Use absolute WORKDIR DOK-DL3000
By using absolute paths you will not run into problems when a previous WORKDIR instruction changes. You also often don't know the WORKDIR context of your base container.
Command does not make sense in a container DOK-DL3001
For some POSIX commands it makes no sense to run them in a Docker container because they are bound to the host or are otherwise dangerous (like ´shutdown´, ´service´, ´ps´, ´free´, ´top´, ´kill´, ´mount´, ´ifconfig´). Interactive utilities also don't make much sense (´nano´, ´vim´).
Pin image versions explicitly to a release tag DOK-DL3007
Using the latest tag can cause breakages when a new version of an image is released. You can never rely on the assumption that the latest tag points to a specific version of an image.
Pin versions in pip DOK-DL3013
Version pinning forces the build to retrieve a particular version regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes in required packages. You can read more about version pinning here.
Use the -y switch DOK-DL3014
Without the -y/--assume-yes option it might be possible for the build to break without human intervention.
Always tag the version of an image explicitly DOK-DL3006
You can never rely on the assumption that the latest tag points to a specific version of an image. Explicitly tagging the image with a specific version (e.g. ubuntu:12.04) ensures that your application will not break due to random changes across different versions of an image you depend on.
COPY --from should reference a previously defined FROM alias DOK-DL3022
Trying to copy from a missing image alias results in an error.
COPY --from cannot reference its own FROM alias DOK-DL3023
Trying to copy from the same image the instruction is running in results in an error.
FROM aliases (stage names) must be unique DOK-DL3024
Defining duplicate stage names results in an error.
Multiple ENTRYPOINT instructions detected DOK-DL4004
If you list more than one ENTRYPOINT then only the last ENTRYPOINT command will be setup, making prior ENTRYPOINT setups redundant.
Missing space before # DOK-SC1099
A keyword is found immediately following a #. In order for the # to start a comment, it needs to come after a word boundary such as a space.
Pin versions in gem install DOK-DL3028
Version pinning forces the build to retrieve a particular version regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes changes between different versions in required packages.
Invalid case used for command/syntax DOK-SC1081
Unexpected == detected DOK-SC1097
== is being used in an unexpected way. The two most common reasons for this is: - You wanted to assign a value but accidentally used == instead of =.
eval used with special characters DOK-SC1098
Shells differ widely in how they handle unescaped parentheses in eval expressions. eval foo=bar is allowed by dash, bash and ksh.
Detected use of $ in the iterator name of a for loop DOK-SC1086
The for loop expects the variable's name, not its value (and the name can not be specified indirectly).
Pin specific version in npm DOK-DL3016
Version pinning forces the build to retrieve a particular version regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes in required packages. Read more about version pinning here.
Use the --no-cache switch DOK-DL3019
As of Alpine Linux 3.3 there exists a new --no-cache option for apk. It allows users to install packages with an index that is updated and used on-the-fly and not cached locally: This avoids the need to use --update and remove /var/cache/apk/* when done installing packages.
Declare and assign separately to avoid masking of return values DOK-SC2155
$ is not used specially and should therefore be escaped DOK-SC1000
$ is special in double quotes, but there are some cases where it's interpreted literally: - Following a backslash: echo "\$" - In a context where the shell can't make sense of it, such as at the end of the string, ("foo$") or before some constructs ("$'foo'").