--platform flag should not use a constant value.
| Property | Value |
|---|---|
| Severity | Off |
| Category | Best Practice |
| Default | Disabled (superseded by tally/platform-mismatch) |
Tally behavior deviation
Tally disables this rule by default because hardcoding--platform is
legitimate in several real-world scenarios:
- ARM-only services. Deployments targeting AWS Graviton or other ARM-only
infrastructure use
FROM --platform=linux/arm64to ensure the correct architecture regardless of where the build runs. - Windows containers. Windows Dockerfiles use
FROM --platform=windows/amd64 mcr.microsoft.com/...to explicitly target Windows, which is necessary when the builder could be multi-platform. - Cross-compilation. Go and Rust projects commonly use
FROM --platform=linux/amd64 golang:1.22for a specific builder stage while the final image targets a different architecture.
--platform values, tally validates them
against the registry with tally/platform-mismatch.
This catches provable errors (image doesn’t publish the requested platform)
without flagging intentional platform pinning.
You can re-enable this rule via configuration if you prefer the BuildKit
behavior:
Description
When the--platform flag appears with a hardcoded value, it restricts image
building to a single target platform, preventing multi-platform images.
The recommended strategy involves:
- Removing
FROM --platformand applying--platformat build time. - Substituting
$BUILDPLATFORMor comparable variable expressions. - Naming stages to reflect platform when containing platform-specific operations.
Examples
Bad:Supersedes
See also
tally/platform-mismatch— validates explicit--platformagainst the registry instead of discouraging it- buildkit/FromPlatformFlagConstDisallowed