有没有办法lintDockerfile？

如果Dockerfile写错了,例如:

CMD ["service", "--config", "/etc/service.conf] (缺少报价)

有没有办法在建造之前将它弄脏以检测到这样的错误？

尝试:

无论是哈斯克尔Dockerfile短绒("hadolinter") ,也可在网上.hadolint将Dockerfile解析为AST,并根据最佳实践Docker镜像规则执行检查和验证.它还使用Shellcheck在RUN命令上输入Bash代码.

或者dockerlinter(基于node.js).

我用,和RUN,对一个简单的Docker文件进行了一个简单的测试.很聪明地将相同的规则违规归为一类,但由于缺乏对Bash代码的静态分析,因此无法尽可能彻底地进行检查.ADDENVCMDdockerlinterhadolinterShellcheck

尽管dockerlinter它的范围不足,但它似乎更容易安装.npm install -g dockerlinter将会这样做,而编译hadolinter需要一个Haskell编译器和构建环境,需要永远编译.

$ hadolint ./api/Dockerfile
L9 SC2046 Quote this to prevent word splitting.
L11 SC2046 Quote this to prevent word splitting.
L8 DL3020 Use COPY instead of ADD for files and folders
L10 DL3020 Use COPY instead of ADD for files and folders
L13 DL3020 Use COPY instead of ADD for files and folders
L18 DL3020 Use COPY instead of ADD for files and folders
L21 DL3020 Use COPY instead of ADD for files and folders
L6 DL3008 Pin versions in apt get install. Instead of `apt-get install ` use `apt-get install =`
L6 DL3009 Delete the apt-get lists after installing something
L6 DL3015 Avoid additional packages by specifying `--no-install-recommends`

$ dockerlint ./api/Dockerfile
WARN:  ADD instruction used instead of COPY on line 8, 10, 13, 18, 21
ERROR: ./api/Dockerfile failed.

2018年更新.由于hadolint现在有官方Docker存储库,您可以快速获取可执行文件:

id=$(docker create hadolint/hadolint:latest)
docker cp "$id":/bin/hadolint .
docker rm "$id"

这是一个静态编译的可执行文件(根据ldd hadolint),所以它应该运行,无论安装的库.关于如何构建可执行文件的参考:https://github.com/hadolint/hadolint/blob/master/docker/Dockerfile.