DL3008 : Pin versions in apt-get install

Description

Packages installed with apt-get or apt should be version pinned to ensure deterministic builds.

Goals

• Encourage reproducible builds by fixing package versions.
• Prevent accidental upgrades during future rebuilds.

Specification

1. Inspect each RUN instruction.
2. Replace line continuations with spaces and split the command on &&, ||, and ; separators.
3. Tokenize each segment into fields.
4. When a segment invokes apt-get or apt followed by install, examine subsequent package arguments.
5. If any package argument that doesn't start with - lacks an = with a non-empty version value, emit DL3008 at the instruction line.

(c) 2025 Asymmetric Effort, LLC. scaldwell@asymmetric-effort.com