From 09f22a232dd436106e67406a45acc0998d590f37 Mon Sep 17 00:00:00 2001 From: Caspian Baska Date: Fri, 13 Aug 2021 00:08:58 +1000 Subject: [PATCH] build(Dockerfile): minimal image for core --- Dockerfile | 50 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/Dockerfile b/Dockerfile index e8f40800..aad64af9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ # One of `core` | `edge` ARG TARGET=core +ARG CRYSTAL_VERSION=1.1.1 -FROM crystallang/crystal:1.0.0-alpine as build +FROM crystallang/crystal:${CRYSTAL_VERSION}-alpine as build ARG PLACE_COMMIT="DEV" ARG PLACE_VERSION="DEV" @@ -10,11 +11,11 @@ ARG TARGET WORKDIR /app # Install the latest version of LibSSH2, ping -RUN apk add --update --no-cache \ - ca-certificates \ - iputils \ - libssh2-static \ - yaml-static +RUN apk update && \ + apk upgrade && \ + apk add --no-cache \ + ca-certificates \ + iputils # Add trusted CAs for communicating with external services RUN update-ca-certificates @@ -32,7 +33,7 @@ RUN adduser \ --uid "${UID}" \ "${USER}" -# Install deps +# Install dependencies COPY shard.yml /app COPY shard.override.yml /app COPY shard.lock /app @@ -45,12 +46,21 @@ COPY src /app/src RUN UNAME_AT_COMPILE_TIME=true \ PLACE_VERSION=${PLACE_VERSION} \ PLACE_COMMIT=${PLACE_COMMIT} \ - shards build ${TARGET} --production --release --static --error-trace + shards build ${TARGET} --production --release --error-trace -# Create binary directories -RUN mkdir -p repositories bin/drivers +RUN mkdir -p /app/bin/drivers RUN chown appuser -R /app +# Extract target's dependencies (produces a smaller image than static compilation) +RUN ldd /app/bin/${TARGET} | tr -s '[:blank:]' '\n' | grep '^/' | \ + xargs -I % sh -c 'mkdir -p $(dirname dependencies%); cp % dependencies%;' + +RUN ldd /bin/ping | tr -s '[:blank:]' '\n' | grep '^/' | \ + xargs -I % sh -c 'mkdir -p $(dirname ping-dependencies%); cp % ping-dependencies%;' + +RUN ldd /bin/ping6 | tr -s '[:blank:]' '\n' | grep '^/' | \ + xargs -I % sh -c 'mkdir -p $(dirname ping-dependencies%); cp % ping-dependencies%;' + ############################################################################### FROM scratch as minimal @@ -73,8 +83,11 @@ COPY --from=build /etc/group /etc/group # These provide certificate chain validation where communicating with external services over TLS ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt +# Service dependencies +COPY --from=build /app/dependencies / # Service binary -COPY --from=build /app/bin /bin +COPY --from=build /app/bin /bin/drivers +COPY --from=build /app/bin /bin/${TARGET} USER appuser:appuser @@ -86,16 +99,13 @@ CMD ["/bin/edge"] ############################################################################### -# FIXME: core currently has a number of dependandancies on the runtime for -# retreiving repositories and compiling drivers. When the migrates into an -# external service, this can base from `minimal` instead for cleaner images. -FROM build as core - -COPY --from=build /app/bin /bin +FROM minimal as core +ENV PATH=$PATH:/ -WORKDIR /app - -USER appuser:appuser +# Include `ping` +COPY --from=build /app/ping-dependencies / +COPY --from=build /bin/ping /ping +COPY --from=build /bin/ping6 /ping6 EXPOSE 3000 HEALTHCHECK CMD /bin/core --curl http://localhost:3000/api/core/v1