From 36b62e6d5438ff9723af3198e44eb73d34b9c3e1 Mon Sep 17 00:00:00 2001 From: Lucas Roesler Date: Sat, 20 Aug 2022 13:25:52 +0200 Subject: [PATCH] feat: user multi-stage builds and remove apt and pip caches 1. Remove apt cache after running `apt-get` 2. Pass `--no-cache-dir` to the `pip` command 3. Use multi-stage builds to remove the test layers from the final image. Signed-off-by: Lucas Roesler --- template/python27-flask/Dockerfile | 8 +++++--- template/python3-flask-debian/Dockerfile | 11 ++++++++--- template/python3-flask/Dockerfile | 7 +++++-- template/python3-http-debian/Dockerfile | 12 +++++++++--- template/python3-http/Dockerfile | 6 ++++-- 5 files changed, 31 insertions(+), 13 deletions(-) diff --git a/template/python27-flask/Dockerfile b/template/python27-flask/Dockerfile index 741cb9c..16e061e 100644 --- a/template/python27-flask/Dockerfile +++ b/template/python27-flask/Dockerfile @@ -1,5 +1,5 @@ FROM ghcr.io/openfaas/of-watchdog:0.9.3 as watchdog -FROM python:2.7-alpine +FROM python:2.7-alpine as builder COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog RUN chmod +x /usr/bin/fwatchdog @@ -21,14 +21,14 @@ WORKDIR /home/app/ COPY --chown=app:app index.py . COPY --chown=app:app requirements.txt . USER root -RUN pip install -r requirements.txt +RUN pip install --no-cache-dir -r requirements.txt USER app RUN mkdir -p function RUN touch ./function/__init__.py WORKDIR /home/app/function/ COPY --chown=app:app function/requirements.txt . -RUN pip install --user -r requirements.txt +RUN pip install --no-cache-dir --user -r requirements.txt WORKDIR /home/app/ @@ -36,6 +36,8 @@ USER root COPY --chown=app:app function function USER app +FROM builder as final + ENV fprocess="python index.py" ENV cgi_headers="true" ENV mode="http" diff --git a/template/python3-flask-debian/Dockerfile b/template/python3-flask-debian/Dockerfile index f3e5cd3..e9ad618 100644 --- a/template/python3-flask-debian/Dockerfile +++ b/template/python3-flask-debian/Dockerfile @@ -7,7 +7,9 @@ RUN chmod +x /usr/bin/fwatchdog ARG ADDITIONAL_PACKAGE # Alternatively use ADD https:// (which will not be cached by Docker builder) -RUN apt-get -qy update && apt-get -qy install gcc make ${ADDITIONAL_PACKAGE} +RUN apt-get -qy update \ + && apt-get -qy install gcc make ${ADDITIONAL_PACKAGE} \ + && rm -rf /var/lib/apt/lists/* # Add non root user RUN addgroup --system app && adduser app --system --ingroup app @@ -23,7 +25,7 @@ COPY --chown=app:app index.py . COPY --chown=app:app requirements.txt . USER root -RUN pip install -r requirements.txt +RUN pip install --no-cache-dir -r requirements.txt # Build the function directory and install any user-specified components USER app @@ -32,17 +34,20 @@ RUN mkdir -p function RUN touch ./function/__init__.py WORKDIR /home/app/function/ COPY --chown=app:app function/requirements.txt . -RUN pip install --user -r requirements.txt +RUN pip install --no-cache-dir --user -r requirements.txt #install function code USER root COPY --chown=app:app function/ . +FROM builder as tester ARG TEST_COMMAND=tox ARG TEST_ENABLED=true RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND" + +FROM builder as final WORKDIR /home/app/ #configure WSGI server and healthcheck diff --git a/template/python3-flask/Dockerfile b/template/python3-flask/Dockerfile index f9203a0..fc7caa0 100644 --- a/template/python3-flask/Dockerfile +++ b/template/python3-flask/Dockerfile @@ -23,7 +23,7 @@ COPY --chown=app:app index.py . COPY --chown=app:app requirements.txt . USER root -RUN pip install -r requirements.txt +RUN pip install --no-cache-dir -r requirements.txt # Build the function directory and install any user-specified components USER app @@ -32,17 +32,20 @@ RUN mkdir -p function RUN touch ./function/__init__.py WORKDIR /home/app/function/ COPY --chown=app:app function/requirements.txt . -RUN pip install --user -r requirements.txt +RUN pip install --no-cache-dir --user -r requirements.txt #install function code USER root COPY --chown=app:app function/ . + +FROM builder as tester ARG TEST_COMMAND=tox ARG TEST_ENABLED=true RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND" +FROM builder as final WORKDIR /home/app/ #configure WSGI server and healthcheck diff --git a/template/python3-http-debian/Dockerfile b/template/python3-http-debian/Dockerfile index 8f285d7..81b4edb 100644 --- a/template/python3-http-debian/Dockerfile +++ b/template/python3-http-debian/Dockerfile @@ -7,7 +7,9 @@ RUN chmod +x /usr/bin/fwatchdog ARG ADDITIONAL_PACKAGE # Alternatively use ADD https:// (which will not be cached by Docker builder) -RUN apt-get -qy update && apt-get -qy install ${ADDITIONAL_PACKAGE} +RUN apt-get -qy update \ + && apt-get -qy install ${ADDITIONAL_PACKAGE} \ + && rm -rf /var/lib/apt/lists/* # Add non root user RUN addgroup --system app && adduser app --system --ingroup app @@ -22,22 +24,26 @@ WORKDIR /home/app/ COPY --chown=app:app index.py . COPY --chown=app:app requirements.txt . USER root -RUN pip install -r requirements.txt +RUN pip install --no-cache-dir -r requirements.txt USER app RUN mkdir -p function RUN touch ./function/__init__.py WORKDIR /home/app/function/ COPY --chown=app:app function/requirements.txt . -RUN pip install --user -r requirements.txt +RUN pip install --no-cache-dir --user -r requirements.txt USER root COPY --chown=app:app function/ . +FROM builder as tester + ARG TEST_COMMAND=tox ARG TEST_ENABLED=true RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND" + +FROM builder as final WORKDIR /home/app/ USER app diff --git a/template/python3-http/Dockerfile b/template/python3-http/Dockerfile index 568351b..9a4eba2 100644 --- a/template/python3-http/Dockerfile +++ b/template/python3-http/Dockerfile @@ -22,7 +22,7 @@ WORKDIR /home/app/ COPY --chown=app:app index.py . COPY --chown=app:app requirements.txt . USER root -RUN pip install -r requirements.txt +RUN pip install --no-cache-dir -r requirements.txt # Build the function directory and install any user-specified components USER app @@ -31,16 +31,18 @@ RUN mkdir -p function RUN touch ./function/__init__.py WORKDIR /home/app/function/ COPY --chown=app:app function/requirements.txt . -RUN pip install --user -r requirements.txt +RUN pip install --no-cache-dir --user -r requirements.txt # install function code USER root COPY --chown=app:app function/ . +FROM builder as tester ARG TEST_COMMAND=tox ARG TEST_ENABLED=true RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND" +FROM builder as final WORKDIR /home/app/ # configure WSGI server and healthcheck