• Stars
    star
    990
  • Rank 46,251 (Top 1.0 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created almost 9 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An opinionated Dockerfile linter.

Linter and validator for Dockerfile

Coverage Status Build Status

dockerfilelint is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.

Installation

Global installation with npm package manager.

npm install -g dockerfilelint

Testing

Start unit tests with npm test, yarn run test, or docker-compose -f docker-compose.test.yml up

Running

From the command line:

./bin/dockerfilelint <path/to/Dockerfile>

Command Line options

Usage: dockerfilelint [files | content..] [options]

Options:
  -o, --output   Specify the format to use for output of linting results. Valid values
                 are `json` or `cli` (default).                               [string]
  -j, --json     Output linting results as JSON, equivalent to `-o json`.    [boolean]
  -v, --version  Show version number                                         [boolean]
  -h, --help     Show help                                                   [boolean]

Examples:
  dockerfilelint Dockerfile         Lint a Dockerfile in the current working
                                    directory

  dockerfilelint test/example/* -j  Lint all files in the test/example directory and
                                    output results in JSON

  dockerfilelint 'FROM latest'      Lint the contents given as a string on the
                                    command line

  dockerfilelint < Dockerfile       Lint the contents of Dockerfile via stdin

Configuring

You can configure the linter by creating a .dockerfilelintrc with the following syntax:

rules:
  uppercase_commands: off

The keys for the rules can be any file in the /lib/reference.js file. At this time, it's only possible to disable rules. They are all enabled by default.

The following rules are supported:

required_params
uppercase_commands
from_first
invalid_line
sudo_usage
apt-get_missing_param
apt-get_recommends
apt-get-upgrade
apt-get-dist-upgrade
apt-get-update_require_install
apkadd-missing_nocache_or_updaterm
apkadd-missing-virtual
invalid_port
invalid_command
expose_host_port
label_invalid
missing_tag
latest_tag
extra_args
missing_args
add_src_invalid
add_dest_invalid
invalid_workdir
invalid_format
apt-get_missing_rm
deprecated_in_1.13

From a Docker container

(Replace the pwd/Dockerfile with the path to your local Dockerfile)

docker run -v `pwd`/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile

Online

If you don't want to install this locally you can try it out on https://fromlatest.io.

Checks performed

FROM

  • This should be the first command in the Dockerfile
  • Base image should specify a tag
  • Base image should not use latest tag
  • Support FROM scratch without a tag
  • Support the FROM <image>@<digest> syntax
  • Allow config to specify "allowed" base layers

MAINTAINER

  • Should be followed by exactly 1 parameter (@ sign)

RUN

  • sudo is not included in the command
  • apt-get [install | upgrade | remove] should include a -y flag
  • apt-get install commands should include a --no-install-recommends flag
  • apt-get install commands should be paired with a rm -rf /var/lib/apt/lists/* in the same layer
  • Avoid running apt-get upgrade or apt-get dist-upgrade
  • Never run apt-get update without apt-get install on the same line
  • apk add commands should include a --no-cache flag or be paired with an --update flag with rm -rf /var/cache/apk/* in the same layer
  • apk add support for --virtual flag
  • handle best practices for yum operations and cleanup

CMD

  • Only a single CMD layer is allowed
  • Better handling of escaped quotes
  • Detect exec format with expected variable substitution

LABEL

  • Format should be key=value

EXPOSE

  • Only the container port should be listed
  • All ports should be exposed in a single cache layer (line)
  • The same port number should not be exposed multiple times
  • Exposed ports should be numeric and in the accepted range

ENV

  • Format of ENV
  • Best practice of only using a single ENV line to reduce cache layer count

ADD

  • Command should have at least 2 parameters
  • Source command(s) cannot be absolute or relative paths that exist outside of the current build context
  • Commands with wildcards or multiple sources require that destination is a directory, not a file
  • If an ADD command could be a COPY, then COPY is preferred
  • Using ADD to fetch remote files is discouraged because they cannot be removed from the layer

COPY

  • Implement checking (similar to ADD)
  • Do not COPY multiple files on a single command to best use cache

ENTRYPOINT

  • Support

VOLUME

  • Format
  • Any build steps after VOLUME is declare should not change VOLUME contents
  • If JSON format, double quotes are required

USER

  • Should be followed by exactly 1 parameter

WORKDIR

  • Validate that it has exactly 1 parameter
  • WORKDIR can only expand variables previously set in ENV commands

ARG

  • Support
  • Prevent redefining the built in ARGs (proxy)

ONBUILD

  • Support

STOPSIGNAL

  • Validate input
  • Only present one time

HEALTHCHECK

  • No additional parameters when only parameter is NONE
  • Options before CMD are valid
  • Options before CMD have additional arguments

Misc

  • Only valid Dockerfile commands are present
  • All commands should have at least 1 parameter
  • Check that commands are written as upper case commands

More Repositories

1

kots

KOTS provides the framework, tools and integrations that enable the delivery and management of 3rd-party Kubernetes applications, a.k.a. Kubernetes Off-The-Shelf (KOTS) Software.
Go
888
star
2

kURL

Production-grade, airgapped Kubernetes installer combining upstream k8s with overlays and popular components
Shell
737
star
3

ship

A better way to deploy Kubernetes Helm charts
Go
638
star
4

troubleshoot

Preflight Checks and Support Bundles Framework for Kubernetes Applications
Go
533
star
5

ttl.sh

An anonymous & ephemeral Docker image registry
TypeScript
461
star
6

outdated

Kubectl plugin to find and report outdated images running in a Kubernetes cluster
Go
422
star
7

kotsadm

Kotsadm has been merged into the KOTS repo
JavaScript
250
star
8

unfork

Kubectl plugin to find forked Helm Charts and other K8s resources and unfork them with Kustomize
Go
145
star
9

gatekeeper

Kubernetes Operator to manage Dynamic Admission Controllers using Open Policy Agent
Go
107
star
10

krew-plugin-template

GitHub Repository Template for creating new Kubectl plugins
Go
65
star
11

kubeflare

A Kubernetes Operator to manage Cloudflare settings via a declarative Kubernetes API
Go
56
star
12

pvmigrate

Go
54
star
13

hugo-algolia

Enables search with Algolia in Hugo static sites
JavaScript
47
star
14

sbctl

Go
40
star
15

replicated

A CLI to create, edit and promote releases in Replicated
Go
34
star
16

local-volume-provider

A Velero plugin for backup/restore directly to Kubernetes volumes.
Go
32
star
17

troubleshoot.sh

JavaScript
29
star
18

fromlatest.io

JavaScript
19
star
19

embedded-cluster

Go
18
star
20

replicated-field-labs

Defines the Replicated Platform Hands-On Labs powered by the Instruqt platform
Shell
16
star
21

studio

Streamline your Replicated Application development in 3 easy steps, or your money back!
TypeScript
14
star
22

kots-sentry

Makefile
14
star
23

kurl.sh

JavaScript
11
star
24

libyaml

Go
11
star
25

replicated-lint

YAML linting tools for Replicated applications
TypeScript
8
star
26

ekco

ekco: Embedded kURL Cluster Operator
Go
8
star
27

replicated-docs

Replicated Product Documentation
JavaScript
8
star
28

replicated-starter-ship

Starter repo for managing Ship Apps in GitHub
Makefile
8
star
29

k8s-secret-generator

Go
7
star
30

enterprise-gtm-starter

Go-to-market starter project for Replicated apps
Go
7
star
31

ips

Current list of Replicated public facing IP addresses
6
star
32

replicated-actions

TypeScript
6
star
33

kots-lint

Lint a KOTS application before deploying it
Go
6
star
34

kubectl-traceroute

A kubectl plugin to diagnose and debug why a service is not responding
Go
6
star
35

homebrew-ship

Homebrew Formulae to ship binaries, powered by @replicatedhq
Ruby
6
star
36

kots.io

Docs site for KOTS
SCSS
6
star
37

vendor-docs-starter

6
star
38

help-center

Replicated help center
HTML
4
star
39

replicated-sdk

Service that allows you to embed key Replicated features alongside your application.
Go
4
star
40

ansible

Shell
4
star
41

helm-charts

Smarty
4
star
42

replicated-installer

Shell
4
star
43

troubleshoot-specs

Python
4
star
44

replicated-ci-demo

Example repo showcasing how to use the Replicated APIs and tools to manage your Replicated application YAML using git
Makefile
3
star
45

repl-yaml-samples

Resource for Replicated sample YAML's and snippets
3
star
46

replicated-automation

Shell
3
star
47

replicated-starter-helm

3
star
48

kots-helm

Smarty
3
star
49

platform-examples

Large and small examples of Replicated Platform capabilities
Smarty
3
star
50

kotsapps

Mustache
3
star
51

ledismock

Go
3
star
52

cc-qa-automation

Coding Challenge: QA Automation Engineer
Go
3
star
53

replicated-starter-kubernetes

Starter repo for developing Kubernetes applications on Replicated
Makefile
3
star
54

docs

Replicated Documentation
CSS
3
star
55

terraform-kots-eks

HCL
3
star
56

kots-cicd-demo

3
star
57

action-kots-lint

Dockerfile
2
star
58

exfilter

C
2
star
59

replicated-preview

CoffeeScript
2
star
60

homebrew-replicated

Replicated Homebrew Tap
Ruby
2
star
61

kots-default-yaml

YAML files used for new KOTS projects
2
star
62

kgrid

Go
2
star
63

kubectl-grid

Go
2
star
64

replicated-starter-swarm

Starter repo for developing Docker Swarm applications on Replicated
Makefile
2
star
65

kurlkinds

Host of kurl's Kubernetes clients and types.
Go
2
star
66

terraform-provider-replicated

Go
2
star
67

codeclimate-dockerfile

A CodeClimate engine for Dockerfilelint
JavaScript
2
star
68

action-k3s

JavaScript
2
star
69

tslint-config-replicated

TypeScript
1
star
70

replicated-action

A GitHub Action to interact with the Replicated API
Dockerfile
1
star
71

action-kots-release

Dockerfile
1
star
72

crd-to-openapischema

Go
1
star
73

grafana-kube-demo

Makefile
1
star
74

action-okteto-test

JavaScript
1
star
75

community

1
star
76

troubleshoot-preview

Go
1
star
77

superbigtool-k8s

1
star
78

velero-exec-hooks-qa

Shell
1
star
79

kURL-testgrid

Testgrid is a an automation testing platform for kURL
Go
1
star
80

kots-idp-example-app

Go
1
star
81

replicated-scripts

Python
1
star
82

vendor-schemas

1
star
83

license-create-download-worker

TypeScript
1
star
84

kustomize-demo

JavaScript
1
star
85

embedded-cluster-operator

Go
1
star
86

terraform-provider-kURL

this repo will be used as terraform provisioning a customer kurl cluster based on their kurl installer config
HCL
1
star
87

kots2helm

Go
1
star
88

ship-starter-compose

Starter repo for developing Docker Compose / Swarm application on Ship
Makefile
1
star
89

dehydrated-docker

Makefile
1
star