Skip to content
Permalink
lint
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

base/config/default_rules.yaml

Go to file
Jim Van Fleet Adding lint example to build process
Latest commit 1ee434b Jul 13, 2016 History
0 contributors

Users who have contributed to this file

259 lines (258 sloc) 10.2 KB
Raw Blame
---
profile:
name: "Default"
description: "Default Profile. Checks basic syntax."
includes:
#- recommended_label_rules.yaml
line_rules:
LABEL:
paramSyntaxRegex: /.+/
# Use defined_label_rules to defined a set of labels for your dockerfile
# In this example, the labels "Vendor","Authoritative_Registry","BZComponent"
# have been defined. A label value is 'valid' if matches the regular
# expression 'valueRegex', otherwise an warn is logged with the string "message"
# at level 'level'. 'reference_url' provides a web link where the user can
# get more information about the rule.
#
defined_namevals:
Name:
valueRegex: /([\w]+)./
message: "Label 'Name' is missing or has invalid format"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
Version:
valueRegex: /([\w]+.*)./
message: "Label 'Version' is missing or has invalid format"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
Release:
valueRegex: /([\w]+.*)./
message: "Label 'Release' is missing or has invalid format"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
Architecture:
valueRegex: /[\w]*[6,8][4,6]|[.]*86[.]*64/
message: "Label 'Architecture' is missing or has invalid format: x86, i386, x86_64"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
Vendor:
valueRegex: /([\w]+).+/
message: "Label 'Vendor' is missing or has invalid format"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
Url:
valueRegex: /([\w]+).+/
message: "Label 'Url' is missing or has invalid format"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
Help:
valueRegex: /([\w]+).+/
message: "Label 'Help' is missing or has invalid format"
level: "warn"
required: true
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_recommended_labels_for_your_project"
FROM:
paramSyntaxRegex: /^[a-z0-9./-]+(:[a-z0-9.]+)?$/
rules:
-
label: "is_latest_tag"
regex: /latest/
level: "error"
message: "base image uses 'latest' tag"
description: "using the 'latest' tag may cause unpredictable builds. It is recommended that a specific tag is used in the FROM line or *-released which is the latest supported release."
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#from"
label: "no_tag"
regex: /^[:]/
level: "error"
message: "No tag is used"
description: "lorem ipsum tar"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#from"
label: "specified_registry"
regex: /[a-zA-Z0-9]+?\.[a-zA-Z0-9-]+(\:|\.)([a-zA-Z0-9.]+|(\d+)?)([/?:].*)?/
level: "warn"
message: "using a specified registry in the FROM line"
description: "using a specified registry may supply invalid or unexpected base images"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#entrypoint"
MAINTAINER:
paramSyntaxRegex: /.+/
rules: []
RUN:
paramSyntaxRegex: /.+/
rules:
-
label: "no_yum_clean_all"
regex: /yum(?!.+clean all|.+\.repo)/g
level: "warn"
message: "yum clean all is not used"
description: "the yum cache will remain in this layer making the layer unnecessarily large"
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_clear_packaging_caches_and_temporary_package_downloads"
-
label: "yum_update_all"
regex: /yum(.+update all|.+upgrade|.+update)/
level: "warn"
message: "updating the entire base image may add unnecessary size to the container"
description: "update the entire base image may add unnecessary size to the container"
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_clear_packaging_caches_and_temporary_package_downloads"
-
label: "no_dnf_clean_all"
regex: /dnf(?!.+clean all|.+\.repo)/g
level: "warn"
message: "dnf clean all is not used"
description: "the dnf cache will remain in this layer making the layer unnecessarily large"
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_clear_packaging_caches_and_temporary_package_downloads"
-
label: "no_rvm_cleanup_all"
regex: /rvm install(?!.+cleanup all)/g
level: "warn"
message: "rvm cleanup is not used"
description: "the rvm cache will remain in this layer making the layer unnecessarily large"
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_clear_packaging_caches_and_temporary_package_downloads"
-
label: "no_gem_clean_all"
regex: /gem install(?!.+cleanup|.+\rvm cleanup all)/g
level: "warn"
message: "gem cleanup all is not used"
description: "the gem cache will remain in this layer making the layer unnecessarily large"
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_clear_packaging_caches_and_temporary_package_downloads"
-
label: "no_apt-get_clean"
regex: /apt-get install(?!.+clean)/g
level: "warn"
message: "apt-get clean is not used"
description: "the apt-get cache will remain in this layer making the layer unnecessarily large"
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "_clear_packaging_caches_and_temporary_package_downloads"
-
label: "privileged_run_container"
regex: /privileged/
level: "warn"
message: "a privileged run container is allowed access to host devices"
description: "Does this run need to be privileged?"
reference_url:
- "http://docs.docker.com/engine/reference/run/#"
- "runtime-privilege-and-linux-capabilities"
-
label: "installing_ssh"
regex: /ssh/
level: "warn"
message: "installing SSH in a container is not recommended"
description: "Do you really need SSH in this image?"
reference_url: "https://github.com/jpetazzo/nsenter"
-
label: "no_ampersand_usage"
regex: / ; /
level: "warn"
message: "using ; instead of &&"
description: "RUN do_1 && do_2: The ampersands change the resulting evaluation into do_1 and then do_2 only if do_1 was successful."
reference_url:
- "http://docs.projectatomic.io/container-best-practices/#"
- "#_using_semi_colons_vs_double_ampersands"
EXPOSE:
paramSyntaxRegex: /[0-9]+([0-9\s|-]+)?/
rules: []
ENV:
paramSyntaxRegex: /^[a-zA-Z_]+[a-zA-Z0-9_]* .+$/
rules: []
ADD:
paramSyntaxRegex: /^(~?[A-z0-9\/_.-]+|https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&\/\/=]*))\s~?[A-z0-9\/_.-]+$/
COPY:
paramSyntaxRegex: /.+/
rules: []
ENTRYPOINT:
paramSyntaxRegex: /.+/
rules: []
VOLUME:
paramSyntaxRegex: /.+/
rules: []
USER:
paramSyntaxRegex: /^[a-z0-9_][a-z0-9_]{0,40}$/
rules: []
WORKDIR:
paramSyntaxRegex: /^~?[A-z0-9\/_.-]+$/
rules: []
ONBUILD:
paramSyntaxRegex: /.+/
rules: []
required_instructions:
-
instruction: "MAINTAINER"
count: 1
level: "error"
message: "Maintainer is not defined"
description: "The MAINTAINER line is useful for identifying the author in the form of MAINTAINER Joe Smith <joe.smith@example.com>"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#maintainer"
-
instruction: "EXPOSE"
count: 1
level: "info"
message: "There is no 'EXPOSE' instruction"
description: "Without exposed ports how will the service of the container be accessed?"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#expose"
-
instruction: "ENTRYPOINT"
count: 1
level: "info"
message: "There is no 'ENTRYPOINT' instruction"
description: "None"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#entrypoint"
-
instruction: "CMD"
count: 1
level: "info"
message: "There is no 'CMD' instruction"
description: "None"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#cmd"
-
instruction: "USER"
count: 1
level: "warn"
message: "No 'USER' instruction"
description: "The process(es) within the container may run as root and RUN instructions my be run as root"
reference_url:
- "https://docs.docker.com/reference/builder/"
- "#user"