generic.dockerfile.best-practice.avoid-apk-upgrade.avoid-apk-upgrade

Author
2,919
Download Count*
License
Packages in base images should be up-to-date, removing the need for 'apk upgrade'. If packages are out-of-date, consider contacting the base image maintainer.
Run Locally
Run in CI
Defintion
rules:
- id: avoid-apk-upgrade
languages:
- generic
message: Packages in base images should be up-to-date, removing the need for
'apk upgrade'. If packages are out-of-date, consider contacting the base
image maintainer.
severity: INFO
metadata:
source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3017
references:
- https://github.com/hadolint/hadolint/wiki/DL3017
category: best-practice
technology:
- dockerfile
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
paths:
include:
- "*dockerfile*"
- "*Dockerfile*"
pattern: apk upgrade
Examples
avoid-apk-upgrade.dockerfile
FROM alpine:3.7
RUN apk update \
# ruleid: avoid-apk-upgrade
&& apk upgrade \
&& apk add foo=1.0 \
&& rm -rf /var/cache/apk/*
# ok: avoid-apk-upgrade
RUN apk --no-cache add foo=1.0
Short Link: https://sg.run/RoRv