lint-dockerfiles.yml

---
name: Lint Dockerfiles
on:  # yamllint disable-line rule:truthy
  pull_request:
    paths:
      - "**/*Dockerfile*"

jobs:
  hadolint:
    runs-on: ubuntu-latest
    outputs:
      changed-files: ${{ steps.file-changes.outputs.changed-files }}

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Modified files
        id: file-changes
        run: |
          echo \
              "changed-files=$(git diff --name-only -r origin/${GITHUB_BASE_REF} origin/${GITHUB_HEAD_REF} \
              | grep 'Dockerfile' \
              | tr '\n' ' ')" \
          >> $GITHUB_OUTPUT

      - name: Check GitHub event type to determine reporter type
        run: |
          if [ "${{ github.event_name }}" == "pull_request" ]; then
              echo "REVIEWDOG_REPORTER=github-pr-review" >> $GITHUB_ENV
          else
              echo "REVIEWDOG_REPORTER=github-check" >> $GITHUB_ENV
          fi

      - name: Run hadolint
        uses: reviewdog/action-hadolint@v1
        with:
          fail_on_error: false
          filter_mode: diff_context
          hadolint_flags: ${{ steps.file-changes.outputs.changed-files }}
          level: error
          reporter: ${{ env.REVIEWDOG_REPORTER }}