Feature request: Run Hadolint in a container

[0uep]

Currently, vscode-hadolint runs Hadolint as an executable.

vscode-hadolint should also allow to run Hadolint as a container (using Docker, Podman, or another container manager). Running Hadolint within a container increases the security, because Hadolint has no access to the user's file system.

My workaround is to put the path of the following executable script within the settings of vscode-hadolint:

#!/bin/bash
dockerfile="$1"
shift
podman run --rm -i docker.io/hadolint/hadolint hadolint "$@" - < "$dockerfile"

But, the user experience may be better is the user do not need to code a that kind of wrapper script.

Thank you for maintaining this awesome extension, I use it with vscodium.com + https://open-vsx.org/extension/exiasr/hadolint

[michaellzc]

Some background -> https://github.com/michaellzc/vscode-hadolint/issues/37

That said, I am opened to accept such a feature provided that it supports all major OS and container runtimes. I don't have the bandwidth to implement it, so contribution from the community is welcome.

If you have some idea how to implement everything, let's discuss it in this thread.

[0uep]

OK I understand you do not have the bandwidth to implement #37. I also do not have time to propose a PR, so I close this issue.

In my opinion, the container image simplifies the user's life: there is no need to manually install and upgrade a local binary of Hadolint. Moreover, the container image increases the security as Hadolint does not have access to the user's file system.

We may imagine the following extension settings:

• Path to container engine (default may be "try docker else podman")
• Container image (default may be docker.io/hadolint/hadolint)
• Auto upgrade of the container image (e.g. performs a pull once a week)