Is there a way to lint the Dockerfile?

docker dockerfile
17,951

Solution 1

Try:

I've performed a simple test against of a simple Docker file with RUN, ADD, ENV and CMD. dockerlinter was smart about grouping the same violation of rules together but it was not able to inspect as thorough as hadolinter possibly due to the lack of Shellcheck to statically analyze the Bash code.

Although dockerlinter falls short in the scope it can lint, it does seem to be much easier to install. npm install -g dockerlinter will do, while compiling hadolinter requires a Haskell compiler and build environment that takes forever to compile.

$ hadolint ./api/Dockerfile
L9 SC2046 Quote this to prevent word splitting.
L11 SC2046 Quote this to prevent word splitting.
L8 DL3020 Use COPY instead of ADD for files and folders
L10 DL3020 Use COPY instead of ADD for files and folders
L13 DL3020 Use COPY instead of ADD for files and folders
L18 DL3020 Use COPY instead of ADD for files and folders
L21 DL3020 Use COPY instead of ADD for files and folders
L6 DL3008 Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
L6 DL3009 Delete the apt-get lists after installing something
L6 DL3015 Avoid additional packages by specifying `--no-install-recommends`

$ dockerlint ./api/Dockerfile
WARN:  ADD instruction used instead of COPY on line 8, 10, 13, 18, 21
ERROR: ./api/Dockerfile failed.

Update in 2018. Since hadolint has the official Docker repository now, you can get the executable quickly:

id=$(docker create hadolint/hadolint:latest)
docker cp "$id":/bin/hadolint .
docker rm "$id"

This is a statically compiled executable (according to ldd hadolint), so it should run regardless of installed libraries. A reference on how the executable is built: https://github.com/hadolint/hadolint/blob/master/docker/Dockerfile.

Solution 2

If you have a RedHat subscription, you can access the "Linter for Dockerfile" application directly at https://access.redhat.com/labs/linterfordockerfile/; information about the application is located at https://access.redhat.com/labsinfo/linterfordockerfile

This Node.js application is also available on GitHub https://github.com/redhataccess/dockerfile_lint if you prefer to run it locally.

Solution 3

I use very successfully in my CI pipeline npm's dockerfile_lint. You can add or extend rules. Using the package.json you can create different configs for the different jobs. There are both

Docker CLI

docker run -it --rm --privileged -v `pwd`:/root/ \
         projectatomic/dockerfile-lint \
         dockerfile_lint [-f Dockerfile]

docker run -it --rm --privileged -v `pwd`:/root/  \
         -v /var/run/docker.sock:/var/run/docker.sock \
         projectatomic/dockerfile-lint \       
         dockerfile_lint  image <imageid>

and Atomic CLI available

 atomic run projectatomic/dockerfile-lint

 atomic run projectatomic/dockerfile-lint image <imageid>

Also you can lint your images for tagging.

Solution 4

I created dockerfile-validator as an extension for VS Code, which uses the dockerfile-lint mentioned in a previous answer. By default it uses dockerfile-lint default rules, but in VS code User Settings (dockerfile-validator.rulefile.path) you can specify a path to a custom rule file with your own coding standards.

Share:
17,951

Related videos on Youtube

eloone
Author by

eloone

A living consciousness in this brilliant Universe. Also Software Engineer. Currently: Javascript and Java.

Updated on August 29, 2022

Comments

  • eloone
    eloone over 1 year

    If a Dockerfile is written with mistakes for example:

    CMD ["service", "--config", "/etc/service.conf] (missing quote)

    Is there a way to lint it to detect such mistake before building?

  • Devy
    Devy about 8 years
    @LuísBianchin Yes, it's made available by the same author - as long as you trust pasting your Dockerfile to a 3rd party, sure.
  • The Godfather
    The Godfather over 4 years
    @Devy why wouldn't you trust it? Do you store secrets inside Dockerfile itself?
  • nekketsuuu
    nekketsuuu about 4 years
    You can download hadolint executables from its release page. On macOS, hadolint also can be installed using Homebrew: brew install hadolint

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

dockerize a wpf application and use it
Specify "privileged" container mode in dockerfile?
Docker swarm: 'build' configuration in docker compose file ignored during stack deployment
Dockerfile: Is there any way to read variables from .env file
Reloading code in a dockerized node.js app with docker-compose
How to resolve "Cannot retrieve .Id from docker" when building Docker image using Jenkins pipeline
AWS credentials during Docker build process
how to correctly use system user in docker container
\Dockerfile: The system cannot find the file specified
Docker-compose.yml file that builds a base image, then children based on it?