问题描述

如果Dockerfile写入错误，例如：

If a Dockerfile is written with mistakes for example:

CMD [ service， --config， / etc / service.conf] （缺少报价）

是否有一种方法可以使它掉毛以便在构建之前检测出此类错误？

Is there a way to lint it to detect such mistake before building?

推荐答案

尝试：

• 要么，也。 hadolint 将Dockerfile解析为AST，并基于。它还使用以便在 RUN 命令中添加Bash代码。


• 或（基于node.js）。

• Either the Haskell Dockerfile Linter ("hadolint"), also available online. hadolint parses the Dockerfile into an AST and performs checking and validation based on best practice Docker images rules. It also uses Shellcheck to lint the Bash code on RUN commands.
• Or dockerlinter (node.js-based).

我使用 RUN ， ADD ， ENV 和 CMD 。 dockerlinter 对于将相同的违反规则分组在一起很聪明，但是它无法像 hadolinter 那样彻底地进行检查。由于缺少 Shellcheck 来静态分析Bash代码。

I've performed a simple test against of a simple Docker file with RUN, ADD, ENV and CMD. dockerlinter was smart about grouping the same violation of rules together but it was not able to inspect as thorough as hadolinter possibly due to the lack of Shellcheck to statically analyze the Bash code.

尽管 dockerlinter 在它可以覆盖的范围内不够，它似乎安装起来容易得多。 npm install -g dockerlinter 可以完成，而编译 hadolinter 则需要Haskell编译器和需要永久编译的构建环境。

Although dockerlinter falls short in the scope it can lint, it does seem to be much easier to install. npm install -g dockerlinter will do, while compiling hadolinter requires a Haskell compiler and build environment that takes forever to compile.

$ hadolint ./api/Dockerfile
L9 SC2046 Quote this to prevent word splitting.
L11 SC2046 Quote this to prevent word splitting.
L8 DL3020 Use COPY instead of ADD for files and folders
L10 DL3020 Use COPY instead of ADD for files and folders
L13 DL3020 Use COPY instead of ADD for files and folders
L18 DL3020 Use COPY instead of ADD for files and folders
L21 DL3020 Use COPY instead of ADD for files and folders
L6 DL3008 Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
L6 DL3009 Delete the apt-get lists after installing something
L6 DL3015 Avoid additional packages by specifying `--no-install-recommends`

$ dockerlint ./api/Dockerfile
WARN:  ADD instruction used instead of COPY on line 8, 10, 13, 18, 21
ERROR: ./api/Dockerfile failed.

2018年更新。由于 hadolint 现在拥有正式的Docker存储库，因此您可以快速获取可执行文件：

Update in 2018. Since hadolint has the official Docker repository now, you can get the executable quickly:

id=$(docker create hadolint/hadolint:latest)
docker cp "$id":/bin/hadolint .
docker rm "$id"

这是静态编译的可执行文件（根据 ldd hadolint ），因此无论安装了什么库，它都应该运行。有关如何构建可执行文件的参考：。

This is a statically compiled executable (according to ldd hadolint), so it should run regardless of installed libraries. A reference on how the executable is built: https://github.com/hadolint/hadolint/blob/master/docker/Dockerfile.