Skip to content

[CHORE] Add hadolint linting for Containerfiles #122

New issue
New issue
Closed
Closed
[CHORE] Add hadolint linting for Containerfiles#122
Assignees
c-vigo
Labels
area:ciCI/CD, GitHub Actions, workflowsarea:imageContainer image, Dockerfile, buildchoreGeneral tasks (e.g. update dependencies, contact a manufacturer, read a paper)effort:smallLess than 1 hoursemver:patchBug fix, backward-compatible
Milestone
0.3
@c-vigo

Description

@c-vigo
c-vigo
opened on Feb 20, 2026

Chore Type

CI / Build change

Description

Add hadolint static analysis for all Containerfiles in the repository. Hadolint enforces Dockerfile best practices (pinned base image tags, consolidated RUN layers, pinned apk/apt versions, etc.) and integrates shellcheck for inline RUN scripts.

Acceptance Criteria

  • hadolint pre-commit hook added to .pre-commit-config.yaml, pinned by SHA
  • Containerfile passes hadolint with no warnings
  • tests/fixtures/sidecar.Containerfile passes hadolint with no warnings
  • uv run pre-commit run --all-files exits clean

Implementation Notes

  • Use hadolint-docker hook from https://github.com/hadolint/hadolint, pinned to 346e4199e4baca7d6827f20ac078b6eee5b39327 (v2.9.3)
  • DL3018 (unpinned apk packages) should be suppressed inline with # hadolint ignore=DL3018 in fixture files where pinning individual package versions would be brittle
  • The main Containerfile may need fixes after the hook is wired in

Related Issues

None

Priority

Medium

Changelog Category

Added

Additional Context

None

Metadata

Metadata

Assignees

Labels

area:ciCI/CD, GitHub Actions, workflowsarea:imageContainer image, Dockerfile, buildchoreGeneral tasks (e.g. update dependencies, contact a manufacturer, read a paper)effort:smallLess than 1 hoursemver:patchBug fix, backward-compatible

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions