Skip to content

Analyse hadolint (docker linter) output and see if we need to configure it

Hadolint: https://github.com/hadolint/hadolint

In this MR !14 we are trying to integrate hadolint, a docker linter and it gives use a lot of warning and a few error.

Do we want to use it and if so which errors do we want to take into account and/or configure to change their error level?

Here is the current output:

./library/logilab-cubicweb-custom/Dockerfile
============================================
-:1 DL3006 warning: Always tag the version of an image explicitly
-:4 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:4 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`

./library/python-logilab/Dockerfile
===================================
-:3 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
-:3 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
-:4 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:4 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
-:4 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`

./library/bookworm-slim-pg15-ldap/Dockerfile
============================================
-:1 DL3006 warning: Always tag the version of an image explicitly
-:5 DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root

./library/kubectl-kustomize/Dockerfile
======================================
-:1 DL3007 warning: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag
-:4 DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
-:4 DL3019 info: Use the `--no-cache` switch to avoid the need to use `--update` and remove `/var/cache/apk/*` when done installing packages
-:8 DL3047 info: Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
-:9 DL3047 info: Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
-:9 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:10 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
-:10 SC2091 warning: Remove surrounding $() to avoid executing output (or use eval if intentional).
-:14 DL4001 warning: Either use Wget or Curl but not both

./library/bullseye-slim-pg13-crm/Dockerfile
===========================================
-:1 DL3006 warning: Always tag the version of an image explicitly
-:3 DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root

./library/bullseye-slim-pg13-ldap/Dockerfile
============================================
-:1 DL3006 warning: Always tag the version of an image explicitly
-:5 DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root

./library/bullseye-slim-pg13-firefox/Dockerfile
===============================================
-:1 DL3006 warning: Always tag the version of an image explicitly
-:3 DL3004 error: Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root

./library/cube-doctor-scheduled-jobs/Dockerfile
===============================================
-:5 DL3009 info: Delete the apt-get lists after installing something
-:6 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:6 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:6 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:7 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
-:7 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
-:7 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.

./library/bookworm-slim-pg15/Dockerfile
=======================================
-:4 SC2086 info: Double quote to prevent globbing and word splitting.
-:12 DL3009 info: Delete the apt-get lists after installing something
-:12 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:12 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:18 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
-:18 DL3047 info: Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
-:22 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:22 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:45 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
-:46 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:47 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:48 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:53 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.

./library/can-i-merge/Dockerfile
================================
-:5 DL3009 info: Delete the apt-get lists after installing something
-:6 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:6 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:6 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:7 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
-:7 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:7 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
-:8 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
-:8 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
-:8 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`

./library/bullseye-slim-pg13/Dockerfile
=======================================
-:4 SC2086 info: Double quote to prevent globbing and word splitting.
-:12 DL3009 info: Delete the apt-get lists after installing something
-:12 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:12 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:18 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
-:18 DL3047 info: Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
-:22 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-:22 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:22 DL3042 warning: Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
-:52 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.

./library/kubectl/Dockerfile
============================
-:1 DL3007 warning: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag
-:4 DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
-:4 DL3019 info: Use the `--no-cache` switch to avoid the need to use `--update` and remove `/var/cache/apk/*` when done installing packages
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information