Docker
A distroless multi-arch image is published to ghcr.io on every alint release.
Run against the current directory
Section titled “Run against the current directory”docker run --rm -v "$PWD:/repo" ghcr.io/asamarts/alint:latestThe image’s WORKDIR is /repo, so the bind-mount lets alint see your repo as if it were running on the host.
Pin to a version
Section titled “Pin to a version”docker run --rm -v "$PWD:/repo" ghcr.io/asamarts/alint:v0.9.20 checkTags published per release: the exact git tag (:v0.9.20), the bare semver (:0.9.20), the <major>.<minor> channel (:0.9), and :latest.
Apply auto-fixes
Section titled “Apply auto-fixes”The default user is the distroless nonroot user (UID 65532). For alint fix to write with host file ownership preserved, pass -u:
docker run --rm -u $(id -u):$(id -g) -v "$PWD:/repo" ghcr.io/asamarts/alint:latest fixWithout -u, fixed files end up owned by UID 65532 on the host — annoying to clean up.
Why distroless
Section titled “Why distroless”The base image is gcr.io/distroless/static-debian12:nonroot. No shell, no package manager, just glibc-free libc plus alint. Trivy/Grype scans against this base typically come back clean.
The in-image binary is the same statically-linked musl build that ships in the GitHub Release tarballs — byte-for-byte identical, so verifying one verifies the other.
CI usage
Section titled “CI usage”For one-shot lint runs in CI systems that prefer containers over running custom installers:
# Generic CI (GitLab, Drone, BuildKite, …)script: - docker run --rm -v "$PWD:/repo" ghcr.io/asamarts/alint:v0.9.20 check --format jsonFor GitHub Actions specifically, the official Action is more ergonomic.