vaultwarden/.github/workflows/hadolint.yml

name: Hadolint

on: [
      push,
      pull_request
    ]

jobs:
  hadolint:
    name: Validate Dockerfile syntax
    runs-on: ubuntu-24.04
    timeout-minutes: 30
    steps:
      # Checkout the repo
      - name: Checkout
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
      # End Checkout the repo

      # Start Docker Buildx
      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
        # https://github.com/moby/buildkit/issues/3969
        # Also set max parallelism to 2, the default of 4 breaks GitHub Actions and causes OOMKills
        with:
          buildkitd-config-inline: |
            [worker.oci]
              max-parallelism = 2
          driver-opts: |
            network=host

      # Download hadolint - https://github.com/hadolint/hadolint/releases
      - name: Download hadolint
        shell: bash
        run: |
          sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \
          sudo chmod +x /usr/local/bin/hadolint
        env:
          HADOLINT_VERSION: 2.12.0
      # End Download hadolint

      # Test Dockerfiles with hadolint
      - name: Run hadolint
        shell: bash
        run: hadolint docker/Dockerfile.{debian,alpine}
      # End Test Dockerfiles with hadolint

      # Test Dockerfiles with docker build checks
      - name: Run docker build check
        shell: bash
        run: |
          echo "Checking docker/Dockerfile.debian"
          docker build --check . -f docker/Dockerfile.debian
          echo "Checking docker/Dockerfile.alpine"
          docker build --check . -f docker/Dockerfile.alpine
      # End Test Dockerfiles with docker build checks