From b5c414e32588ce875d01d0013105eb1ecfceea58 Mon Sep 17 00:00:00 2001
From: irongut <murray.dave@outlook.com>
Date: Sun, 14 Aug 2022 02:14:19 +0100
Subject: [PATCH] add hadolint Dockerfile linter

---
 .github/workflows/docker-linter.yml | 51 +++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 .github/workflows/docker-linter.yml

diff --git a/.github/workflows/docker-linter.yml b/.github/workflows/docker-linter.yml
new file mode 100644
index 0000000..1c28642
--- /dev/null
+++ b/.github/workflows/docker-linter.yml
@@ -0,0 +1,51 @@
+# hadolint is a Dockerfile linter written in Haskell
+# More details at https://github.com/hadolint/hadolint
+
+name: Docker Linter
+
+on:
+  push:
+    branches: [ "master" ]
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.gitignore'
+      - '**/*.gitattributes'
+  pull_request:
+    branches: [ "master" ]
+  workflow_dispatch:
+  schedule:
+    - cron: '35 11 * * 0'
+
+permissions:
+  contents: read
+
+jobs:
+  hadolint:
+    name: Run hadolint scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read          # for actions/checkout
+      security-events: write  # for github/codeql-action/upload-sarif
+    steps:
+
+      - name: Harden Runner
+        uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+      - name: Checkout
+        uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28
+
+      - name: Run hadolint
+        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
+        with:
+          dockerfile: ./Dockerfile
+          format: sarif
+          output-file: hadolint-results.sarif
+          no-fail: true
+
+      - name: Upload Results
+        uses: github/codeql-action/upload-sarif@bec8c2936a0da74f16c19cedb1e9efb2b53a7e7b
+        with:
+          sarif_file: hadolint-results.sarif
+          wait-for-processing: true