Skip to main content
tally uses distinct exit codes so scripts and CI pipelines can react to different outcomes with precision.

Exit code reference

How --fail-level affects exit code 1

By default, tally exits with code 1 when any violation at style severity or above is found. Use --fail-level to raise or lower that threshold:
Available levels from most to least severe: error, warning, info, style (default), none.

Orchestrator entrypoints

Bake and Compose entrypoints use the same exit-code family, with two differences from directory discovery:
  • A valid Bake or Compose file with no lintable targets or services exits 0, not 3.
  • Invalid target/service selection, unsupported inline Dockerfiles, profile-gated build services, multi-file Bake setups, and invalid flag combinations exit 2.
Examples:
See Build invocations for supported entrypoint behavior.

Script examples

Basic check

Handling each exit code

Distinguish “nothing to lint” from real errors

Exit code 3 lets you detect a missing or empty path separately from a configuration error (code 2):

Detect syntax errors before linting

CI: fail only on errors

CI/CD tips

  • Use --fail-level error to allow warnings without blocking the build.
  • Use --fail-level none when uploading SARIF so the upload step always runs even when violations exist.
  • Exit code 3 distinguishes “the path was wrong” from “the config is broken” (code 2), useful in matrix CI jobs where not every service has a Dockerfile.
  • Exit code 4 indicates the Dockerfile itself is malformed — fix those before addressing lint violations.
See CI/CD integration for complete pipeline examples.