Linter and validator for Dockerfile

![Coverage Status](https://coveralls.io/github/replicatedhq/dockerfilelint?branch=master)
![Build Status](https://travis-ci.org/replicatedhq/dockerfilelint)

dockerfilelint is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.

Installation

Global installation with npm package manager.

``shell npm install -g dockerfilelint`

`Testing`


Start unit tests with

npm test, yarn run test, or docker-compose -f docker-compose.test.yml up


Running
#### From the command line:

`shell ./bin/dockerfilelint`

#### Command Line options

`shell Usage: dockerfilelint [files | content..] [options]

Options: -o, --output Specify the format to use for output of linting results. Valid values arejson or cli(default). [string] -j, --json Output linting results as JSON, equivalent to-o json. [boolean] -v, --version Show version number [boolean] -h, --help Show help [boolean]

Examples: dockerfilelint Dockerfile Lint a Dockerfile in the current working directory

dockerfilelint test/example/* -j Lint all files in the test/example directory and output results in JSON

dockerfilelint 'FROM latest' Lint the contents given as a string on the command line

dockerfilelint < Dockerfile Lint the contents of Dockerfile via stdin`

#### Configuring

You can configure the linter by creating a .dockerfilelintrcwith the following syntax:`yaml rules: uppercase_commands: off`

The keys for the rules can be any file in the /lib/reference.js file. At this time, it's only possible to disable rules. They are all enabled by default.

The following rules are supported:`required_params uppercase_commands from_first invalid_line sudo_usage apt-get_missing_param apt-get_recommends apt-get-upgrade apt-get-dist-upgrade apt-get-update_require_install apkadd-missing_nocache_or_updaterm apkadd-missing-virtual invalid_port invalid_command expose_host_port label_invalid missing_tag latest_tag extra_args missing_args add_src_invalid add_dest_invalid invalid_workdir invalid_format apt-get_missing_rm deprecated_in_1.13`

#### From a Docker container

(Replace the pwd/Dockerfile with the path to your local Dockerfile)`shell docker run -vpwd/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile`

#### Online

If you don't want to install this locally you can try it out on https://fromlatest.io.

`Checks performed`

`$3`

- [x] This should be the first command in the Dockerfile - [x] Base image should specify a tag - [x] Base image should not use latest tag - [x] SupportFROM scratchwithout a tag - [x] Support theFROM @syntax - [ ] Allow config to specify "allowed" base layers

`$3`

- [x] Should be followed by exactly 1 parameter (@ sign)

`$3`

- [x] sudo is not included in the command - [x] apt-get [install | upgrade | remove] should include a -y flag - [x] apt-get install commands should include a--no-install-recommendsflag - [x] apt-get install commands should be paired with arm -rf /var/lib/apt/lists/*in the same layer - [x] Avoid runningapt-get upgrade or apt-get dist-upgrade- [x] Never runapt-get update without apt-get installon the same line - [x] apk add commands should include a--no-cache flag or be paired with an --update flag with rm -rf /var/cache/apk/*in the same layer - [x] apk add support for --virtual flag - [ ] handle best practices for yum operations and cleanup

`$3`

- [x] Only a single CMDlayer is allowed - [ ] Better handling of escaped quotes - [ ] Detect exec format with expected variable substitution

`$3`

- [x] Format should be key=value

`$3`

- [x] Only the container port should be listed - [ ] All ports should be exposed in a single cache layer (line) - [ ] The same port number should not be exposed multiple times - [x] Exposed ports should be numeric and in the accepted range

`$3`

- [x] Format of ENV- [ ] Best practice of only using a singleENV line to reduce cache layer count

`$3`

- [x] Command should have at least 2 parameters - [x] Source command(s) cannot be absolute or relative paths that exist outside of the current build context - [x] Commands with wildcards or multiple sources require that destination is a directory, not a file - [ ] If anADD command could be a COPY, then COPYis preferred - [ ] UsingADD to fetch remote files is discouraged because they cannot be removed from the layer

`$3`

- [ ] Implement checking (similar to ADD) - [ ] Do notCOPY multiple files on a single command to best use cache

`$3`

- [ ] Support

`$3`

- [ ] Format - [ ] Any build steps after VOLUME is declare should not change VOLUME contents - [ ] If JSON format, double quotes are required

`$3`

- [x] Should be followed by exactly 1 parameter

`$3`

- [x] Validate that it has exactly 1 parameter - [x]WORKDIR can only expand variables previously set in ENV commands

`$3`

- [ ] Support - [ ] Prevent redefining the built in ARGs (proxy)

`$3`

- [ ] Support

`$3`

- [ ] Validate input - [ ] Only present one time

`$3`


- [x] No additional parameters when only parameter is

NONE


- [x] Options before

CMD

 are valid
- [x] Options before

CMD` have additional arguments

$3

- [x] Only valid Dockerfile commands are present
- [x] All commands should have at least 1 parameter
- [x] Check that commands are written as upper case commands

Linter and validator for Dockerfile

![Coverage Status](https://coveralls.io/github/replicatedhq/dockerfilelint?branch=master)
![Build Status](https://travis-ci.org/replicatedhq/dockerfilelint)

dockerfilelint is an node module that analyzes a Dockerfile and looks for common traps, mistakes and helps enforce best practices.

Installation

Global installation with npm package manager.

``shell npm install -g dockerfilelint`

`Testing`


Start unit tests with

npm test, yarn run test, or docker-compose -f docker-compose.test.yml up


Running
#### From the command line:

`shell ./bin/dockerfilelint`

#### Command Line options

`shell Usage: dockerfilelint [files | content..] [options]

Examples: dockerfilelint Dockerfile Lint a Dockerfile in the current working directory

dockerfilelint test/example/* -j Lint all files in the test/example directory and output results in JSON

dockerfilelint 'FROM latest' Lint the contents given as a string on the command line

dockerfilelint < Dockerfile Lint the contents of Dockerfile via stdin`

#### Configuring

You can configure the linter by creating a .dockerfilelintrcwith the following syntax:`yaml rules: uppercase_commands: off`

The keys for the rules can be any file in the /lib/reference.js file. At this time, it's only possible to disable rules. They are all enabled by default.

#### From a Docker container

(Replace the pwd/Dockerfile with the path to your local Dockerfile)`shell docker run -vpwd/Dockerfile:/Dockerfile replicated/dockerfilelint /Dockerfile`

#### Online

If you don't want to install this locally you can try it out on https://fromlatest.io.

`Checks performed`

`$3`

- [x] Should be followed by exactly 1 parameter (@ sign)

`$3`

- [x] Only a single CMDlayer is allowed - [ ] Better handling of escaped quotes - [ ] Detect exec format with expected variable substitution

`$3`

- [x] Format should be key=value

`$3`

- [x] Format of ENV- [ ] Best practice of only using a singleENV line to reduce cache layer count

`$3`

- [ ] Implement checking (similar to ADD) - [ ] Do notCOPY multiple files on a single command to best use cache

`$3`

- [ ] Support

`$3`

- [ ] Format - [ ] Any build steps after VOLUME is declare should not change VOLUME contents - [ ] If JSON format, double quotes are required

`$3`

- [x] Should be followed by exactly 1 parameter

`$3`

- [x] Validate that it has exactly 1 parameter - [x]WORKDIR can only expand variables previously set in ENV commands

`$3`

- [ ] Support - [ ] Prevent redefining the built in ARGs (proxy)

`$3`

- [ ] Support

`$3`

- [ ] Validate input - [ ] Only present one time

`$3`


- [x] No additional parameters when only parameter is

NONE


- [x] Options before

CMD

 are valid
- [x] Options before

CMD` have additional arguments

$3

- [x] Only valid Dockerfile commands are present
- [x] All commands should have at least 1 parameter
- [x] Check that commands are written as upper case commands