-
Notifications
You must be signed in to change notification settings - Fork 2
/
.hadolint.yaml
110 lines (110 loc) · 7.12 KB
/
.hadolint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
---
failure-threshold: info # name of threshold level (error | warning | info | style | ignore | none)
format: tty # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | codacy)
override:
error:
- DL3000 # Use absolute WORKDIR.
- DL3004 # Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root.
- DL3005 # Do not use apt-get dist-upgrade.
- DL3011 # Valid UNIX ports range from 0 to 65535.
- DL3012 # Multiple HEALTHCHECK instructions.
- DL3020 # Use COPY instead of ADD for files and folders.
- DL3021 # COPY with more than 2 arguments requires the last argument to end with /
- DL3023 # COPY --from cannot reference its own FROM alias
- DL3024 # FROM aliases (stage names) must be unique
- DL3026 # Use only an allowed registry in the FROM image
- DL3043 # ONBUILD, FROM or MAINTAINER triggered from within ONBUILD instruction.
- DL3044 # Do not refer to an environment variable within the same ENV statement where it is defined.
- DL4000 # MAINTAINER is deprecated.
- DL4004 # Multiple ENTRYPOINT instructions found.
warning:
- DL3002 # Last user should not be root.
- DL3003 # Use WORKDIR to switch to a directory.
- DL3006 # Always tag the version of an image explicitly.
- DL3007 # Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag.
- DL3008 # Pin versions in apt-get install.
- DL3013 # Pin versions in pip.
- DL3014 # Use the -y switch.
- DL3016 # Pin versions in npm.
- DL3018 # Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>.
- DL3022 # COPY --from should reference a previously defined FROM alias
- DL3025 # Use arguments JSON notation for CMD and ENTRYPOINT arguments
- DL3027 # Do not use apt as it is meant to be a end-user tool, use apt-get or apt-cache instead
- DL3028 # Pin versions in gem install. Instead of gem install <gem> use gem install <gem>:<version>
- DL3029 # Do not use --platform flag with FROM.
- DL3030 # Use the -y switch to avoid manual input yum install -y <package>
- DL3032 # yum clean all missing after yum command.
- DL3033 # Specify version with yum install -y <package>-<version>
- DL3034 # Non-interactive switch missing from zypper command: zypper install -y
- DL3035 # Do not use zypper dist-upgrade.
- DL3036 # zypper clean missing after zypper use.
- DL3037 # Specify version with zypper install -y <package>[=]<version>.
- DL3038 # Use the -y switch to avoid manual input dnf install -y <package>
- DL3040 # dnf clean all missing after dnf command.
- DL3041 # Specify version with dnf install -y <package>-<version>
- DL3042 # Avoid cache directory with pip install --no-cache-dir <package>.
- DL3045 # COPY to a relative destination without WORKDIR set.
- DL3046 # useradd without flag -l and high UID will result in excessively large Image.
- DL3051 # Label <label> is empty.
- DL3052 # Label <label> is not a valid URL.
- DL3053 # Label <label> is not a valid time format - must be conform to RFC3339.
- DL3054 # Label <label> is not a valid SPDX license identifier.
- DL3055 # Label <label> is not a valid git hash.
- DL3056 # Label <label> does not conform to semantic versioning.
- DL3058 # Label <label> is not a valid email format - must be conform to RFC5322.
- DL4001 # Either use Wget or Curl but not both.
- DL4003 # Multiple CMD instructions found.
- DL4005 # Use SHELL to change the default shell.
- DL4006 # Set the SHELL option -o pipefail before RUN with a pipe in it
info:
- DL3001 # For some bash commands it makes no sense running them in a Docker container like ssh, vim, shutdown, service, ps, free, top, kill, mount, ifconfig.
- DL3009 # Delete the apt-get lists after installing something.
- DL3010 # Use ADD for extracting archives into an image.
- DL3015 # Avoid additional packages by specifying --no-install-recommends.
- DL3019 # Use the --no-cache switch to avoid the need to use --update and remove /var/cache/apk/* when done installing packages.
- DL3047 # wget without flag --progress will result in excessively bloated build logs when downloading larger files.
- DL3049 # Label <label> is missing.
- DL3050 # Superfluous label(s) present.
- DL3059 # Multiple consecutive RUN instructions. Consider consolidation.
- DL3060 # yarn cache clean missing after yarn install was run.
- SC1000 # $ is not used specially and should therefore be escaped.
- SC1001 # This \c will be a regular 'c' in this context.
- SC1007 # Remove space after = if trying to assign a value (or for empty string, use var='' ...).
- SC1010 # Use semicolon or linefeed before done (or quote to make it literal).
- SC1018 # This is a unicode non-breaking space. Delete it and retype as space.
- SC1035 # You need a space here
- SC1045 # It's not foo &; bar, just foo & bar.
- SC1065 # Trying to declare parameters? Don't. Use () and refer to params as $1, $2 etc.
- SC1066 # Don't use $ on the left side of assignments.
- SC1068 # Don't put spaces around the = in assignments.
- SC1077 # For command expansion, the tick should slant left (` vs ´).
- SC1078 # Did you forget to close this double-quoted string?
- SC1079 # This is actually an end quote, but due to next char, it looks suspect.
- SC1081 # Scripts are case sensitive. Use if, not If.
- SC1083 # This {/} is literal. Check expression (missing ;/\n?) or quote it.
- SC1086 # Don't use $ on the iterator name in for loops.
- SC1087 # Braces are required when expanding arrays, as in ${array[idx]}.
- SC1095 # You need a space or linefeed between the function name and body.
- SC1097 # Unexpected ==. For assignment, use =. For comparison, use [ .. ] or [[ .. ]].
- SC1098 # Quote/escape special characters when using eval, e.g. eval "a=(b)".
- SC1099 # You need a space before the #.
- SC2002 # Useless cat. Consider cmd < file | .. or cmd file | .. instead.
- SC2015 # Note that A && B || C is not if-then-else. C may run when A is true.
- SC2026 # This word is outside of quotes. Did you intend to 'nest '"'single quotes'"' instead'?
- SC2028 # echo won't expand escape sequences. Consider printf.
- SC2035 # Use ./*glob* or -- *glob* so names with dashes won't become options.
- SC2039 # In POSIX sh, something is undefined.
- SC2046 # Quote this to prevent word splitting
- SC2086 # Double quote to prevent globbing and word splitting.
- SC2140 # Word is in the form "A"B"C" (B indicated). Did you mean "ABC" or "A\"B\"C"?
- SC2154 # var is referenced but not assigned.
- SC2155 # Declare and assign separately to avoid masking return values.
- SC2164 # Use cd ... || exit in case cd fails.
style:
- DL3048 # Invalid Label Key
ignore:
- DL1001 # Please refrain from using inline ignore pragmas # hadolint ignore=DLxxxx.
- DL3057 # HEALTHCHECK instruction missing.
strict-labels: false # Do not permit labels other than specified in `label-schema`
trustedRegistries: # registry or list of registries
- docker.io