hazza/docker-stacks
1
0
Fork 0
mirror of https://github.com/jupyter/docker-stacks.git synced 2025-10-10 11:32:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d16063e623f28d43ced68e557b834c0f03f06a5c
docker-stacks/docs/contributing/lint.md
Romain 5e6645d137 Ignore DL3006 and DL3008 by default
2020-06-01 06:23:44 +02:00

2.6 KiB
Raw Blame History

Image Lint

To comply with Docker best practices, we are using the Hadolint tool to analyse each Dockerfile .

Installation

There is a specific make target to install the linter. By default hadolint will be installed in ${HOME}/hadolint.

$ make lint-install

# Installing hadolint at /Users/romain/hadolint ...
# Installation done!
# Haskell Dockerfile Linter v1.17.6-0-gc918759

Lint

Per Stack

The linter can be run per stack.

$ make lint/scipy-notebook  

# Linting Dockerfiles in scipy-notebook...
# scipy-notebook/Dockerfile:4 DL3006 Always tag the version of an image explicitly
# scipy-notebook/Dockerfile:11 DL3008 Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
# scipy-notebook/Dockerfile:18 SC2086 Double quote to prevent globbing and word splitting.
# scipy-notebook/Dockerfile:68 SC2086 Double quote to prevent globbing and word splitting.
# scipy-notebook/Dockerfile:68 DL3003 Use WORKDIR to switch to a directory
# scipy-notebook/Dockerfile:79 SC2086 Double quote to prevent globbing and word splitting.
# make: *** [lint/scipy-notebook] Error 1

Optionally you can pass arguments to the linter.

# Use a different export format
$ make lint/scipy-notebook ARGS="--format codeclimate"

All the Stacks

The linter can be run against all the stacks.

$ make lint-all

Ignoring Rules

Sometimes it is necessary to ignore some rules. The following rules are ignored by default and sor for all images in the .hadolint.yaml file.

  • DL3006: We use a specific policy to manage image tags.
    • base-notebook FROM clause is fixed but based on an argument (ARG).
    • Building downstream images from (FROM) the latest is done on purpose.
  • DL3008: System packages are always updated (apt-get) to the latest version.

For other rules, the preferred way to do it is to flag ignored rules in the Dockerfile.

It is also possible to ignore rules by using a special comment directly above the Dockerfile instruction you want to make an exception for. Ignore rule comments look like # hadolint ignore=DL3001,SC1081. For example:


FROM ubuntu

# hadolint ignore=DL3003,SC1035
RUN cd /tmp && echo "hello!"