fix ghcr.io/ and docker.io Docker images are not allowed at `imag…

…e` in action.yml (Fix #428)
rhysd · May 25, 2024 · 10e833c · 10e833c
1 parent c33463f
commit 10e833c
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 1 deletion.
diff --git a/rule_action.go b/rule_action.go
@@ -284,6 +284,13 @@ var BrandingIcons = map[string]struct{}{
 	"zoom-out":           {},
 }
 
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsimage
+func isImageOnDockerRegistry(image string) bool {
+	return strings.HasPrefix(image, "docker://") ||
+		strings.HasPrefix(image, "ghcr.io/") ||
+		strings.HasPrefix(image, "docker.io/")
+}
+
 // RuleAction is a rule to check running action in steps of jobs.
 // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses
 type RuleAction struct {
@@ -423,7 +430,7 @@ func (rule *RuleAction) checkRunsFileExists(file, dir, prop, name string, pos *P
 func (rule *RuleAction) checkLocalDockerActionRuns(r *ActionMetadataRuns, dir, name string, pos *Pos) {
 	if r.Image == "" {
 		rule.missingRunsProp(pos, "image", "Docker", name, dir)
-	} else if !strings.HasPrefix(r.Image, "docker://") {
+	} else if !isImageOnDockerRegistry(r.Image) {
 		rule.checkRunsFileExists(r.Image, dir, "image", name, pos)
 		if filepath.Base(filepath.FromSlash(r.Image)) != "Dockerfile" {
 			rule.Errorf(pos, `the local file %q referenced from "image" key must be named "Dockerfile" in %q action. the action is defined at %q`, r.Image, name, dir)

diff --git a/testdata/projects/local_docker_action/ok_docker_docker.io/action.yaml b/testdata/projects/local_docker_action/ok_docker_docker.io/action.yaml
@@ -0,0 +1,7 @@
+name: 'Docker action'
+author: 'rhysd <https://rhysd.github.io>'
+description: 'Correct Docker action'
+
+runs:
+  using: 'docker'
+  image: 'docker.io/rhysd/actionlint:latest'
diff --git a/testdata/projects/local_docker_action/ok_docker_ghcr.io/action.yaml b/testdata/projects/local_docker_action/ok_docker_ghcr.io/action.yaml
@@ -0,0 +1,7 @@
+name: 'Docker action'
+author: 'rhysd <https://rhysd.github.io>'
+description: 'Correct Docker action'
+
+runs:
+  using: 'docker'
+  image: 'ghcr.io/rhysd/actionlint:latest'
diff --git a/testdata/projects/local_docker_action/workflows/test.yaml b/testdata/projects/local_docker_action/workflows/test.yaml
@@ -12,3 +12,5 @@ jobs:
       - uses: ./missing_files
       - uses: ./ok_dockerfile_subdir
       - uses: ./invalid_dockerfile
+      - uses: ./ok_docker_ghcr.io
+      - uses: ./ok_docker_docker.io