Currently the most complete Dockerfile linter seems to be hadolint, this basically implements the same principles from pylint and eslint+[semi]standard to Dockerfiles.

Open items on main as of dc0a034:

• DL3027: Do not use apt as it is meant to be a end-user tool, use apt-get or apt-cache instead - deps/apt-get #42 at

  docker/1.14.5/bullseye/Dockerfile

  Line 28 in dc0a034

  RUN apt update && apt install --no-install-recommends -y \

  and

  docker/1.14.5/bullseye/Dockerfile

  Line 93 in dc0a034

  RUN apt update && apt install --no-install-recommends -y \

• DL4006: Set the SHELL option -o pipefail before RUN with a pipe in it - Fix recommendations from hadolint #44 at

  docker/1.14.5/bullseye/Dockerfile

  Line 37 in dc0a034

  RUN git clone --depth 1 ${REPO_GITIAN_BUILDER} gitian \

• SC2038: Use -print0/-0 or -exec + to allow for non-alphanumeric filenames. - Fix recommendations from hadolint #44 at

  docker/1.14.5/bullseye/Dockerfile

  Line 40 in dc0a034

  && find dogecoin/contrib/gitian-keys -name "*.pgp" |xargs -n 1 gpg --import

• DL3047: Avoid use of wget without progress bar. - Fix recommendations from hadolint #44
• SC2046: Quote this to prevent word splitting. - Fix recommendations from hadolint #44 at

  docker/1.14.5/bullseye/Dockerfile

  Line 54 in dc0a034

  && grep ${RLS_FILE_NAME} sigs/${SIG_PATH}/$(cat random_signer.txt)/*assert | sha256sum -c \

• SC2035 : Use ./glob or -- glob so names with dashes won't become options. - Fix recommendations from hadolint #44 at

  docker/1.14.5/bullseye/Dockerfile

  Line 80 in dc0a034

  && rm -rf *

Note that after fixing some items, new findings can arise. For example, after fixing DL3027 with #42, we will get the following:

• DL3008: Pin versions in apt get install. Instead of apt-get install <package> use apt-get install <package>=<version>