├── .pre-commit-config.yaml ├── .pre-commit-hooks.yaml ├── Dockerfile ├── Dockerfile.lint ├── README.md └── package.json /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/pre-commit/pre-commit-hooks 3 | rev: v1.3.0 4 | hooks: 5 | # Git state 6 | - id: check-merge-conflict 7 | stages: [commit] 8 | - id: check-added-large-files 9 | stages: [commit] 10 | # Sensitive information 11 | - id: detect-private-key 12 | stages: [commit] 13 | - id: detect-aws-credentials 14 | stages: [commit] 15 | # Generic file state 16 | - id: trailing-whitespace 17 | stages: [commit] 18 | - id: mixed-line-ending 19 | stages: [commit] 20 | - id: end-of-file-fixer 21 | stages: [commit] 22 | exclude: .*\.tfvars$ # terraform fmt separates everything with blank lines leaving a trailing line at the end 23 | - id: check-executables-have-shebangs 24 | stages: [commit] 25 | # Language syntax/formatting 26 | - id: check-yaml 27 | stages: [commit] 28 | - id: check-json 29 | stages: [commit] 30 | - id: pretty-format-json 31 | stages: [commit] 32 | args: 33 | - --autofix 34 | - repo: https://github.com/pryorda/dockerfilelint-precommit-hooks 35 | sha: master 36 | hooks: 37 | - id: dockerfilelint 38 | - repo: https://github.com/mattlqx/pre-commit-sign 39 | rev: v1.1.1 40 | hooks: 41 | - id: sign-commit 42 | -------------------------------------------------------------------------------- /.pre-commit-hooks.yaml: -------------------------------------------------------------------------------- 1 | - id: dockerfilelint 2 | name: Dockerfile linter 3 | entry: dockerfilelint 4 | language: node 5 | additional_dependencies: [dockerfilelint] 6 | files: Dockerfile.* 7 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:jessie-slim 2 | 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 4 | RUN groupadd -r redis && useradd -r -g redis redis 5 | 6 | # grab gosu for easy step-down from root 7 | # https://github.com/tianon/gosu/releases 8 | ENV GOSU_VERSION 1.10 9 | RUN set -ex; \ 10 | \ 11 | fetchDeps='ca-certificates wget'; \ 12 | apt-get update; \ 13 | apt-get install -y --no-install-recommends $fetchDeps; \ 14 | rm -rf /var/lib/apt/lists/*; \ 15 | \ 16 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ 17 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ 18 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ 19 | export GNUPGHOME="$(mktemp -d)"; \ 20 | gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ 21 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ 22 | rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ 23 | chmod +x /usr/local/bin/gosu; \ 24 | gosu nobody true; \ 25 | \ 26 | apt-get purge -y --auto-remove $fetchDeps 27 | 28 | ENV REDIS_VERSION 3.2.10 29 | ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.2.10.tar.gz 30 | ENV REDIS_DOWNLOAD_SHA 411c604a716104f7f5a326abfad32de9cea10f15f987bec45cf86f315e9e63a0 31 | 32 | # for redis-sentinel see: http://redis.io/topics/sentinel 33 | RUN set -ex; \ 34 | \ 35 | buildDeps=' \ 36 | wget \ 37 | \ 38 | gcc \ 39 | libc6-dev \ 40 | make \ 41 | '; \ 42 | apt-get update; \ 43 | apt-get install -y $buildDeps --no-install-recommends; \ 44 | rm -rf /var/lib/apt/lists/*; \ 45 | \ 46 | wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \ 47 | echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \ 48 | mkdir -p /usr/src/redis; \ 49 | tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1; \ 50 | rm redis.tar.gz; \ 51 | \ 52 | # disable Redis protected mode [1] as it is unnecessary in context of Docker 53 | # (ports are not automatically exposed when running inside Docker, but rather explicitly by specifying -p / -P) 54 | # [1]: https://github.com/antirez/redis/commit/edd4d555df57dc84265fdfb4ef59a4678832f6da 55 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 1$' /usr/src/redis/src/server.h; \ 56 | sed -ri 's!^(#define CONFIG_DEFAULT_PROTECTED_MODE) 1$!\1 0!' /usr/src/redis/src/server.h; \ 57 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 0$' /usr/src/redis/src/server.h; \ 58 | # for future reference, we modify this directly in the source instead of just supplying a default configuration flag because apparently "if you specify any argument to redis-server, [it assumes] you are going to specify everything" 59 | # see also https://github.com/docker-library/redis/issues/4#issuecomment-50780840 60 | # (more exactly, this makes sure the default behavior of "save on SIGTERM" stays functional by default) 61 | \ 62 | make -C /usr/src/redis -j "$(nproc)"; \ 63 | make -C /usr/src/redis install; \ 64 | \ 65 | rm -r /usr/src/redis; \ 66 | \ 67 | apt-get purge -y --auto-remove $buildDeps 68 | 69 | RUN mkdir /data && chown redis:redis /data 70 | VOLUME /data 71 | WORKDIR /data 72 | 73 | COPY docker-entrypoint.sh /usr/local/bin/ 74 | ENTRYPOINT ["docker-entrypoint.sh"] 75 | 76 | EXPOSE 6379 77 | CMD ["redis-server"] 78 | -------------------------------------------------------------------------------- /Dockerfile.lint: -------------------------------------------------------------------------------- 1 | FROM debian:jessie-slim 2 | 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 4 | RUN groupadd -r redis && useradd -r -g redis redis 5 | 6 | # grab gosu for easy step-down from root 7 | # https://github.com/tianon/gosu/releases 8 | ENV GOSU_VERSION 1.10 9 | RUN set -ex; \ 10 | \ 11 | fetchDeps='ca-certificates wget'; \ 12 | apt-get update; \ 13 | apt-get install -y --no-install-recommends $fetchDeps; \ 14 | rm -rf /var/lib/apt/lists/*; \ 15 | \ 16 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ 17 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ 18 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ 19 | export GNUPGHOME="$(mktemp -d)"; \ 20 | gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ 21 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ 22 | rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ 23 | chmod +x /usr/local/bin/gosu; \ 24 | gosu nobody true; \ 25 | \ 26 | apt-get purge -y --auto-remove $fetchDeps 27 | 28 | ENV REDIS_VERSION 3.2.10 29 | ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.2.10.tar.gz 30 | ENV REDIS_DOWNLOAD_SHA 411c604a716104f7f5a326abfad32de9cea10f15f987bec45cf86f315e9e63a0 31 | 32 | # for redis-sentinel see: http://redis.io/topics/sentinel 33 | RUN set -ex; \ 34 | \ 35 | buildDeps=' \ 36 | wget \ 37 | \ 38 | gcc \ 39 | libc6-dev \ 40 | make \ 41 | '; \ 42 | apt-get update; \ 43 | apt-get install -y $buildDeps --no-install-recommends; \ 44 | rm -rf /var/lib/apt/lists/*; \ 45 | \ 46 | wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \ 47 | echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \ 48 | mkdir -p /usr/src/redis; \ 49 | tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1; \ 50 | rm redis.tar.gz; \ 51 | \ 52 | # disable Redis protected mode [1] as it is unnecessary in context of Docker 53 | # (ports are not automatically exposed when running inside Docker, but rather explicitly by specifying -p / -P) 54 | # [1]: https://github.com/antirez/redis/commit/edd4d555df57dc84265fdfb4ef59a4678832f6da 55 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 1$' /usr/src/redis/src/server.h; \ 56 | sed -ri 's!^(#define CONFIG_DEFAULT_PROTECTED_MODE) 1$!\1 0!' /usr/src/redis/src/server.h; \ 57 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 0$' /usr/src/redis/src/server.h; \ 58 | # for future reference, we modify this directly in the source instead of just supplying a default configuration flag because apparently "if you specify any argument to redis-server, [it assumes] you are going to specify everything" 59 | # see also https://github.com/docker-library/redis/issues/4#issuecomment-50780840 60 | # (more exactly, this makes sure the default behavior of "save on SIGTERM" stays functional by default) 61 | \ 62 | make -C /usr/src/redis -j "$(nproc)"; \ 63 | make -C /usr/src/redis install; \ 64 | \ 65 | rm -r /usr/src/redis; \ 66 | \ 67 | apt-get purge -y --auto-remove $buildDeps 68 | 69 | RUN mkdir /data && chown redis:redis /data 70 | VOLUME /data 71 | WORKDIR /data 72 | 73 | COPY docker-entrypoint.sh /usr/local/bin/ 74 | ENTRYPOINT ["docker-entrypoint.sh"] 75 | 76 | EXPOSE 6379 77 | CMD ["redis-server"] 78 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Useful [pre-commit](http://pre-commit.com) hooks for checking Dockerfiles for issues.. 2 | 3 | Does not require to have node or dockerfilelint installed: `pre-commit` will fetch & install it under the hood. 4 | 5 | The test `Dockerfile` in this repo was taken from [here](https://github.com/docker-library/redis/blob/master/3.2/Dockerfile). 6 | 7 | ## Usage 8 | 9 | ``` 10 | - repo: https://github.com/pryorda/dockerfilelint-precommit-hooks 11 | rev: v0.1.0 12 | hooks: 13 | - id: dockerfilelint 14 | stages: [commit] 15 | ``` 16 | 17 | #### dockerfilelint 18 | 19 | Uses https://github.com/replicatedhq/dockerfilelint to lint your Dockerfile 20 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "dummy_package", 3 | "version": "0.0.0" 4 | } 5 | --------------------------------------------------------------------------------