Skip to content

Latest commit

 

History

History
71 lines (55 loc) · 3.78 KB

readme.md

File metadata and controls

71 lines (55 loc) · 3.78 KB
Raw

WhaleLint Rules

Description

WhaleLint has a total of 27 rules at the moment.

Each rule's validation function tries to catch a developer mistake, a bad habbit or advise a better solution. As such, each of them is assigned one of the common severity levels: Error, Warning, Info, Deprecation.

Rule List

  • CMD001 - Prefer JSON notation array format for CMD and ENTRYPOINT
  • CPY001 - Flag format validation | COPY --[chmod|chown|from]=... srcList... dest|destDir
  • CPY002 - COPY --chmod=XXXX where XXXX should be a valid permission set value.
  • CPY003 - COPY chown flag should be in --chown=${USER}:${GROUP} format.
  • CPY004 - COPY with more than one source requires the destination to end with "/".
  • CPY005 - Prefer ADD over COPY for extracting local archives into an image.
  • CPY006 - COPY --from value should not be the same as the stage.
  • ENT001 - Prefer JSON notation array format for CMD and ENTRYPOINT
  • EXP001 - Expose a valid UNIX port.
  • MTR001 - MAINTAINER is deprecated. Use a LABEL instead.
  • RUN001 - Some bash commands make no sense in an ordinary Docker container.
  • RUN002 - Consider pinning versions of packages
  • RUN003 - Operators "&&, ||, |" has no affect after semicolon.
  • RUN004 - Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root.
  • RUN005 - Do not upgrade or dist-upgrade the base image
  • RUN006 - Clean cache after package manager operation.
  • RUN007 - Use 'WORKDIR' to switch to a directory.
  • RUN008 - Prefer apt-get over apt as the latter does not have a stable CLI.
  • RUN009 - Pass -y|--yes|--assume-yes flag to apt-get in order to be headless.
  • RUN010 - Pass --no-install-recommends to avoid installing unnecessary packages.
  • STL001 - Stage name alias must be unique.
  • STS001 - Stage name should have an explicit tag..
  • STS002 - Stage name "latest" is prone to future errors.
  • STS003 - Platform should be specified in build tool and not FROM.
  • STS004 - There should only be 1 CMD and/or ENTRYPOINT command.
  • USR001 - Last USER should not be root.
  • WKD001 - WORKDIR should be an absolute path for clarity and reliability.

Naming convention:

  • Rule ID

    3 uppercase letter abbreviation of the Dockerfile AST element and 3 digits

    [A-Z]{3}[0-9]{3}, e.g. RUN007 or EXP042

  • Filename of single rule:

    3 lowercase letter abbreviation of the Dockerfile AST element and 3 digits

    ruleID.toLower() + ".go", i.e. [a-z]{3}[0-9]{3}.go, e.g. run007.go or exp042.go

  • ValidationFn name:

    Validation prefix and the CamelCase version of the Rule ID

    "Validate" + rule name as [A-Z][A-Z]{2}[0-9]{3}, e.g. ValidateRun007 or ValidateEp042

TODO


Back to README