From 2a7684370051b8d4bfb3dd634b434a8cc8fffd07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Mierzwa?= Date: Wed, 9 Aug 2017 21:54:23 -0700 Subject: [PATCH] Use Docker multi-stage builds to reduce final docker image size For second stage use https://github.com/GoogleCloudPlatform/distroless which provides a minimal image with CA certificates. Binary is compiled with CGO_ENABLED=0 to prevent dynamical linking to any libraries. --- Dockerfile | 17 ++++++----------- Makefile | 2 +- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 15f237167..29342ca2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,11 @@ -FROM golang:1.8.3-alpine - +FROM golang:1.8.3-alpine3.6 as unsee-builder COPY . /go/src/github.com/cloudflare/unsee ARG VERSION +RUN apk add --update make git nodejs nodejs-npm +RUN CGO_ENABLED=0 make -C /go/src/github.com/cloudflare/unsee VERSION="${VERSION:-dev}" unsee -RUN apk add --update --no-cache --virtual .build-dependencies \ - make git nodejs && \ - make -C /go/src/github.com/cloudflare/unsee VERSION="${VERSION:-dev}" && \ - mv /go/src/github.com/cloudflare/unsee/unsee /bin/unsee && \ - rm -fr /go/src && \ - apk del .build-dependencies - +FROM gcr.io/distroless/base +COPY --from=unsee-builder /go/src/github.com/cloudflare/unsee/unsee /unsee EXPOSE 8080 - -CMD ["unsee"] +CMD ["/unsee"] diff --git a/Makefile b/Makefile index e753ee739..f21b08484 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,7 @@ run: $(NAME) ./$(NAME) .PHONY: docker-image -docker-image: bindata_assetfs.go +docker-image: docker build --build-arg VERSION=$(VERSION) -t $(NAME):$(VERSION) . .PHONY: run-docker