Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update minimal dockerfiles to use multi-stage builds to achieve minimalness #1312

Merged
merged 1 commit into from
Mar 27, 2018
Merged

Update minimal dockerfiles to use multi-stage builds to achieve minimalness #1312

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 25 additions & 6 deletions server.minimal.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,38 @@
FROM golang:1.9.4-alpine AS build-env
RUN apk add --update git gcc libc-dev
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If "tiny-ness" is important; use --no-cache instead;

docker build -t before -<<EOF
FROM golang:1.9.4-alpine AS build-env
RUN apk add --update git gcc libc-dev
EOF

docker build -t after -<<EOF
FROM golang:1.9.4-alpine AS build-env
RUN apk add --no-cache git gcc libc-dev
EOF
REPOSITORY      CREATED                  SIZE
after           Less than a second ago   386MB
before          Less than a second ago   387MB

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is using a build image and a final image, though - does the no-cache affect the final image? This is the before and after image built with the server.minimal.Dockerfile, without the --no-cache option and with the --no-cache option:

REPOSITORY                                       TAG                    IMAGE ID            CREATED              SIZE
<none>                                           <none>                 fa5c316b8562        17 seconds ago       540MB
after                                            latest                 f3f0621261c3        About a minute ago   21.1MB
before                                           latest                 f3f0621261c3        About a minute ago   21.1MB
<none>                                           <none>                 82a30458273b        About a minute ago   540MB

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No it doesn't affect the final image (but does affect your local cache 😅); it was mainly a nit, and I wanted to mention --no-cache because it's awesome: it takes care of everything (updating the index, and removing it afterwards)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh nice! It seems to only be a MB or less, so in this case it seems ok, but I will keep that in mind for all my other images!

# Pin to the specific v3.0.0 version
RUN go get -tags 'mysql postgres file' github.com/mattes/migrate/cli && mv /go/bin/cli /go/bin/migrate

ENV NOTARYPKG github.com/theupdateframework/notary

# Copy the local repo to the expected go path
COPY . /go/src/${NOTARYPKG}
WORKDIR /go/src/${NOTARYPKG}

# Build notary-server
RUN go install \
-tags pkcs11 \
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" \
${NOTARYPKG}/cmd/notary-server


FROM busybox:latest
MAINTAINER David Lawrence "david.lawrence@docker.com"

# the ln is for compatibility with the docker-compose.yml, making these
# images a straight swap for the those built in the compose file.
RUN mkdir -p /usr/bin /var/lib && ln -s /bin/env /usr/bin/env

COPY ./bin/notary-server /usr/bin/notary-server
COPY ./bin/migrate /usr/bin/migrate
COPY ./bin/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
COPY ./fixtures /var/lib/notary/fixtures
COPY ./migrations /var/lib/notary/migrations
COPY --from=build-env /go/bin/notary-server /usr/bin/notary-server
COPY --from=build-env /go/bin/migrate /usr/bin/migrate
COPY --from=build-env /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
COPY --from=build-env /go/src/github.com/theupdateframework/notary/migrations/ /var/lib/notary/migrations
COPY --from=build-env /go/src/github.com/theupdateframework/notary/fixtures /var/lib/notary/fixtures
RUN chmod 0600 /var/lib/notary/fixtures/database/*

WORKDIR /var/lib/notary
# SERVICE_NAME needed for migration script
ENV SERVICE_NAME=notary_server
EXPOSE 4443

ENTRYPOINT [ "/usr/bin/notary-server" ]
CMD [ "-config=/var/lib/notary/fixtures/server-config-local.json" ]
30 changes: 25 additions & 5 deletions signer.minimal.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,37 @@
FROM golang:1.9.4-alpine AS build-env
RUN apk add --update git gcc libc-dev
# Pin to the specific v3.0.0 version
RUN go get -tags 'mysql postgres file' github.com/mattes/migrate/cli && mv /go/bin/cli /go/bin/migrate

ENV NOTARYPKG github.com/theupdateframework/notary

# Copy the local repo to the expected go path
COPY . /go/src/${NOTARYPKG}
WORKDIR /go/src/${NOTARYPKG}

# Build notary-signer
RUN go install \
-tags pkcs11 \
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" \
${NOTARYPKG}/cmd/notary-signer


FROM busybox:latest
MAINTAINER David Lawrence "david.lawrence@docker.com"

# the ln is for compatibility with the docker-compose.yml, making these
# images a straight swap for the those built in the compose file.
RUN mkdir -p /usr/bin /var/lib && ln -s /bin/env /usr/bin/env

COPY ./bin/notary-signer /usr/bin/notary-signer
COPY ./bin/migrate /usr/bin/migrate
COPY ./bin/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
COPY ./fixtures /var/lib/notary/fixtures
COPY ./migrations /var/lib/notary/migrations
COPY --from=build-env /go/bin/notary-signer /usr/bin/notary-signer
COPY --from=build-env /go/bin/migrate /usr/bin/migrate
COPY --from=build-env /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
COPY --from=build-env /go/src/github.com/theupdateframework/notary/migrations/ /var/lib/notary/migrations
COPY --from=build-env /go/src/github.com/theupdateframework/notary/fixtures /var/lib/notary/fixtures
RUN chmod 0600 /var/lib/notary/fixtures/database/*

WORKDIR /var/lib/notary
# SERVICE_NAME needed for migration script
ENV SERVICE_NAME=notary_signer
ENV NOTARY_SIGNER_DEFAULT_ALIAS="timestamp_1"
ENV NOTARY_SIGNER_TIMESTAMP_1="testpassword"
Expand Down