Skip to content

hadolint doesn't validate FROM instruction order in Dockerfile as it should #737

Closed
#763
Closed
hadolint doesn't validate FROM instruction order in Dockerfile as it should#737
#763
@ye

Description

@ye
ye
opened on Nov 23, 2021
  • This is a bug report
  • This is a feature request
  • I searched existing issues before opening this one

Expected behavior

The FROM instruction initializes a new build stage and sets the Base Image for subsequent instructions. As such, a valid Dockerfile must start with a FROM instruction (with the only exceptions of comment lines or ARG).

https://docs.docker.com/engine/reference/builder/#from

However, currently hadolint doesn't check for that instruction sequence, which is a breaking failure error for docker build if this FROM precedence rule isn't followed.

Actual behavior

halolint should error out on any Dockerfile that doesn't start with comments / ARG lines. It doesn't as of version 2.8.0.

Steps to reproduce the behavior

Output of hadolint --version or
docker run --rm hadolint/hadolint hadolint --version or
docker run --rm ghcr.io/hadolint/hadolint hadolint --version:

It looks like the Homebrew installed hadolint doesn't properly display a version, another bug for the recipes.

$ hadolint --version
Haskell Dockerfile Linter UNKNOWN
$ brew info hadolint
hadolint: stable 2.8.0 (bottled)
Smarter Dockerfile linter to validate best practices
https://github.com/hadolint/hadolint
/opt/homebrew/Cellar/hadolint/2.8.0 (5 files, 82MB) *
  Poured from bottle on 2021-11-22 at 17:24:54
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/hadolint.rb
License: GPL-3.0-only
$ cat <<EOF | hadolint -
LABEL maintainer="ye@example.com"
FROM python:3.9-slim-bullseye

ARG DEBIAN_FRONTEND=noninteractive
EOF
$ echo $?
0
cat <<EOF | docker build -f - .
LABEL maintainer="ye@example.com"
FROM python:3.9-slim-bullseye

ARG DEBIAN_FRONTEND=noninteractive
EOF
[+] Building 0.5s (2/2) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                                                                     0.3s
 => => transferring dockerfile: 144B                                                                                                                                                                                                     0.0s
 => ERROR [internal] load .dockerignore                                                                                                                                                                                                  0.2s
 => => transferring context: 40B                                                                                                                                                                                                         0.1s
------
 > [internal] load .dockerignore:
------
failed to solve with frontend dockerfile.v0: failed to create LLB definition: no build stage in current context

Dockerfile (if relevant)

BAD Dockerfile

LABEL maintainer="ye@example.com"
FROM python:3.9.7-slim-bullseye

ARG DEBIAN_FRONTEND=noninteractive

GOOD Dockerfile

FROM python:3.9.7-slim-bullseye
LABEL maintainer="ye@example.com"

ARG DEBIAN_FRONTEND=noninteractive

Additional environment details (OS, stack version, etc.)

Switching the instruction lines between LABEL and FROM will make docker build work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions