dockerfilelint is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.
Global installation with npm package manager.
npm install -g dockerfilelint
Start unit tests with
npm test,
yarn run test, or
docker-compose -f docker-compose.test.yml up
./bin/dockerfilelint <path/to/Dockerfile>
Usage: dockerfilelint [files | content..] [options]
Options:
-o, --output Specify the format to use for output of linting results. Valid values
are `json` or `cli` (default). [string]
-j, --json Output linting results as JSON, equivalent to `-o json`. [boolean]
-v, --version Show version number [boolean]
-h, --help Show help [boolean]
Examples:
dockerfilelint Dockerfile Lint a Dockerfile in the current working
directory
dockerfilelint test/example/* -j Lint all files in the test/example directory and
output results in JSON
dockerfilelint 'FROM latest' Lint the contents given as a string on the
command line
dockerfilelint < Dockerfile Lint the contents of Dockerfile via stdin
You can configure the linter by creating a
.dockerfilelintrc with the following syntax:
rules:
uppercase_commands: off
The keys for the rules can be any file in the /lib/reference.js file. At this time, it's only possible to disable rules. They are all enabled by default.
The following rules are supported:
required_params
uppercase_commands
from_first
invalid_line
sudo_usage
apt-get_missing_param
apt-get_recommends
apt-get-upgrade
apt-get-dist-upgrade
apt-get-update_require_install
apkadd-missing_nocache_or_updaterm
apkadd-missing-virtual
invalid_port
invalid_command
expose_host_port
label_invalid
missing_tag
latest_tag
extra_args
missing_args
add_src_invalid
add_dest_invalid
invalid_workdir
invalid_format
apt-get_missing_rm
deprecated_in_1.13
(Replace the
pwd/Dockerfile with the path to your local Dockerfile)
docker run -v `pwd`/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile
If you don't want to install this locally you can try it out on https://fromlatest.io.
FROM
FROM scratch without a tag
FROM <image>@<digest> syntax
MAINTAINER
RUN
--no-install-recommends flag
rm -rf /var/lib/apt/lists/* in the same layer
apt-get upgrade or
apt-get dist-upgrade
apt-get update without
apt-get install on the same line
--no-cache flag or be paired with an
--update flag with
rm -rf /var/cache/apk/* in the same layer
CMD
CMD layer is allowed
LABEL
EXPOSE
ENV
ENV
ENV line to reduce cache layer count
ADD
ADD command could be a
COPY, then
COPY is preferred
ADD to fetch remote files is discouraged because they cannot be removed from the layer
COPY
COPY multiple files on a single command to best use cache
ENTRYPOINT
VOLUME
USER
WORKDIR
WORKDIR can only expand variables previously set in
ENV commands
ARG
ONBUILD
STOPSIGNAL
HEALTHCHECK
NONE
CMD are valid
CMD have additional arguments