Add skip if no Dockerfiles are in directories

Author: nvtkaszpir

.github/workflows/ci.yml

@@ -103,7 +103,7 @@ jobs:
           results: ${{ steps.hadolint5.outputs.results }}
         run: echo "$results"
 
-      - name: Run integration test 7 - set recursive
+      - name: Run integration test 7 - set recursive with existing files
         # This step will never fail, but will print out rule violations
         # for all the Dockerfiles in repository.
         uses: ./
@@ -120,14 +120,25 @@ jobs:
       #    format: sarif
       #    output-file: report.sarif
 
-      - name: Run integration test 9 - run with no Dockerfiles
+
+      - name: Run integration test 9 - set recursive with non-matching files
+        # This step will never fail, but will print out rule violations
+        # for all the Dockerfiles in repository.
+        uses: ./
+        with:
+          dockerfile: "*Dockerfile_non_existent"
+          failure-threshold: error
+          recursive: true
+
+      - name: Run integration test 10 - run with no Dockerfiles
         # This should not fail if no Dockerfiles are found in the path
         # especially if git change deletes Dockerfile
-        uses: testdata/test_empty_dir
+        uses: ./
         with:
-          dockerfile: ""
+          dockerfile: "*Dockerfile"
           failure-threshold: error
           recursive: true
+          working-directory: testdata/test_empty_dir/
 
   release:
     if: github.event_name == 'push' && github.ref == 'refs/heads/master'

action.yml

@@ -73,6 +73,10 @@ inputs:
     required: false
     description: 'A comma separated list of trusted registry urls'
     default:
+  working-directory:
+    required: false
+    description: 'Path where you want to start scanning for Dockerfiles'
+    default:
 
 runs:
   using: 'docker'
@@ -91,6 +95,7 @@ runs:
     HADOLINT_OVERRIDE_STYLE: ${{ inputs.override-style }}
     HADOLINT_IGNORE: ${{ inputs.ignore }}
     HADOLINT_TRUSTED_REGISTRIES: ${{ inputs.trusted-registries }}
+    HADOLINT_WORKING_DIRECTORY: ${{ inputs.working-directory }}
 
     HADOLINT_CONFIG: ${{ inputs.config }}
     HADOLINT_RECURSIVE: ${{ inputs.recursive }}

hadolint.sh

@@ -3,9 +3,22 @@
 # checkout (outside the Docker container running hadolint). We copy
 # problem-matcher.json to the home folder.
 
+# unset certain env vars to empty values
+RESULTS=''
+# shellcheck disable=SC2034
+HADOLINT_RESULTS=''
+
+# disable cheks for undefined env vars, in here mostly githu env vars
+# shellcheck disable=SC2154
+
+if [[ -n "${HADOLINT_WORKING_DIRECTORY}" ]]; then
+  cd "${HADOLINT_WORKING_DIRECTORY}" \
+    || { echo "Error: failed to change path to ${HADOLINT_WORKING_DIRECTORY}, check if exists, if is a directory directory permissions etc"; exit 1; }
+fi
+
 PROBLEM_MATCHER_FILE="/problem-matcher.json"
-if [ -f "$PROBLEM_MATCHER_FILE" ]; then
-  cp "$PROBLEM_MATCHER_FILE" "$HOME/"
+if [[ -f "${PROBLEM_MATCHER_FILE}" ]]; then
+  cp "${PROBLEM_MATCHER_FILE}" "${HOME}/"
 fi
 # After the run has finished we remove the problem-matcher.json from
 # the repository so we don't leave the checkout dirty. We also remove
@@ -16,52 +29,73 @@ cleanup() {
 }
 trap cleanup EXIT
 
-echo "::add-matcher::$HOME/problem-matcher.json"
+echo "::add-matcher::${HOME}/problem-matcher.json"
 
-if [ -n "$HADOLINT_CONFIG" ]; then
+if [[ -n "${HADOLINT_CONFIG}" ]]; then
   HADOLINT_CONFIG="-c ${HADOLINT_CONFIG}"
 fi
 
-if [ -z "$HADOLINT_TRUSTED_REGISTRIES" ]; then
+if [[ -z "${HADOLINT_TRUSTED_REGISTRIES}" ]]; then
   unset HADOLINT_TRUSTED_REGISTRIES
 fi
 
-COMMAND="hadolint $HADOLINT_CONFIG"
+COMMAND="hadolint ${HADOLINT_CONFIG}"
 
-if [ "$HADOLINT_RECURSIVE" = "true" ]; then
+if [[ "${HADOLINT_RECURSIVE}" = "true" ]]; then
   shopt -s globstar
-
   filename="${!#}"
   flags="${*:1:$#-1}"
 
-  RESULTS=$(eval "$COMMAND $flags" -- **/"$filename")
+  files_found=false
+  # try to find files to scan but do not end with eror if no files found
+  # notice that $filename can contain glob char so we add exception here
+  # shellcheck disable=SC2231
+  for file in **/${filename}
+  do
+    if [[ -e "${file}" ]]
+    then
+      files_found=true
+      break
+    fi
+  done
+
+  if [[ "${files_found}" = "true" ]]; then
+    # notice that $filename can contain glob char so we add exception here
+    # shellcheck disable=SC2086,SC2231,SC2248
+    RESULTS=$(eval "${COMMAND} ${flags}" -- **/${filename})
+  else
+    RESULTS=''
+    echo "No Dockerfiles detected, skipping processing";
+  fi
+
 else
   flags=$*
-  RESULTS=$(eval "$COMMAND" "$flags")
+  RESULTS=$(eval "${COMMAND}" "${flags}")
 fi
 FAILED=$?
 
-if [ -n "$HADOLINT_OUTPUT" ]; then
-  if [ -f "$HADOLINT_OUTPUT" ]; then
-    HADOLINT_OUTPUT="$TMP_FOLDER/$HADOLINT_OUTPUT"
+if [[ -n "${HADOLINT_OUTPUT}" ]]; then
+  if [[ -f "${HADOLINT_OUTPUT}" ]]; then
+    HADOLINT_OUTPUT="${TMP_FOLDER}/${HADOLINT_OUTPUT}"
   fi
-  echo "$RESULTS" >"$HADOLINT_OUTPUT"
+  echo "${RESULTS}" >"${HADOLINT_OUTPUT}"
 fi
 
 RESULTS="${RESULTS//$'\\n'/''}"
 
 {
   echo "results<<EOF"
-  echo "$RESULTS"
+  echo "${RESULTS}"
   echo "EOF"
-} >>"$GITHUB_OUTPUT"
+} >>"${GITHUB_OUTPUT}"
 
 {
   echo "HADOLINT_RESULTS<<EOF"
-  echo "$RESULTS"
+  echo "${RESULTS}"
   echo "EOF"
-} >>"$GITHUB_ENV"
+} >>"${GITHUB_ENV}"
 
-[ -z "$HADOLINT_OUTPUT" ] || echo "Hadolint output saved to: $HADOLINT_OUTPUT"
+[[ -z "${HADOLINT_OUTPUT}" ]] || echo "Hadolint output saved to: ${HADOLINT_OUTPUT}"
 
-exit $FAILED
+# shellcheck disable=SC2248
+exit ${FAILED}

testdata/test_empty_dir/README.md

@@ -0,0 +1,4 @@
+This directory is intentionally empty.
+
+It is used by the test suite to verify that hadolint action is not executed
+if processed directory does not contain any Dockerfile.