Skip to main content
Xianpeng Shen
  1. Posts/

A Three-Year Community Pain Point—I Put Hadolint on PyPI, Ending Manual Installation

·444 words·3 mins· ·
Xianpeng Shen
Hadolint Pre-Commit
Xianpeng Shen
Author
Xianpeng Shen
Engineer. Builder. Maintainer.
Table of Contents

If you are a developer who pursues code quality, Hadolint must be indispensable in your toolkit. As the benchmark for Dockerfile syntax checking, it helps you write higher-quality Dockerfiles.

However, when integrating into the pre-commit workflow, Hadolint has always had a nagging problem: there is no official, automatically installable binary version for pre-commit to use.

Pain Point Revisited: The Missing “Automation” Last Mile
#

If you want to use Hadolint in pre-commit, there are usually only two ways:

  1. System Mode: You must first manually download the Hadolint binary and configure environment variables on your Mac/Linux/Windows. If there are 10 people on the team, you’d have to teach all 10 how to install it.
  2. Docker Mode: Run via hadolint-docker. But this requires Docker to be installed in the runtime environment, and running Docker containers in a nested fashion in a CI environment (e.g., GitHub Actions) is slow and complex to configure.

This problem has been hanging in the Hadolint GitHub repository for three years Issue #886.

The Breakthrough: Making Hadolint “Disguise” Itself as a Python Package
#

My approach was straightforward: since pre-commit has the most perfect support for Python packages, I’ll just give Hadolint a Python shell.

The inspiration came from my previous experience packaging Gnuplot—packaging binary files directly into Python packages and uploading them to PyPI allows pre-commit to install them just like any other Python tool.

Just yesterday, I officially released hadolint-py and hadolint-pre-commit, solving this three-year-old problem. The specific approach consists of three steps:

  1. Binary Packaging: Encapsulate Hadolint’s latest native binary into a Python Wheel package and upload it to PyPI.
  2. Zero-Dependency Installation: When executing pip install hadolint-py, the Hadolint executable will automatically land in the Python environment’s bin/ directory, ready for direct use.
  3. Seamless Integration: For pre-commit, it’s now as simple as calling flake8 or black, no longer requiring any additional software to be pre-installed.

How to Get Started?
#

Just add the following configuration to .pre-commit-config.yaml:

repos:
  - repo: https://github.com/shenxianpeng/hadolint-pre-commit
    rev: v2.14.0.1
    hooks:
      - id: hadolint

It’s that simple. Whether for local development or CI pipelines, as long as there’s a Python environment, Hadolint is plug-and-play.

Is This Solution Reliable?
#

The “binary to Python package” approach has already been validated by the gnuplot-wheel project, significantly lowering the barrier to entry for tools. hadolint-py continues with the same method, simply swapping out the main character for Hadolint.

If you have also been troubled by Hadolint’s installation issues, or are looking for a cleaner Dockerfile Lint solution, feel free to try it out and give it a Star. For any questions or suggestions, please feel free to raise an Issue on GitHub for discussion.

Related

How to Claim the 'Lottery Ticket' of Open Source—Starting from thanks.dev's Operational Mechanism

·729 words·4 mins
Xianpeng Shen
Donation
In the previous article, I wrote about receiving a donation from Canonical, and a reader asked: How did you get selected? At first, I didn’t fully understand it either. Later, after carefully studying thanks.dev’s operational mechanism, I finally figured out the underlying logic of the whole thing—and what kind of projects are more likely to be funded by downstream vendors.

Thanks to Canonical’s Generous Donation—badgepy Continues as Free and Open Source

·461 words·3 mins
Xianpeng Shen
Donation
Today, I unexpectedly discovered that Canonical has been donating to me via thanks.dev for four consecutive months to support the development of badgepy. Although the amount is small, this feedback means a lot to me. It made me realize that sometimes, if we just keep doing the right thing without worrying too much about rewards, the results might come back to us in a warm and unexpected way, from a place we never anticipated.

Job Search—Why the "Nuclear Weapon" Strategy Might Be the Winning Formula for 2026

·982 words·5 mins
Xianpeng Shen
Job
Today’s job market values practical skills and the ability to create value more than ever before, rather than just academic qualifications. This post shares the story of a high school dropout who successfully joined OpenAI through self-study and actively creating opportunities, and why directly showcasing your “nuclear weapon” achievements might be the most effective strategy for job searching.

Don't Learn OpenClaw—It Won't Last the Year

·861 words·2 mins
Xianpeng Shen
OpenClaw
OpenClaw is a great idea, but it won’t be a great solution. High costs, security risks, big tech competition, and a lack of user education—these four obstacles combined make it difficult to sustain a long-term prosperous ecosystem.

2025 DevOps State of the Report—Skills are No Longer a Bonus, but a 'Must-Have'!

·497 words·3 mins
Xianpeng Shen
DevOps
The latest ‘2025 State of DevOps Report’ reveals that DevOps skills have become an essential requirement for career survival. 40% of enterprises list them as “must-have,” with another 43% indicating they will soon be mandatory. Employers value practical experience more than training certifications. Despite the high popularity of AIOps and DevSecOps, their actual implementation is still in its early stages.
 How to Claim the 'Lottery Ticket' of Open Source—Starting from thanks.dev's Operational Mechanism