Slim container builds (#1676)

* Reorder steps to reduce container size * Ensure ownership and read/execute after final ADD * move all apt installs to earlier step/layer * split the os level dependencies from the static binaries * Fix Typo * restore scripts to end of dockerfile --------- Co-authored-by: RdLrT <[email protected]>
cardano-community · Oct 22, 2023 · 10b08d9 · 10b08d9
1 parent c27b8ec
commit 10b08d9
Showing 1 changed file with 46 additions and 18 deletions.
diff --git a/files/docker/node/dockerfile_bin b/files/docker/node/dockerfile_bin
@@ -20,30 +20,60 @@ ENV \
     PATH=/opt/cardano/cnode/scripts:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/home/guild/.local/bin \
     GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
 
+RUN apt-get update && apt-get install --no-install-recommends -y locales apt-utils sudo \
+    && apt install -y curl wget gnupg git udev \
+    && apt-get -y purge \
+    && apt-get -y clean \
+    && apt-get -y autoremove \
+    && rm -rf /var/lib/apt/lists/* \
+    && sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen \
+    && locale-gen \
+    && echo "export LC_ALL=en_US.UTF-8" >> ~/.bashrc \
+    && echo "export LANG=en_US.UTF-8" >> ~/.bashrc \
+    && echo "export LANGUAGE=en_US.UTF-8" >> ~/.bashrc \
+    && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+RUN adduser --disabled-password --gecos '' guild \
+    && adduser guild sudo \
+    && mkdir -pv /home/guild/.local/ /home/guild/.scripts/ 
+
+
 RUN set -x && apt update \
+    && apt-get update \
     && mkdir -p /root/.local/bin \
-    && apt install -y curl wget gnupg apt-utils git udev \
     && wget https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/master/scripts/cnode-helper-scripts/guild-deploy.sh \
     && export SUDO='N' \
     && export UPDATE_CHECK='N' \
     && export SKIP_DBSYNC_DOWNLOAD='Y' \
-    && chmod +x ./guild-deploy.sh &&  ./guild-deploy.sh -b master -s pdcowx \
+    && chmod +x ./guild-deploy.sh &&  ./guild-deploy.sh -b master -s p \
     && ls /opt/ \
     && mkdir -p $CNODE_HOME/priv/files \
-    && apt-get update && apt-get install --no-install-recommends -y locales apt-utils \
-    && sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen \
-    && locale-gen \
-    && echo "export LC_ALL=en_US.UTF-8" >> ~/.bashrc \
-    && echo "export LANG=en_US.UTF-8" >> ~/.bashrc \
-    && echo "export LANGUAGE=en_US.UTF-8" >> ~/.bashr \
-    && apt-get install -y procps libcap2 libselinux1 libc6 libsodium-dev ncurses-bin iproute2 curl wget apt-utils xz-utils netbase sudo coreutils dnsutils net-tools procps tcptraceroute bc usbip sqlite3 python3 tmux jq ncurses-base libtool autoconf git gnupg tcptraceroute util-linux less openssl bsdmainutils dialog vim \
-    && apt-get -y remove libpq-dev build-essential pkg-config libffi-dev libgmp-dev libssl-dev libtinfo-dev libsystemd-dev zlib1g-dev make g++ && apt-get -y purge && apt-get -y clean && apt-get -y autoremove && rm -rf /var/lib/apt/lists/* \
+    && apt-get -y remove libpq-dev build-essential pkg-config libffi-dev libgmp-dev libssl-dev libtinfo-dev libsystemd-dev zlib1g-dev make g++ \
+    && apt-get -y purge \
+    && apt-get -y clean \
+    && apt-get -y autoremove \
+    && rm -rf /var/lib/apt/lists/*
+
+
+RUN set -x && export SUDO='N' \
+    && export UPDATE_CHECK='N' \
+    && export SKIP_DBSYNC_DOWNLOAD='Y' \
+    && ./guild-deploy.sh -b master -s dcowx \
     && cd /usr/bin \
     && wget http://www.vdberg.org/~richard/tcpping \
     && chmod 755 tcpping \
-    && adduser --disabled-password --gecos '' guild \
-    && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
-    && adduser guild sudo 
+    && chown -R guild:guild $CNODE_HOME/* \
+    && mv /root/.local/bin /home/guild/.local/ \
+    && chown -R guild:guild /home/guild/.* \
+    && chmod a+x /home/guild/.scripts/*.sh /opt/cardano/cnode/scripts/*.sh
+
+# Add final tools in a separate layer to shrink the largest layer
+RUN apt-get update \
+    && apt-get install -y procps libcap2 libselinux1 libc6 libsodium-dev ncurses-bin iproute2 xz-utils netbase coreutils dnsutils net-tools procps tcptraceroute bc usbip sqlite3 python3 tmux jq ncurses-base libtool autoconf tcptraceroute util-linux less openssl bsdmainutils dialog vim \
+    && apt-get -y purge \
+    && apt-get -y clean \
+    && apt-get -y autoremove \
+    && rm -rf /var/lib/apt/lists/*
 
 USER guild
 WORKDIR /home/guild
@@ -66,13 +96,11 @@ ADD https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/master/files/
 ADD https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/master/scripts/cnode-helper-scripts/guild-deploy.sh /opt/cardano/cnode/scripts/
 ADD https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators/master/files/docker/node/addons/entrypoint.sh ./
 
-RUN sudo chown -R guild:guild $CNODE_HOME/* \
-    && mkdir /home/guild/.local/ \
-    && sudo mv /root/.local/bin /home/guild/.local/ \
-    && sudo chown -R guild:guild /home/guild/.* \
-    && sudo chmod a+x /home/guild/.scripts/*.sh /opt/cardano/cnode/scripts/*.sh /home/guild/entrypoint.sh
+RUN sudo chmod a+rx /home/guild/.scripts/*.sh /opt/cardano/cnode/scripts/*.sh /home/guild/entrypoint.sh \
+    && sudo chown -R guild:guild /home/guild/.* $CNODE_HOME/* 
 
 HEALTHCHECK --start-period=5m --interval=5m --timeout=100s CMD /home/guild/.scripts/healthcheck.sh
 
 ENTRYPOINT ["./entrypoint.sh"]
 
+