mirror of
https://github.com/hadolint/hadolint.git
synced 2025-12-17 03:24:08 +00:00
Page:
DL3017
Pages
DL3000
DL3001
DL3002
DL3003
DL3004
DL3005
DL3006
DL3007
DL3008
DL3009
DL3010
DL3011
DL3012
DL3013
DL3014
DL3015
DL3016
DL3017
DL3018
DL3019
DL3020
DL3021
DL3022
DL3023
DL3024
DL3025
DL3026
DL3027
DL3028
DL3029
DL3030
DL3031
DL3032
DL3033
DL3034
DL3035
DL3036
DL3037
DL3038
DL3039
DL3040
DL3041
DL3042
DL3043
DL3044
DL3045
DL3046
DL3047
DL3048
DL3049
DL3050
DL3051
DL3052
DL3053
DL3054
DL3055
DL3056
DL3057
DL3058
DL3059
DL3060
DL3061
DL3062
DL4000
DL4001
DL4003
DL4004
DL4005
DL4006
Home
SC2046
SC2086
Template
No results
Table of Contents
This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Do not use apk upgrade
Problematic code:
FROM alpine:3.7
RUN apk update \
&& apk upgrade \
&& apk add foo=1.0 \
&& rm -rf /var/cache/apk/*
Correct code:
FROM alpine:3.7
RUN apk --no-cache add foo=1.0
Rationale:
You should avoid RUN apk upgrade, as many of the “essential” packages from the parent images won’t upgrade inside an unprivileged container. If a package contained in the parent image is out-of-date, you should contact its maintainers. If you know there’s a particular package, foo, that needs to be updated, use apk --no-cache add foo to update automatically.
inspired by https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run