An opinionated Dockerfile linter.
dockerfilelint
is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.
Global installation with npm package manager.
npm install -g dockerfilelint
Start unit tests with npm test
, yarn run test
, or docker-compose -f docker-compose.test.yml up
./bin/dockerfilelint <path/to/Dockerfile>
Usage: dockerfilelint [files | content..] [options]
Options:
-o, --output Specify the format to use for output of linting results. Valid values
are `json` or `cli` (default). [string]
-j, --json Output linting results as JSON, equivalent to `-o json`. [boolean]
-v, --version Show version number [boolean]
-h, --help Show help [boolean]
Examples:
dockerfilelint Dockerfile Lint a Dockerfile in the current working
directory
dockerfilelint test/example/* -j Lint all files in the test/example directory and
output results in JSON
dockerfilelint 'FROM latest' Lint the contents given as a string on the
command line
dockerfilelint < Dockerfile Lint the contents of Dockerfile via stdin
You can configure the linter by creating a .dockerfilelintrc
with the following syntax:
rules:
uppercase_commands: off
The keys for the rules can be any file in the /lib/reference.js file. At this time, it's only possible to disable rules. They are all enabled by default.
The following rules are supported:
required_params
uppercase_commands
from_first
invalid_line
sudo_usage
apt-get_missing_param
apt-get_recommends
apt-get-upgrade
apt-get-dist-upgrade
apt-get-update_require_install
apkadd-missing_nocache_or_updaterm
apkadd-missing-virtual
invalid_port
invalid_command
expose_host_port
label_invalid
missing_tag
latest_tag
extra_args
missing_args
add_src_invalid
add_dest_invalid
invalid_workdir
invalid_format
apt-get_missing_rm
deprecated_in_1.13
(Replace the pwd
/Dockerfile with the path to your local Dockerfile)
docker run -v `pwd`/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile
If you don't want to install this locally you can try it out on https://fromlatest.io.
FROM
FROM scratch
without a tagFROM <image>@<digest>
syntaxMAINTAINER
RUN
--no-install-recommends
flagrm -rf /var/lib/apt/lists/*
in the same layerapt-get upgrade
or apt-get dist-upgrade
apt-get update
without apt-get install
on the same line--no-cache
flag or be paired with an --update
flag with rm -rf /var/cache/apk/*
in the same layerCMD
CMD
layer is allowedLABEL
EXPOSE
ENV
ENV
ENV
line to reduce cache layer countADD
ADD
command could be a COPY
, then COPY
is preferredADD
to fetch remote files is discouraged because they cannot be removed from the layerCOPY
COPY
multiple files on a single command to best use cacheENTRYPOINT
VOLUME
USER
WORKDIR
WORKDIR
can only expand variables previously set in ENV
commandsARG
ONBUILD
STOPSIGNAL
HEALTHCHECK
NONE
CMD
are validCMD
have additional arguments