Docker is a containerization tool for unix OSes. It implements many ideas of the Open Container Initiative (OCI) but does that in a rootful manner. For the rootless containerization one can use the /Podman.
- "Docker Security Best Practices from the Dockerfile"
- lazydocker, a nice TUI app for docker(-compose)
- awesome-compose, "These samples provide a starting point for how to integrate different services using a Compose file and to manage their deployment with Docker Compose."
hadolint is a linter for Dockerfiles. Uses /Haskell powered shellcheck under the hood.
Usually, I run hadolint using such script:
#!/bin/sh
FILE="$(pwd)/Dockerfile"
if [ ! -f "$FILE" ]; then
echo "Dockerfile not found!"
else
docker run --rm -i hadolint/hadolint < "$FILE"
fiSometimes I need to run some dockerized app from shell having a couple of volumes mounted in "rw" mode. That's how I wrap such calls into shell scripts:
docker run --rm \
-u $(id -u):$(id -g) \
-v "$PWD":/data:rw \
-e VAR="value" \
image:latest \
$*The "-u $(id -u):$(id -g)" part keeps you away from problems with permissions.