{{announcement.body}}
{{announcement.title}}

Why Lint DockerFile in Continuous Integration?

DZone 's Guide to

Why Lint DockerFile in Continuous Integration?

Dockerfile Linter Inspects the commands mentioned in Dockerfiles to build an optimized image. Docker Linter should be given equal weightage as code linter.

· DevOps Zone ·
Free Resource

What Is Linter?

Lint or Linter is a tool that analyses source code to flag programming errors, bugs, stylistic errors, and suspicious constructs.

We often talk about the best practices or syntax to follow while writing source code for the application but we usually skip the code which helps us in generating deployable containers like for docker image we have Dockerfile.


Why We Need Linter?

In the era of Microservices where the concept of Continuous Integration has become a necessity so as to keep application code changes in production-quality state.

Continuous Inspection is another important aspect which ensures the quality of software/application by continuously validating all the changes and identifying the risks before moving the change to production.

Irrespective of the development practice being followed it is always important to integrate Continuous Inspection tool to build cycle.


Common Lint Tools

There are multiple continuous inspection tools available which support more than one programming languages and have multiple features like below:

Sonar Qube— Continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

 copied from — sonarqube.org



Why We Need Linter for Docker?

There are many linters available which inspect code of different programming languages. But how we should make sure that the docker image generated for our application is in optimised form.

That’s why we need some linter which will inspect and apply all the quality checks on the Dockerfile.

Dockerfile — is a text document that contains all the commands a user could call on the command line to assemble a deployable docker image.


Available Docker Linters

There are many open source docker linters available :

Here I am using Haskell Docker Linter.

Haskell Docker Linter will inspect the Dockerfile into an AST and performs rules on top of the AST. It additionally is using the famous Shellcheck to lint the Bash code inside RUN instructions.


Integrate Docker Linter — CI Pipeline

Here, I have used Declarative Pipeline for Continuous Integration (CI).

The below code is adding a stage i.e “Quality gate - Dockerfile” before building docker image. It will then inspect the application Dockerfile and archive the result as a text file.

Java
 




x
22


 
1
stages {....
2
stage ("Quality Gate") { 
3
 
           
4
   parallel {     
5
 
           
6
      stage ("Dockerfile") {
7
         agent {
8
            docker {
9
               image 'hadolint/hadolint:latest-debian'
10
            }
11
         }
12
         steps {
13
            sh 'hadolint microservice1/dockerfile | tee -a      ms1_docker_lint.txt'
14
         }
15
         post {
16
          always {
17
            archiveArtifacts 'ms1_docker_lint.txt'
18
          }
19
      }
20
  }
21
}
22
....}



Continuous Integration Pipeline

Continuous Integration Pipeline




Thanks for reading!

I hope you have enjoyed reading the article.

Topics:
cloud, continuous integraiton, devops, docker, dockerfile, lint, linter, linting, pipeline as code, sonar qube

Published at DZone with permission of Ritresh Girdhar . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}