[Snyk] Security upgrade alpine from 3.18.6 to 3 #25

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.
	# hadoint is a Dockerfile linter written in Haskell
	# that helps you build best practice Docker images.
	# More details at https://github.com/hadolint/hadolint

	name: Hadolint

	on:
	push:
	branches: [ "main" ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ "main" ]
	schedule:
	- cron: '17 22 * * 6'

	permissions:
	contents: read

	jobs:
	list-dockerfiles:
	runs-on: ubuntu-latest
	outputs:
	file: ${{ steps.set-files.outputs.file }}
	steps:
	- uses: actions/checkout@v3
	- id: set-files
	run: echo "$(find . -iname dockerfile)" >> $GITHUB_OUTPUT
	hadolint:
	name: Run hadolint scanning
	needs: list-dockerfiles
	runs-on: ubuntu-latest
	strategy:
	matrix:
	file: ${{ fromJson(needs.list-dockerfiles.outputs.file) }}
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	steps:
	- name: Run hadolint
	uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
	with:
	dockerfile: ${{ matrix.file }}
	format: sarif
	output-file: hadolint-results.sarif
	no-fail: true

	- name: Upload analysis results to GitHub
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: hadolint-results.sarif
	wait-for-processing: true

Provide feedback