Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't fail builds if hadolint logs something on the "info" level #612

Open
NotMyFault opened this issue Mar 6, 2023 · 5 comments
Open

Don't fail builds if hadolint logs something on the "info" level #612

NotMyFault opened this issue Mar 6, 2023 · 5 comments

Comments

@NotMyFault
Copy link
Member

It's useful that the build fails if hadolint finds something on the "warning" level or more severe, but general items emitted on the "info" level cause the build to fail too, isn't that a bit too strict?
@lemeurherve
Copy link
Member

general items emitted on the "info" level cause the build to fail too

@NotMyFault do you happen to have the link of a build where it occurred?

@timja
Copy link
Member

timja commented Mar 7, 2023

I assume this jenkinsci/acceptance-test-harness#1048

@NotMyFault
Copy link
Member Author

general items emitted on the "info" level cause the build to fail too

@NotMyFault do you happen to have the link of a build where it occurred?

https://github.com/jenkinsci/acceptance-test-harness/pull/1048/files#diff-59086a3e54e38095246aa3a051f9020274dbf005b4652a7808cd4c6c239c536eR36 suppress DL3015, which is only an info.

@dduportal
Copy link
Contributor

Curious: is there any reason preventing to ignore rules (since it's means the same as not failing for an INFO) ?

@dduportal
Copy link
Contributor

I personnaly am not in favor of this issue (only 1 opinion that should not be considered source of truth, but more food for thoughts): most of the hadolint rules are good things to make the Dockerfile sustainable to maintain and keep up to date.
Since there is the ability to ignore rules with an inline comment, everyone should be autonomous to fix their build until they got time to remove the ignore and fix the issue (or add a comment explaining "why" it is ignored" for helping futur-selves or futur maintainers).

But here are a few technical solutions to implement the requested behavior (if there is a consensus on this behavior, we'll be able to implement it an my opininion should not block or slow down at all):

  • As per https://github.com/hadolint/hadolint#cli, the command line hadolint has a --failure-threshold flag to determine the threshold before exiting on error (and thus failing the stage/build) => would require parameterization in the library + updating the Makefile
  • I don't know if the recordIssue() pipeline step, which collects the hadolint report (

    pipeline-library/vars/buildDockerAndPublishImage.groovy

    Line 131 in 16d2a86

    recordIssues(
    ) could be set up to only warn with info otherwise (less moving part since it's only about a pipeline result, not an hadolint CLI result)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dduportal @NotMyFault @timja @lemeurherve