-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optimize the build order #22
Comments
I'll do an analysis after #20 |
Below my initial analysis, I kept your suggestion of doing architecture detection together with verification. That will not improve readability of the latter, but can be done like that as long as we do not need architecture for any other decisions in the process. Verify stage
Final stage
|
After thinking about this more, I think it's better when an entrypoint change invalidates the cache of the apt install of python, as a cached version may have a python that does not work with the entrypoint code the same that the latest python from the package maintainers repository. This means that if entrypoint changes, it MUST be built (and tested) with the latest python, because otherwise cached build steps can yield different results than non-cached builds ran at the same point in time. |
Changed back to do apt before copy entrypoint. Make it more friendly now, but leaves this open and not fully solved with #31. |
Yeah, an update strategy would be needed for all dependencies and not only python. Some work is needed to figure out how we deal with it, I have it in mind, but it will be probably a tricky question. We may ask some advices from maintainers of docker official images ? Maybe by raising an issue to ask an update of the documentation, I didn't see information about it :) It may also depend on the vulnerability scanner you were speaking about. We need to work specifically about image updates. |
Originally posted by @AbcSxyZ in #6 (comment)
Separation of declaration and execution is not the rule in Dockerfile.
For exemple, php & golang are mixing declaration and execution. And probably all other Docker official images.
It's even a recommendation to use the cache with more efficiency, from cacheability recommendation:
Doing all declarations at the top of a Dockerfile is defeating the utility of caching mechanism.
The text was updated successfully, but these errors were encountered: