Error: No hadolint failure but Actions job fails

[gakugaku]

No hadolint failure but Actions job fails when executing below actions.

Execution log

Actions yaml (part of hadolint job)

  lint-dockerfile:
    runs-on: ubuntu-20.04
    timeout-minutes: 5

    steps:
      - uses: actions/checkout@v3

      - name: hadolint (dockerfile linter)
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          recursive: true

---

Workaround: Actions success when setting failure-threshold: "warning" option. But even if hadolint fails with info severity, Actions job will succeed😢.

  lint-dockerfile:
    runs-on: ubuntu-20.04
    timeout-minutes: 5

    steps:
      - uses: actions/checkout@v3

      - name: hadolint (dockerfile linter)
        uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
        with:
          recursive: true
          failure-threshold: "warning"

[hatamiarash7]

I have this problem too

[FrankGiesecke]

Same problem an currently no solution 😢

[FrankGiesecke]

The problem seems to be, that some errors/warnings/infos are not displayed in the log. I have a Dockerfile which doesn't contain any ignore statements. In my first run, my .hadolint.yaml only contains the exclusion for DL3018. If I run Hadolint from CLI, I get the message:

Dockerfile:13 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.

But in the CI, no message is displayed but the step fails.

If I add the exclusion for DL3059, the CI step succeeds.

[erzz]

I hate to leave me too messages - but me too :)

Also I believe that if you write the report to file it also is empty

[ViacheslavKudinov]

Same here. Had to switch back to v2.0.0, this works fine.

[ReenigneArcher]

I've been experiencing this same issue for a couple of months. Is this project still maintained? Last activity seems to be in May.

[ReenigneArcher]

I found that if you re-run the job with debug logging enabled you will see some output.

[brpaz]

For me it worked to set failure-threshold to error or warning

According to the documentation, the default is info. I don´t know how this works internally in Hadolint, but my theory, is that info is making the pipeline fail with any output, even if it has no errors.

Ex:

 - name: Lint Dockerfile
    uses: hadolint/[email protected]
    with:
      dockerfile: Dockerfile
      failure-threshold: error

error should probably be the default value, as I think this is what most people would like to fail the pipeline and then they could override to warning for a more strict workflow.

[maxhelias]

Not sure but this seems to be related to https://github.com/hadolint/hadolint-action/pull/55

[rene-bos]

This issue has been fixed by the 3.0.0 release for us (we also pinned at 2.0.0 to avoid having this problem).

[maxhelias]

I still have it on 3.0.0 and even on master : https://github.com/dunglas/symfony-docker/actions/runs/3765268860/jobs/6400565741

[DracoBlue]

You need to set output-file to /dev/stdout.

I added a PR for this at https://github.com/hadolint/hadolint-action/pull/71

[humphd]

Setting v3.0.0 up tonight, and it fails like many people are mentioning above, unless I explicitly include failure-threshold: error:

    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Run Hadolint on Dockerfile
        uses: hadolint/[email protected]
        with:
          dockerfile: Dockerfile
          # it will fail with no error if I omit this...
          failure-threshold: error

[DracoBlue]

@humphd please use 3.1.0 and the error messages should be visible

[DracoBlue]

I created a PR at https://github.com/hadolint/hadolint-action/pull/75 to ensure people are not copying v3.0.0 from the README.md

[humphd]

@DracoBlue that's excellent, thank you for the info and fixing the README. Appreciated.