Skip to content

Commit

Permalink
feat: user multi-stage builds and remove apt and pip caches
Browse files Browse the repository at this point in the history
1. Remove apt cache after running `apt-get`
2. Pass `--no-cache-dir` to the `pip` command
3. Use multi-stage builds to remove the test layers from the final
   image.

Signed-off-by: Lucas Roesler <[email protected]>
  • Loading branch information
LucasRoesler authored and alexellis committed Oct 5, 2022
1 parent d3cd007 commit 79b444b
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 13 deletions.
8 changes: 5 additions & 3 deletions template/python27-flask/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
FROM ghcr.io/openfaas/of-watchdog:0.9.3 as watchdog
FROM python:2.7-alpine
FROM python:2.7-alpine as builder

COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
RUN chmod +x /usr/bin/fwatchdog
Expand All @@ -21,21 +21,23 @@ WORKDIR /home/app/
COPY --chown=app:app index.py .
COPY --chown=app:app requirements.txt .
USER root
RUN pip install -r requirements.txt
RUN pip install --no-cache-dir -r requirements.txt
USER app

RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /home/app/function/
COPY --chown=app:app function/requirements.txt .
RUN pip install --user -r requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt

WORKDIR /home/app/

USER root
COPY --chown=app:app function function
USER app

FROM builder as final

ENV fprocess="python index.py"
ENV cgi_headers="true"
ENV mode="http"
Expand Down
11 changes: 8 additions & 3 deletions template/python3-flask-debian/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ RUN chmod +x /usr/bin/fwatchdog
ARG ADDITIONAL_PACKAGE
# Alternatively use ADD https:// (which will not be cached by Docker builder)

RUN apt-get -qy update && apt-get -qy install gcc make ${ADDITIONAL_PACKAGE}
RUN apt-get -qy update \
&& apt-get -qy install gcc make ${ADDITIONAL_PACKAGE} \
&& rm -rf /var/lib/apt/lists/*

# Add non root user
RUN addgroup --system app && adduser app --system --ingroup app
Expand All @@ -23,7 +25,7 @@ COPY --chown=app:app index.py .
COPY --chown=app:app requirements.txt .

USER root
RUN pip install -r requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Build the function directory and install any user-specified components
USER app
Expand All @@ -32,17 +34,20 @@ RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /home/app/function/
COPY --chown=app:app function/requirements.txt .
RUN pip install --user -r requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt

#install function code
USER root

COPY --chown=app:app function/ .

FROM builder as tester
ARG TEST_COMMAND=tox
ARG TEST_ENABLED=true
RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"


FROM builder as final
WORKDIR /home/app/

#configure WSGI server and healthcheck
Expand Down
7 changes: 5 additions & 2 deletions template/python3-flask/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ COPY --chown=app:app index.py .
COPY --chown=app:app requirements.txt .

USER root
RUN pip install -r requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Build the function directory and install any user-specified components
USER app
Expand All @@ -32,17 +32,20 @@ RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /home/app/function/
COPY --chown=app:app function/requirements.txt .
RUN pip install --user -r requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt

#install function code
USER root

COPY --chown=app:app function/ .


FROM builder as tester
ARG TEST_COMMAND=tox
ARG TEST_ENABLED=true
RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"

FROM builder as final
WORKDIR /home/app/

#configure WSGI server and healthcheck
Expand Down
12 changes: 9 additions & 3 deletions template/python3-http-debian/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ RUN chmod +x /usr/bin/fwatchdog
ARG ADDITIONAL_PACKAGE
# Alternatively use ADD https:// (which will not be cached by Docker builder)

RUN apt-get -qy update && apt-get -qy install ${ADDITIONAL_PACKAGE}
RUN apt-get -qy update \
&& apt-get -qy install ${ADDITIONAL_PACKAGE} \
&& rm -rf /var/lib/apt/lists/*

# Add non root user
RUN addgroup --system app && adduser app --system --ingroup app
Expand All @@ -22,22 +24,26 @@ WORKDIR /home/app/
COPY --chown=app:app index.py .
COPY --chown=app:app requirements.txt .
USER root
RUN pip install -r requirements.txt
RUN pip install --no-cache-dir -r requirements.txt
USER app

RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /home/app/function/
COPY --chown=app:app function/requirements.txt .
RUN pip install --user -r requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt

USER root
COPY --chown=app:app function/ .

FROM builder as tester

ARG TEST_COMMAND=tox
ARG TEST_ENABLED=true
RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"


FROM builder as final
WORKDIR /home/app/

USER app
Expand Down
6 changes: 4 additions & 2 deletions template/python3-http/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ WORKDIR /home/app/
COPY --chown=app:app index.py .
COPY --chown=app:app requirements.txt .
USER root
RUN pip install -r requirements.txt
RUN pip install --no-cache-dir -r requirements.txt

# Build the function directory and install any user-specified components
USER app
Expand All @@ -31,16 +31,18 @@ RUN mkdir -p function
RUN touch ./function/__init__.py
WORKDIR /home/app/function/
COPY --chown=app:app function/requirements.txt .
RUN pip install --user -r requirements.txt
RUN pip install --no-cache-dir --user -r requirements.txt

# install function code
USER root
COPY --chown=app:app function/ .

FROM builder as tester
ARG TEST_COMMAND=tox
ARG TEST_ENABLED=true
RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"

FROM builder as final
WORKDIR /home/app/

# configure WSGI server and healthcheck
Expand Down

0 comments on commit 79b444b

Please sign in to comment.