build(Dockerfile): minimal image for core

PlaceOS · Aug 12, 2021 · 8f43431 · 8f43431
1 parent ba103c7
commit 8f43431
Showing 1 changed file with 28 additions and 19 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -11,11 +11,11 @@ ARG PLACE_VERSION="DEV"
 WORKDIR /app
 
 # Install the latest version of LibSSH2, ping
-RUN apk add --update --no-cache \
-    ca-certificates \
-    iputils \
-    libssh2-static \
-    yaml-static
+RUN apk update && \
+    apk upgrade && \
+    apk add --no-cache \
+        ca-certificates \
+        iputils
 
 # Add trusted CAs for communicating with external services
 RUN update-ca-certificates
@@ -33,7 +33,7 @@ RUN adduser \
     --uid "${UID}" \
     "${USER}"
 
-# Install deps
+# Install dependencies
 COPY shard.yml /app
 COPY shard.override.yml /app
 COPY shard.lock /app
@@ -46,12 +46,21 @@ COPY src /app/src
 RUN UNAME_AT_COMPILE_TIME=true \
     PLACE_VERSION=${PLACE_VERSION} \
     PLACE_COMMIT=${PLACE_COMMIT} \
-    shards build ${TARGET} --production --release --static --error-trace
+    shards build ${TARGET} --production --release --error-trace
 
-# Create binary directories
-RUN mkdir -p repositories bin/drivers
+RUN mkdir -p /app/bin/drivers
 RUN chown appuser -R /app
 
+# Extract target's dependencies (produces a smaller image than static compilation)
+RUN ldd /app/bin/${TARGET} | tr -s '[:blank:]' '\n' | grep '^/' | \
+    xargs -I % sh -c 'mkdir -p $(dirname dependencies%); cp % dependencies%;'
+
+RUN ldd /bin/ping | tr -s '[:blank:]' '\n' | grep '^/' | \
+    xargs -I % sh -c 'mkdir -p $(dirname ping-dependencies%); cp % ping-dependencies%;'
+
+RUN ldd /bin/ping6 | tr -s '[:blank:]' '\n' | grep '^/' | \
+    xargs -I % sh -c 'mkdir -p $(dirname ping-dependencies%); cp % ping-dependencies%;'
+
 ###############################################################################
 
 FROM scratch as minimal
@@ -74,8 +83,11 @@ COPY --from=build /etc/group /etc/group
 # These provide certificate chain validation where communicating with external services over TLS
 ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 
+# Service dependencies
+COPY --from=build /app/dependencies /
 # Service binary
-COPY --from=build /app/bin /bin
+COPY --from=build /app/bin /bin/drivers
+COPY --from=build /app/bin /bin/${TARGET}
 
 USER appuser:appuser
 
@@ -87,16 +99,13 @@ CMD ["/bin/edge"]
 
 ###############################################################################
 
-# FIXME: core currently has a number of dependandancies on the runtime for
-# retreiving repositories and compiling drivers. When the migrates into an
-# external service, this can base from `minimal` instead for cleaner images.
-FROM build as core
-
-COPY --from=build /app/bin /bin
+FROM minimal as core
+ENV PATH=$PATH:/
 
-WORKDIR /app
-
-USER appuser:appuser
+# Include `ping`
+COPY --from=build /app/ping-dependencies /
+COPY --from=build /bin/ping /ping
+COPY --from=build /bin/ping6 /ping6
 
 EXPOSE 3000
 HEALTHCHECK CMD /bin/core --curl http://localhost:3000/api/core/v1