![]() Use the -no-cache switch to avoid the need to use -update and remove /var/cache/apk/* when done installing packages. Use ADD for extracting archives into an image.Īvoid additional packages by specifying -no-install-recommends. Pin the version explicitly to a release tag.ĭelete the apt-get lists after installing something. ![]() Using latest is prone to errors if the image will ever update. Use a tool like gosu to enforce root.Īlways tag the version of an image explicitly. Please refrain from using inline ignore pragmas # hadolint ignore=DLxxxx.įor some bash commands it makes no sense running them in a Docker container like ssh, vim, shutdown, service, ps, free, top, kill, mount, ifconfig.ĭo not use sudo as it leads to unpredictable behavior. Please create an issue if you have an idea for a good rule. Rules with the SC prefix are from ShellCheck (only the mostĬommon rules are listed, there are dozens more). Rules.hs to find the implementation of the rules. Rules with the prefix DL are from hadolint. Or into your editor, or as a pre-commit hook, to lint your Dockerfile as youĪn incomplete list of implemented rules. To get most of hadolint, it is useful to integrate it as a check in your CI Uses, so that Hadolint can automatically ignore all shell-specific rules. Images) a special pragma hadolint shell can specify which shell the base image When using base images with non-posix shells as default (e.g. HADOLINT_REQUIRE_LABELS=maintainer:text # comma separated list of label schema items Non-Posix Shells HADOLINT_TRUSTED_REGISTRIES=docker.io # comma separated list of registry urls HADOLINT_DISABLE_IGNORE_PRAGMA=1 # Truthy value e.g. HADOLINT_STRICT_LABELS=1 # Truthy value e.g. HADOLINT_IGNORE=D元010,D元020 # comma separated list of rule codes HADOLINT_OVERRIDE_STYLE=D元010,D元020 # comma separated list of rule codes HADOLINT_OVERRIDE_INFO=D元010,D元020 # comma separated list of rule codes HADOLINT_OVERRIDE_WARNING=D元010,D元020 # comma separated list of rule codes HADOLINT_OVERRIDE_ERROR=D元010,D元020 # comma separated list of rule codes HADOLINT_FAILURE_THRESHOLD=info # threshold level (error | warning | info | style | ignore | none) HADOLINT_FORMAT=json # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy | sarif ) The configuration file should be in yaml format. Hadolint supports specifying the ignored rules using a configurationįile. ![]() Config files can have either yaml or yml extensions.įailure-threshold: string # name of threshold level (error | warning | info | style | ignore | none) format: string # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy) ignored: # list of rules label-schema: # See Linting Labels below for specific label-schema details author: string # Your name contact: string # email address created: timestamp # rfc3339 datetime version: string # semver documentation: string # url git-revision: string # hash license: string # spdx no-color: boolean # true | false no-fail: boolean # true | false override:Įrror: # list of rules warning: # list of rules info: # list of rules style: # list of rules strict-labels: boolean # true | false disable-ignore-pragma: boolean # true | false trustedRegistries: string | # registry or list of registries In windows, the %LOCALAPPDATA% environment variable is used instead of $HOME/.hadolint/hadolint.yaml or $HOME/hadolint/config.yaml.Platform specific equivalents in this order and uses the first one exclusively: Hadolint looks for configuration files in the following locations or their Severity equal to or above THRESHOLD are violated.Īccepted values: [error | warning | info | style |Ĭonfiguration files can be used globally or per project. disable-ignore-pragma Disable inline ignore pragmas `# hadolintĮxit with failure code only when rules with a strict-labels Do not permit labels other than specified in Hadolint check that the label `label` conforms to The option -require-label=label:format makes docker.io)Ī docker registry to allow to appear in FROM style RULECODE Make the rule `RULECODE` have the level `style` info RULECODE Make the rule `RULECODE` have the level `info` warning RULECODE Make the rule `RULECODE` have the level `warning` error RULECODE Make the rule `RULECODE` have the level `error` f,-format ARG The output format for the results (default: tty) V,-verbose Enables verbose logging of hadolint's output to no-fail Don't exit with a failure status code when any rule Useful when running Hadolint with Docker to set the This only applies for the 'checkstyle' format and is The file path referenced in the generated report. c,-config FILENAME Path to the configuration file Lint Dockerfile for errors and best practices Hadolint - Dockerfile Linter written in Haskell
0 Comments
Leave a Reply. |