Update "RUN Instruction Using 'cd' Instead of WORKDIR" query for Docker, allow cd when not at the beginning
malte-laukoetter opened this issue · 1 comments
Platform
Docker
Query
f4a6bcd3-e231-4acf-993c-aa027be50d2e
Description
In long RUN
commands there sometimes exists cd
s in the middle of the Instruction to change a directory. It is not helpful to replace such a cd
with a WORKDIR
instruction as this would create an additional layer. Therefore only cd
s that are at the beginning of a RUN
instruction should be reported.
Example
The official docker image for fluentd uses such a construct in the Dockerfile for its debian image: https://github.com/fluent/fluentd-docker-image/blob/a9e4cee765c7aaf7876d6fe3282aa565dbcdc2a4/v1.14/debian/Dockerfile
Hello @Lergin, thank you very much for raising this issue! This query is a tough one.
We would have 2 options:
1 - A way to go around this would be using the full path instead of cd + relative path, and I would update the query description.
2 - Compromising like you suggested, only looking for cd at the start of the command, which can be a good compromise to ensure image optimization and readability.
After looking around in dockerfiles, it seems most use full paths, so we are inclined to going with the first option.
This PR aims to fix this and other issues you have very attentively raised! Thank you once again!