Exit code reference
How --fail-level affects exit code 1
By default, tally exits with code 1 when any violation at style severity or above is found. Use --fail-level to raise or lower that threshold:
error, warning, info, style (default), none.
Orchestrator entrypoints
Bake and Compose entrypoints use the same exit-code family, with two differences from directory discovery:- A valid Bake or Compose file with no lintable targets or services exits
0, not3. - Invalid target/service selection, unsupported inline Dockerfiles, profile-gated build services, multi-file Bake setups, and invalid flag
combinations exit
2.
Script examples
Basic check
Handling each exit code
Distinguish “nothing to lint” from real errors
Exit code3 lets you detect a missing or empty path separately from a configuration error (code 2):
Detect syntax errors before linting
CI: fail only on errors
CI/CD tips
- Use
--fail-level errorto allow warnings without blocking the build. - Use
--fail-level nonewhen uploading SARIF so the upload step always runs even when violations exist. - Exit code
3distinguishes “the path was wrong” from “the config is broken” (code2), useful in matrix CI jobs where not every service has a Dockerfile. - Exit code
4indicates the Dockerfile itself is malformed — fix those before addressing lint violations.