Skip to content
Back to pull request #62

Add vfio error handling #303

Sign in to view logs

Add vfio error handling

Add vfio error handling #303

Workflow file for this run

.github/workflows/linters.yml at 9b2fc43
name: Linters
on:
workflow_call:
workflow_dispatch:
pull_request:
branches: [ 'main' ]
push:
branches: [ 'main' ]
env:
HADOLINT_RESULTS_FILE: 'hadolint.sarif'
permissions:
contents: read
defaults:
run:
shell: bash
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
hadolint-main-dockerfile:
name: 'dockerfile lint'
permissions:
actions: read
contents: read
security-events: write
runs-on: ubuntu-22.04
steps:
- name: 'setup: harden runner'
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: 'setup: checkout repo'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: 'setup: sarif output folder'
run: mkdir -p "${{ github.workspace }}/sarif"
- name: 'scan: ./Dockerfile hadolint scan tty output'
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: "Dockerfile"
config: .github/configs/hadolint.yaml
format: tty
no-fail: false
failure-threshold: info
- name: 'scan: .sources/Dockerfile.sources hadolint sarif output'
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: "Dockerfile"
config: .github/configs/hadolint.yaml
format: sarif
output-file: "main-${{ env.HADOLINT_RESULTS_FILE }}"
no-fail: true
failure-threshold: info
- name: 'scan: Upload results to security tab'
uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
with:
sarif_file: "main-${{ env.HADOLINT_RESULTS_FILE }}"
hadolint-sources-dockerfile:
name: 'sources dockerfile lint'
permissions:
actions: read
contents: read
security-events: write
runs-on: ubuntu-22.04
steps:
- name: 'setup: harden runner'
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: 'setup: checkout repo'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "scan: ./Dockerfile hadolint scan tty output"
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: ".sources/Dockerfile.sources"
config: .github/configs/hadolint.yaml
format: tty
no-fail: false
failure-threshold: info
- name: 'scan: .sources/Dockerfile.sources hadolint sarif output'
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: ".sources/Dockerfile.sources"
config: .github/configs/hadolint.yaml
format: sarif
output-file: "sources-${{ env.HADOLINT_RESULTS_FILE }}"
no-fail: true
failure-threshold: info
- name: 'scan: Upload results to security tab'
uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
with:
sarif_file: "sources-${{ env.HADOLINT_RESULTS_FILE }}"
shellcheck:
name: 'shellcheck'
runs-on: ubuntu-22.04
steps:
- name: 'setup: harden runner'
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: 'setup: checkout repo'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: 'run shellcheck scan'
uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # v2.0.0
with:
severity: warning
format: tty
ignore_paths: .github .sources
env:
SHELLCHECK_OPTS: -e SC2154