Description
- This is a bug report
- This is a feature request
- I searched existing issues before opening this one
Expected behavior
Hadolint will exit with code 0 if run against a valid Dockerfile.
Actual behavior
Hadolint rarely exits with code 127 on a Dockerfile that should pass.
This is reproducible on Mac and Linux and can be tested with the below dockerfile. Since this bug seems non-deterministic, the value of 1000 is chosen to sufficiently increase the probability that the run will fail.
We use parallel to speed up running hadolint 1000 times. This has been seen on CI/CD infrequently, which is why this issue is being raised.
Steps to reproduce the behavior
Bash
$ mkdir hadolint-stress && cd hadolint-stress
$ touch Dockerfile # copy dockerfile below into here
$ docker build -t hadolint-stress .
$ docker run hadolint-stress # should exit with 127 most of the timeDockerfile
FROM ubuntu:focal
RUN apt-get update && apt-get install --no-install-recommends -y \
wget=1.20.3-1ubuntu1 \
ca-certificates=20190110ubuntu1.1 \
parallel=20161222-1.1 \
&& rm -rf /var/lib/apt/lists
RUN wget -q https://github.com/hadolint/hadolint/releases/download/v1.18.0/hadolint-Linux-x86_64 -O hadolint \
&& chmod +x hadolint
COPY ./Dockerfile ./Dockerfile
# hadolint ignore=SC2039
CMD [ "/bin/bash", "-c", "parallel -N0 --halt now,fail=1 ./hadolint ./Dockerfile ::: {1..1000}; echo $?" ]If the value of 1000 is reduced to 100, a majority of the runs pass:
$ docker run hadolint-stress
0
$ docker run hadolint-stress
0
$ docker run hadolint-stress
0
$ docker run hadolint-stress
0
$ docker run hadolint-stress
0
$ docker run hadolint-stress
parallel: This job failed:
./hadolint ./Dockerfile
127Output of hadolint --version or
docker run --rm hadolint/hadolint hadolint --version: Haskell Dockerfile Linter v1.18.0-0-g76eee5c (seen in 1.17 as well)
Additional environment details (OS, stack version, etc.) MacOS & Linux