generic.dockerfile.best-practice.missing-zypper-no-confirm-switch.missing-zypper-no-confirm-switch

profile photo of returntocorpreturntocorp
Author
2,919
Download Count*

This 'zypper install' is missing the '-y' switch. This might stall builds because it requires human intervention. Add the '-y' switch.

Run Locally

Run in CI

Defintion

rules:
  - id: missing-zypper-no-confirm-switch
    severity: WARNING
    languages:
      - generic
    patterns:
      - pattern: |
          RUN ... zypper install ... $SOMETHING
      - pattern-not-inside: |
          RUN ... zypper install ... -y
      - pattern-not-inside: |
          RUN ... zypper install ... --no-confirm
    message: This 'zypper install' is missing the '-y' switch. This might stall
      builds because it requires human intervention. Add the '-y' switch.
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3034
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3034
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    paths:
      include:
        - "*dockerfile*"
        - "*Dockerfile*"

Examples

missing-zypper-no-confirm-switch.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3034

FROM debian
# ruleid: missing-zypper-no-confirm-switch
RUN zypper install httpd=2.4.46 && zypper clean

# ok: missing-zypper-no-confirm-switch
RUN zypper install -y httpd=2.4.46 && zypper clean