Installation and usage instructions for CI/CD validation tools (hadolint, shellcheck, actionlint, yamllint, yq). Used by devops-coding-agent and devops-integration-agent for local validation.
Installation and usage instructions for tools required by /prepare-infrastructure agents.
Purpose: Validate CI/CD scripts locally without deployment or cloud costs.
| Tool | Purpose | Validates |
|---|---|---|
| hadolint | Dockerfile linter | Dockerfile best practices, security |
| shellcheck | Shell script analyzer | Bash/sh script correctness |
| actionlint | GitHub Actions linter | Workflow syntax, best practices |
| yamllint | YAML linter | YAML syntax and style |
| yq | YAML processor | Query/transform YAML files |
# All tools via winget (Windows Package Manager)
winget install hadolint.hadolint --accept-package-agreements --silent
winget install koalaman.shellcheck --accept-package-agreements --silent
winget install rhysd.actionlint --accept-package-agreements --silent
winget install MikeFarah.yq --accept-package-agreements --silent
# yamllint via pip (Python package)
pip install yamllint
Note: Restart terminal after winget installs to refresh PATH.
choco install hadolint shellcheck actionlint yq -y
pip install yamllint
scoop install hadolint shellcheck actionlint yq
pip install yamllint
# hadolint (download binary)
wget -qO /usr/local/bin/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
chmod +x /usr/local/bin/hadolint
# shellcheck
apt-get update && apt-get install -y shellcheck
# actionlint (download binary)
wget -qO- https://github.com/rhysd/actionlint/releases/latest/download/actionlint_1.7.9_linux_amd64.tar.gz | tar xz -C /usr/local/bin actionlint
# yq (download binary)
wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
chmod +x /usr/local/bin/yq
# yamllint
pip install yamllint
brew install hadolint shellcheck actionlint yq
pip install yamllint
brew install hadolint shellcheck actionlint yq yamllint
- name: Install validation tools
run: |
# hadolint
wget -qO /usr/local/bin/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
chmod +x /usr/local/bin/hadolint
# shellcheck (pre-installed on ubuntu-latest)
# actionlint
wget -qO- https://github.com/rhysd/actionlint/releases/latest/download/actionlint_1.7.9_linux_amd64.tar.gz | tar xz -C /usr/local/bin actionlint
# yq
wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
chmod +x /usr/local/bin/yq
# yamllint
pip install yamllint
# hadolint
docker run --rm -i hadolint/hadolint < Dockerfile
# shellcheck
docker run --rm -v "$PWD:/mnt" koalaman/shellcheck scripts/*.sh
# actionlint
docker run --rm -v "$PWD:/repo" rhysd/actionlint -color /repo/.github/workflows/*.yml
# Lint single Dockerfile
hadolint Dockerfile
# Lint with specific rules ignored
hadolint --ignore DL3008 --ignore DL3009 Dockerfile
# Output as JSON
hadolint --format json Dockerfile
# Lint multiple Dockerfiles
hadolint */Dockerfile
Common Rules to Consider:
DL3008 - Pin versions in apt-get installDL3009 - Delete apt cache after installDL3025 - Use JSON form for CMD# Check single script
shellcheck script.sh
# Check all shell scripts
shellcheck scripts/*.sh
# Exclude specific warnings
shellcheck --exclude=SC1091 script.sh
# Output as JSON
shellcheck --format=json script.sh
# Severity filter (error, warning, info, style)
shellcheck --severity=error scripts/*.sh
Common Codes:
SC1091 - Not following sourced filesSC2086 - Quote to prevent word splittingSC2034 - Unused variable# Lint all workflows in .github/workflows/
actionlint
# Lint specific workflow
actionlint .github/workflows/ci.yml
# With color output
actionlint -color
# Output as JSON
actionlint -format json
What it validates:
${{ }})# Lint single file
yamllint file.yml
# Lint directory
yamllint .github/workflows/
# Strict mode
yamllint --strict file.yml
# Custom config
yamllint -c .yamllint.yml file.yml
Recommended .yamllint.yml: