Convert to multi-stage builds or minimize layers in Dockerfiles if possible

[rdimaio]

Multi-stage builds are the current way that Docker images are recommended to be built:

• https://docs.docker.com/get-started/docker-concepts/building-images/multi-stage-builds/
• https://docs.docker.com/build/building/multi-stage/

Multi-stage builds introduce multiple stages in your Dockerfile, each with a specific purpose. Think of it like the ability to run different parts of a build in multiple different environments, concurrently. By separating the build environment from the final runtime environment, you can significantly reduce the image size and attack surface. This is especially beneficial for applications with large build dependencies.

We do this in some images, e.g.: https://github.com/rucio/containers/blob/master/test-webdav/Dockerfile

But it could be worth trying to convert all Dockerfiles into this format, if possible; otherwise, we can try minimizing the layers.

For reference:

• https://stackoverflow.com/questions/39223249/multiple-run-vs-single-chained-run-in-dockerfile-which-is-better
• https://stackoverflow.com/questions/61438916/dockerfile-one-line-vs-multi-line-instruction
• https://docs.docker.com/build/building/best-practices

e.g. here

containers/test-fts/Dockerfile

Lines 44 to 50 in 25c4832

	# Shortcut for logfiles
	COPY logshow /usr/local/bin/logshow
	RUN chmod +x /usr/local/bin/logshow
	RUN touch /var/log/fts3/fts3server.log
	RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log
	RUN touch /var/log/fts3rest/fts3rest.log
	RUN chown -R fts3:fts3 /var/log/fts3rest

we could at minimum combine the touch + chmod RUN commands into single commands each