Allow building the signer from source whilst still keeping container size down #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…size down Commit 3246cae (Notary 0.6.1, and rather than commit binaries, build using multistage dockerfiles.) provided support for building binaries from source, instead of introducing them into the repo. It also introduced multi-stage builds into the project. Multi-stage builds allow us to supply all of the build requirements into disposable build-containers. Once finished with, only the required build artifacts are copied out into a nice succinct run- container. This results in a container with a much smaller footprint. The issue is; Docker's Official Images platform does not yet support multi-stage builds. So until they do, we need to find a source of compromise. Here we start with a small base (Alpine), install only the build requirements we need, build from source, then once complete clean-up any unnecessary packages. This both allows for building from source AND keeps the final run-container nice and small. Signed-off-by: Lee Jones <lee.jones@linaro.org>
This was referenced Nov 2, 2018
yosifkit
reviewed
Nov 2, 2018
| @@ -1,27 +1,36 @@ | |||
| FROM golang:1.10.3-alpine | |||
| FROM alpine:latest | |||
There was a problem hiding this comment.
This should be a specific version of Alpine, like 3.8, to prevent possible incompatibilities (like when they switch ssl back to openssl).
|
Moved into #10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #7
Fixes: docker-library/official-images#4718
Fixes: notaryproject/notary#1380
Commit 3246cae (Notary 0.6.1, and rather than commit binaries,
build using multistage dockerfiles.) provided support for building
binaries from source, instead of introducing them into the repo. It
also introduced multi-stage builds into the project.
Multi-stage builds allow us to supply all of the build requirements
into disposable build-containers. Once finished with, only the
required build artifacts are copied out into a nice succinct run-
container. This results in a container with a much smaller
footprint.
The issue is; Docker's Official Images platform does not yet support
multi-stage builds. So until they do, we need to find a source of
compromise.
Here we start with a small base (Alpine), install only the build
requirements we need, build from source, then once complete clean-up
any unnecessary packages. This both allows for building from source
AND keeps the final run-container nice and small.
Signed-off-by: Lee Jones lee.jones@linaro.org