-    - name: Run dockle
-      uses: goodwithtech/dockle-action@main
-      with:
-        image: localhost:5000/jupyter-apis:${{ github.sha }}
-        format: 'list'
-        exit-code: '0'
-        exit-level: 'fatal'
-        ignore: 'DKL-DI-0006'
 
     # Container build and push to a Azure Container registry (ACR)
     - name: Push to ACR if necessary