Skip to content

bueller/dockerfilelint

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
bin
bin
 
 
lib
lib
 
 
test
test
 
 
.eslintrc
.eslintrc
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Linter and validator for Dockerfile

Coverage Status Build Status

Dockerfileint is an npm module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices:

Testing

Start unit tests with npm test

Running

From the command line:

./bin/dockerfilelint <path/to/Dockerfile>

Checks performed

FROM

  • This should be the first command in the Dockerfile
  • Base image should specify a tag
  • Base image should not use latest tag
  • Support FROM scratch without a tag
  • Support the FROM <image>@<digest> syntax
  • Allow config to specify "allowed" base layers

MAINTAINER

  • Should be followed by exactly 1 parameter (@ sign)

RUN

  • sudo is not included in the command
  • apt-get [install | upgrade | remove] should include a -y flag
  • apt-get install commands should include a --no-install-recommends flag
  • apt-get install commands should be paired with a rm -rf /var/lib/apt/lists/* in the same layer
  • Avoid running apt-get upgrade or apt-get dist-upgrade
  • Never run apt-get update without apt-get install on the same line
  • apk add commands should include a --no-cache flag or be paired with an --update flag with rm -rf /var/cache/apk/* in the same layer
  • apk add support for --virtual flag
  • handle best practices for yum operations and cleanup

CMD

  • Only a single CMD layer is allowed
  • Better handling of escaped quotes
  • Detect exec format with expected variable substitution

LABEL

  • Format should be key=value

EXPOSE

  • Only the container port should be listed
  • All ports should be exposed in a single cache layer (line)
  • The same port number should not be exposed multiple times
  • Exposed ports should be numeric and in the accepted range

ENV

  • Format of ENV
  • Best practice of only using a single ENV line to reduce cache layer count

ADD

  • Command should have at least 2 parameters
  • Source command(s) cannot be absolute or relative paths that exist outside of the current build context
  • Commands with wildcards or multiple sources require that destination is a directory, not a file
  • If an ADD command could be a COPY, then COPY is preferred
  • Using ADD to fetch remote files is discouraged because they cannot be removed from the layer

COPY

  • Implement checking (similar to ADD)
  • Do not COPY multiple files on a single command to best use cache

ENTRYPOINT

  • Support

VOLUME

  • Format
  • Any build steps after VOLUME is declare should not change VOLUME contents
  • If JSON format, double quotes are required

USER

  • Should be followed by exactly 1 parameter

WORKDIR

  • Validate that it has exactly 1 parameter
  • WORKDIR can only expand variables previously set in ENV commands

ARG

  • Support
  • Prevent redefining the built in ARGs (proxy)

ONBUILD

  • Support

STOPSIGNAL

  • Validate input
  • Only present one time

Misc

  • Only valid Dockerfile commands are present
  • All commands should have at least 1 parameter
  • Check that commands are written as upper case commands

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%