dockerfile

package
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2026 License: GPL-3.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CollectHeredocPaths 

func CollectHeredocPaths(sourceContents []instructions.SourceContent) map[string]bool

CollectHeredocPaths extracts heredoc paths from a single COPY/ADD command's SourceContents into the provided map. This is useful for per-command filtering.

func ExtractHeredocFiles 

func ExtractHeredocFiles(stages []instructions.Stage) map[string]bool

ExtractHeredocFiles extracts virtual file paths from heredoc COPY/ADD commands. These are inline files created by heredoc syntax (e.g., COPY <<EOF /app/file.txt) that should not be checked against .dockerignore since they don't come from the build context.

func HasHeredocs 

func HasHeredocs(result *ParseResult) bool

HasHeredocs returns true if the parse result contains any heredocs.

func RunCommandString 

func RunCommandString(run *instructions.RunCommand) string

RunCommandString extracts the command string from a RUN instruction. Handles both shell form (RUN cmd) and exec form (RUN ["cmd", "arg"]).

func RunScript added in v0.27.2 

func RunScript(run *instructions.RunCommand) string

RunScript extracts the shell script content from a RUN instruction. For heredoc RUNs it returns the heredoc body. For regular RUNs it returns the parsed command line, which excludes Dockerfile-level RUN flags.

func RunSourceScript added in v0.22.0 

func RunSourceScript(run *instructions.RunCommand, sm *sourcemap.SourceMap) (string, int)

RunSourceScript extracts the original source for a shell-form RUN instruction and replaces the "RUN " prefix (and "ONBUILD RUN ") with spaces so that column positions from shell.FindCommands on the returned script map directly to source-file columns. This enables accurate fix edits.

Returns the script and the 1-based start line number, or ("", 0) if the instruction has no location or no source lines.

Types

type HeredocInfo 

type HeredocInfo struct {
	// Heredoc is the BuildKit heredoc structure.
	// Contains Name, Content, Expand, Chomp, and FileDescriptor.
	parser.Heredoc

	// Kind classifies the heredoc based on its containing instruction.
	Kind HeredocKind

	// Instruction is the Dockerfile instruction containing this heredoc.
	// One of: RUN, COPY, ADD
	Instruction string

	// Line is the 0-based line number where the instruction starts.
	// The heredoc content follows after the instruction line.
	Line int
}

HeredocInfo represents a heredoc extracted from a Dockerfile instruction. This provides structured access to heredoc content with type classification.

BuildKit's parser.Heredoc is preserved in full, with additional context about which instruction contains the heredoc.

func ExtractHeredocs 

func ExtractHeredocs(result *ParseResult) []HeredocInfo

ExtractHeredocs extracts all heredocs from a parsed Dockerfile. Heredocs are classified by their containing instruction:

  • RUN heredocs are scripts (HeredocKindScript)
  • COPY/ADD heredocs are inline sources (HeredocKindInlineSource)

This classification is important for context-aware rules that need to distinguish between files from build context vs inline heredoc content.

func (HeredocInfo) IsInlineSource 

func (h HeredocInfo) IsInlineSource() bool

IsInlineSource returns true if the heredoc is inline content (COPY/ADD). Inline sources are not affected by .dockerignore and don't require file existence in the build context.

func (HeredocInfo) IsScript 

func (h HeredocInfo) IsScript() bool

IsScript returns true if the heredoc is a shell script (RUN).

type HeredocKind 

type HeredocKind int

HeredocKind classifies the type of heredoc based on its containing instruction. 

const (
	// HeredocKindUnknown indicates a heredoc in an unrecognized instruction.
	// This makes unclassified heredocs explicit rather than silently defaulting.
	HeredocKindUnknown HeredocKind = iota

	// HeredocKindScript indicates a heredoc in a RUN instruction.
	// The content is a shell script to be executed.
	HeredocKindScript

	// HeredocKindInlineSource indicates a heredoc in COPY or ADD instruction.
	// The content is an inline file that does not come from build context.
	// These are not affected by .dockerignore and don't require file existence.
	HeredocKindInlineSource
)

func (HeredocKind) String 

func (k HeredocKind) String() string

String returns the string representation of the HeredocKind.

type LintWarning 

type LintWarning struct {
	RuleName    string
	Description string
	URL         string
	Message     string
	Location    []parser.Range
}

LintWarning captures parameters from BuildKit's linter.LintWarnFunc callback. Fields match the callback signature exactly: 

func(rulename, description, url, fmtmsg string, location []parser.Range)

BuildKit doesn't export a struct for this, so we provide one. See: github.com/moby/buildkit/frontend/dockerfile/linter.LintWarnFunc

type ParseResult 

type ParseResult struct {
	// AST is the parsed Dockerfile AST from BuildKit
	AST *parser.Result
	// Stages contains the parsed build stages with typed instructions
	Stages []instructions.Stage
	// MetaArgs contains ARG instructions that appear before the first FROM
	MetaArgs []instructions.ArgCommand
	// Source is the raw source content of the Dockerfile
	Source []byte
	// Warnings contains lint warnings from BuildKit's built-in linter
	Warnings []LintWarning
}

ParseResult contains the parsed Dockerfile information

func Parse 

func Parse(r io.Reader, cfg *config.Config) (*ParseResult, error)

Parse parses a Dockerfile from a reader. If cfg is provided, it's used to configure BuildKit's linter (skip disabled rules, etc.).

func ParseFile 

func ParseFile(_ context.Context, path string, cfg *config.Config) (*ParseResult, error)

ParseFile parses a Dockerfile and returns the parse result. If cfg is provided, it's used to configure BuildKit's linter (skip disabled rules, etc.).

type RunResolvedSource added in v0.27.2 

type RunResolvedSource struct {
	Source      string
	Script      string
	ScriptIndex int
	StartLine   int
}

RunResolvedSource combines the original RUN source with the resolved shell script span inside that source. ScriptIndex is the byte offset where Script begins within Source, and StartLine is the 1-based line of Source's first line.

This is useful for fix logic that must rewrite the shell script while preserving Dockerfile-level RUN flags like --mount/--network/--security.

func ResolveRunSource added in v0.27.2 

func ResolveRunSource(run *instructions.RunCommand, sm *sourcemap.SourceMap) (RunResolvedSource, bool)

ResolveRunSource returns the original source text for a RUN instruction and the byte offset where the parsed shell script begins within that source. The parsed script comes from RunScript(run), so Dockerfile-level RUN flags are excluded from Script and from the returned ScriptIndex.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.