Reduce image size to ~580MB by making sure we get absolutely nothing …

…but production dependencies, and clear all caches.
refine · Aug 24, 2015 · 243be57 · 243be57
1 parent eeaa07c
commit 243be57
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 10 deletions.
diff --git a/.npmignore b/.npmignore
@@ -2,13 +2,16 @@
 .DS_Store
 /*.tgz
 /.bowerrc
+/.dockerignore
 /.editorconfig
 /.env
 /.gitignore
 /.idea/
 /.jscsrc
 /.npmignore
 /.npmrc
+/.travis.yml
+/docker
 /Dockerfile
 /bower.json
 /component.json

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,13 @@
 FROM openstf/base:v1.0.1
 
-# Add a user for the app.
+# Add a user for building and running the app.
 RUN useradd --system \
+      --create-home \
+      --shell /usr/sbin/nologin \
+      stf-build && \
+    useradd --system \
       --no-create-home \
       --shell /usr/sbin/nologin \
-      --home-dir /app \
       stf
 
 # Sneak the stf executable into $PATH.
@@ -18,14 +21,29 @@ WORKDIR /app
 EXPOSE 3000
 
 # Copy app source.
-COPY . /app/
-
-# Get the rest of the dependencies and build.
-RUN export PATH=/app/node_modules/.bin:$PATH && \
-    npm install && \
-    bower install --allow-root && \
-    gulp build && \
-    npm prune --production
+COPY . /tmp/build/
+
+# Give permissions to our build user.
+RUN mkdir -p /app && \
+    chown -R stf-build:stf-build /tmp/build /app
+
+# Switch over to the build user.
+USER stf-build
+
+# Run the build.
+RUN set -x && \
+    cd /tmp/build && \
+    export PATH=$PWD/node_modules/.bin:$PATH && \
+    npm install --loglevel http && \
+    npm pack && \
+    tar xzf stf-*.tgz --strip-components 1 -C /app && \
+    bower cache clean && \
+    npm prune --production && \
+    mv node_modules /app && \
+    npm cache clean && \
+    rm -rf ~/.node-gyp && \
+    cd /app && \
+    rm -rf /tmp/*
 
 # Switch to weak user.
 USER stf