Merge pull request #37 from duhow/update-dockerfile

Optimize Dockerfile to reduce build layers
Threagile · Nov 4, 2023 · cca9ba1 · cca9ba1
2 parents 5991d49 + 0ca6f9b
commit cca9ba1
Showing 1 changed file with 34 additions and 29 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -24,6 +24,9 @@ RUN GOOS=linux go build -a -trimpath -ldflags="-s -w -X main.buildTimestamp=$(da
 RUN GOOS=linux go build -a -trimpath -ldflags="-s -w -X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -buildmode=plugin -o demo-rule.so risks/custom/demo/demo-rule.go
 RUN GOOS=linux go build -a -trimpath -ldflags="-s -w -X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o threagile
 # add the -race parameter to go build call in order to instrument with race condition detector: https://blog.golang.org/race-detector
+# NOTE: copy files with final name to send to final build
+RUN cp /app/demo/example/threagile.yaml /app/demo/example/threagile-example-model.yaml && \
+    cp /app/demo/stub/threagile.yaml /app/demo/stub/threagile-stub-model.yaml
 
 
 
@@ -37,40 +40,42 @@ FROM alpine
 LABEL type="threagile"
 
 # add certificates
-RUN apk add ca-certificates
-# add graphviz, fonts
-RUN apk add --update --no-cache graphviz ttf-freefont
-# https://stackoverflow.com/questions/66963068/docker-alpine-executable-binary-not-found-even-if-in-path
-RUN apk add libc6-compat
+RUN apk add --update --no-cache ca-certificates \
+# add graphviz, fonts \
+    graphviz ttf-freefont \
+# https://stackoverflow.com/questions/66963068/docker-alpine-executable-binary-not-found-even-if-in-path \
+    libc6-compat && \
 # https://stackoverflow.com/questions/34729748/installed-go-binary-not-found-in-path-on-alpine-linux-docker
 # RUN mkdir -p /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
 # clean apk cache
-RUN rm -rf /var/cache/apk/*
+    rm -rf /var/cache/apk/* && \
+# create application and data directories
+    mkdir -p /app /data && \
+    chown -R 1000:1000 /app /data
+
+COPY --from=build --chown=1000:1000 \
+    /app/threagile \
+    /app/raa.so \
+    /app/dummy.so \
+    /app/demo-rule.so \
+    /app/LICENSE.txt \
+    /app/report/template/background.pdf \
+    /app/support/openapi.yaml \
+    /app/support/schema.json \
+    /app/support/live-templates.txt \
+    /app/support/render-data-asset-diagram.sh \
+    /app/support/render-data-flow-diagram.sh \
+    /app/demo/example/threagile-example-model.yaml \
+    /app/demo/stub/threagile-stub-model.yaml \
+    /app/server \
+    \
+    /app/
 
-WORKDIR /app
-
-COPY --from=build /app/threagile /app/threagile
-COPY --from=build /app/raa.so /app/raa.so
-COPY --from=build /app/dummy.so /app/dummy.so
-COPY --from=build /app/demo-rule.so /app/demo-rule.so
-COPY --from=build /app/LICENSE.txt /app/LICENSE.txt
-COPY --from=build /app/report/template/background.pdf /app/background.pdf
-COPY --from=build /app/support/openapi.yaml /app/openapi.yaml
-COPY --from=build /app/support/schema.json /app/schema.json
-COPY --from=build /app/support/live-templates.txt /app/live-templates.txt
-COPY --from=build /app/support/render-data-asset-diagram.sh /app/render-data-asset-diagram.sh
-COPY --from=build /app/support/render-data-flow-diagram.sh /app/render-data-flow-diagram.sh
-COPY --from=build /app/server /app/server
-COPY --from=build /app/demo/example/threagile.yaml /app/threagile-example-model.yaml
-COPY --from=build /app/demo/stub/threagile.yaml /app/threagile-stub-model.yaml
-
-RUN mkdir /data
-
-RUN chown -R 1000:1000 /app /data
 USER 1000:1000
+WORKDIR /app
 
-ENV PATH=/app:$PATH
-ENV GIN_MODE=release
+ENV PATH=/app:$PATH \
+    GIN_MODE=release
 
 ENTRYPOINT ["/app/threagile"]
-CMD ["-help"]
+CMD ["-help"]