-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Global .dockerignore #12843
Comments
Not sure how I feel about this yet, but if we do have a global .dockerignore then it should probably be in the newly created $HOME/.docker config dir. |
@duglin Nope, docker should not create another directory directly under |
@crepererum I think it already does for quite a while. |
👍 Definitely, in favor a global |
+1 This might be an osx specific response... I use docker-osx-dev for folder sharing in dev as vboxsf is slow. docker-osx-dev obeys the In an ideal world, cp .gitignore .dockerignore
echo '.git' >> .dockerignore Having a global -- edit -- docker-osx-dev -i .gitignore -e .git |
@akash1810 the semantic of .dockerignore is close to but identical to .gitignore. For example |
One use-case for a global .gitignore would be to set os-specific files like the |
^ exactly. |
+1 for that |
I'm not to familiar with what Docker needs to ignore, but someone requested a new gitignore template for https://www.gitignore.io. Is there a standard |
@joeblau the |
@thaJeztah that's what I thought. I feel like the template this person is asking for isn't possible. What they need is a custom template based on the .dockerignore which I could also generate. |
Though there are some things though like the Readme, License, maybe |
+1 I could really use a global .dockerignore. |
Disagree. At least two things can be safely ignored globally, as mentioned above:
Whether the project be a Java, PHP, or Python project, you never want them in the image. Currently the only solution is to duplicate all those common entries in every |
@FranklinYu my reply was to "Is there a standard .dockerignore file that I can use for the template?" Although |
I have a custom build system in Sublime text that runs a script in the project directory. This script is where I set up whatever various commands I want to be run when I hit I have a convention of naming files that are "just for me" with a |
Another use case for this is when using environment managers such as direnv. I have |
Another use case is that I (and probably not only I) create With global |
this would be great, for people who use jetbrains, or whatever creates |
I miss this also, but I also found that adding .* at the very top of the .dockerignore file works pretty well for local builds. Your mileage may vary, explicit use of ! rules afterwards make certain context requirements more visible, too. /e: To fully skip context, use stdin for docker build. Maybe building from a local git repo for context works as well, I've never tried it. |
@thaJeztah Is there any update? Or at least interest in reviewing PR? |
Any updates? It's been 5 years... |
I'd also be interested in having updates. I understand the reasoning about "each project is different". A team can surely agree on something. If Git can do it, I (personally) don't see why Docker can't. |
@Pictor13 Likely because that are two different pair of shoes (and it's not the question of can or can't do - technically this is obviously trivial, which makes me wonder how it imposes any issues...). So actually wondering about what drives you with your comment beating a dead horse. Normally I would put the domain of the build more to the project (VCS/SCM) than to the systems side, so I'm wondering why I should let my system administrator configure that? And have you considered so far to let git do this? As you write, git can do it, was there a blocker doing it with git? |
What you call "dead" has actually no consensus, no clear decision, is still linked by #40319 as potential improvement and is still marked as open. I just didn't want to ask for news writing a useless "Any updates? It's been 6 years...".
I was talking of feasibility, as you also mentioned. A global |
@Pictor13 Sorry, using an idiom and what I meant is that from the three years or so ago when I was sharing with and contributing my comments to moby, somewhere between up to today, I stopped waiting for that feature and instead moved left and never had to return back - and doing so even if today this feature would be available would be a degradation for me. YMMV, this is with all due respect. Reading your comment - which was not complaining! - and reading about your knowledge about git - I was wondering whether or not you gave it a try already and hit blockers.
That depends a lot how you create the directory tree (or tarball or git repository) you let docker build obtain the build context from. Both horizontally and vertically. But at the end of the day it's the question whether you want to configure the build in the repository or in the system. So most likely on the one hand I can imagine it appears not possible with git and on the other hand it could be also that it should not be done with git (perhaps the system then is managed with some git, so also git again ). Choose your weapon first. And yes,. please continue to demand that feature. It's very important, I at least once needed it myself, see above. So at least my past self still wants this! And docker-build really needs a driver for git on the local file-system. So that it does not require network to build a revision from a local, non-bare repository. |
For what it's worth, I think this issue should be closed. If that feature were introduced, it would cause even more confusion for users. Now instead of having reproducibility issues because too many files are added, you have the reverse where some users have .ignored too many files. People on issues now have to ask users about their global .gitignore to make sure it didn't interfere with files in the project. The only way to be reproducible is to list each file that gets added individually. |
@zimbatm i disagree, dockerignore should only include artifacts relevant to the project, not cruft only relevant to a particular engineer’s local dev env I’ve never seen anyone asking about a users gitignore, but the only stuff that should go in there are .DS_Store, .idea, etc. Junk produced by your personal env. what are people doing :( |
@quinn-freshly I think zimbatm's concern is that (for example) if a user's global .dockerignore contains |
This idea is probably inspired by git. But git is not the same because the list of files is easily introspectable since it's part of the commit. If a user tries to add a file that has been globally ignored they get a notice, and can force it with In docker's case, the docker client compiles a tarball on the fly and sends that to the daemon along with the build instructions. That tarball is not exposed and the developer inspects the resulting image to find out what was added instead. |
Somewhat orthogonal to the discussion, but I should add here that "client compiles a tarball" is indeed how the "classic" builder works. When using BuildKit as builder (set For example, given the following "project": mkdir -p my-project/subdir && cd my-project
touch file1.txt file2.txt subdir/file3.txt subdir/file4.txt And this Dockerfile: FROM alpine
RUN mkdir -p /app/foo/
# This only sends file1.txt from the client, and ignores file-changes in other
# files. As a result, these steps are only executed if `file1.txt` changes, and
# will be cached otherwise.
COPY /file1.txt /app/
RUN cat /app/file1.txt
# This only sends files inside "subdir", and will be cached if those files did
# not change (and if the steps above were cached).
COPY /subdir/*.txt /app/foo/
RUN cat /app/foo/*.txt After doing an initial build: docker build .
[+] Building 1.4s (11/11) FINISHED
...
=> => writing image sha256:7dbaefbed0389e2c52dff7138dc3a28456f55d6741a4baac94fef1d2ad757286 0.0s Adding new files, or changing files that are not referenced by the Dockerfile will not affect the build: mkdir subdir2
touch new-file.txt subdir2/another-new-file.txt
echo "changed" >> file2.txt And all steps will still be cached: docker build .
...
=> CACHED [2/6] RUN mkdir -p /app/foo/ 0.0s
=> CACHED [3/6] COPY /file1.txt /app/ 0.0s
=> CACHED [4/6] RUN cat /app/file1.txt 0.0s
=> CACHED [5/6] COPY /subdir/*.txt /app/foo/ 0.0s
=> CACHED [6/6] RUN cat /app/foo/*.txt 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:7dbaefbed0389e2c52dff7138dc3a28456f55d6741a4baac94fef1d2ad757286 0.0s |
I agree with most of what's said above, and understand use-cases such as excluding common files (like
For the second bullet, a command to debug what's excluded (similar to So, from the above, I think the first focus should be on making excluded files more discoverable / debuggable before (deciding to) adding a global ignore. |
I agree that discoverability is an issue, and I think your proposal would be a nice solution. The BuildKit example looks promising too, thanks for the pointer! But the other two concerns you raised don't seem like barriers to this feature.
The global
I don't follow this concern. A |
❯ docker run -it --rm --entrypoint=/bin/bash test
root@82a2f7cc5f2d:/# ls / -lisa
total 68
668250 4 drwxr-xr-x 1 root root 4096 Sep 20 21:53 .
668250 4 drwxr-xr-x 1 root root 4096 Sep 20 21:53 ..
668212 8 -rw-r--r-- 1 root root 6148 Sep 20 21:49 .DS_Store Definitely in need of a global |
Not sure if this is the right place to request docker features? But I have another example. I'm using typescript, so the most practical way to have a scratch file that actually runs, is to put it inside the /src folder of the project. But, of course, this means that said scratch file will be injected into the built image. Since I use said (I use a global .gitignore to stop said file from being committed, obviously). |
I'm thinking a workaround would be to add a macro around the docker/docker compose command, so that it |
Could docker build also read |
Problem description
Users and developers use different editors and tool to edit, backup and process code, documentation and assets. It is not feasible to catch them all in a project's
.dockerignore
. Instead, a user should be able to blacklist the file of their own toolchain.Proposed solution
Add a global
.dockerignore
, e.g. at$HOME/config/docker/dockerignore
, which gets combined with the project's.dockerignore
.References
Docker is not the only tool with this problem. The problem is well known in the VCS world. GIT for example accepts the global
core.excludesfile
option which points to a global.gitignore
. This file is combined with the projects.gitignore
to blacklist more files.Open questions
The text was updated successfully, but these errors were encountered: