From 69ff9033f1b41f0f6e0892f5b465405474f3f3dc Mon Sep 17 00:00:00 2001 From: Athos Couto Date: Wed, 11 Oct 2023 18:58:25 -0300 Subject: [PATCH 1/3] Optimize runtime container layers --- Dockerfile | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 07841bce..fe45681f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,8 @@ RUN apt update \ && apt install -y libclang-dev clang \ build-essential tcl protobuf-compiler file \ libssl-dev pkg-config git\ - && apt clean \ - && cargo install cargo-chef + && apt clean && rm -rf /var/lib/apt/lists/* + # We need to install and set as default the toolchain specified in rust-toolchain.toml # Otherwise cargo-chef will build dependencies using wrong toolchain # This also prevents planner and builder steps from installing the toolchain over and over again @@ -13,7 +13,8 @@ COPY rust-toolchain.toml rust-toolchain.toml RUN cat rust-toolchain.toml | grep "channel" | awk '{print $3}' | sed 's/\"//g' > toolchain.txt \ && rustup update $(cat toolchain.txt) \ && rustup default $(cat toolchain.txt) \ - && rm toolchain.txt rust-toolchain.toml + && rm toolchain.txt rust-toolchain.toml \ + && cargo install cargo-chef FROM chef AS planner COPY . . @@ -27,14 +28,19 @@ RUN cargo build -p sqld --release # runtime FROM debian:bullseye-slim -COPY --from=builder /target/release/sqld /bin/sqld + +EXPOSE 5001 8080 +VOLUME [ "/var/lib/sqld" ] + RUN groupadd --system --gid 666 sqld RUN adduser --system --home /var/lib/sqld --uid 666 --gid 666 sqld -RUN apt-get update && apt-get install -y ca-certificates -COPY docker-entrypoint.sh /usr/local/bin -ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] -VOLUME [ "/var/lib/sqld" ] WORKDIR /var/lib/sqld USER sqld -EXPOSE 5001 8080 + +COPY docker-entrypoint.sh /usr/local/bin + +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=builder /target/release/sqld /bin/sqld + +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] CMD ["/bin/sqld"] From fa94d1b08efc029dfb723946c10a3d0e7cff6bfa Mon Sep 17 00:00:00 2001 From: Athos Couto Date: Wed, 11 Oct 2023 14:19:31 -0300 Subject: [PATCH 2/3] Use Github Actions cache for Docker --- .github/workflows/pr-images.yml | 7 +++++++ .github/workflows/publish.yml | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/.github/workflows/pr-images.yml b/.github/workflows/pr-images.yml index 8cf24084..117e6e4e 100644 --- a/.github/workflows/pr-images.yml +++ b/.github/workflows/pr-images.yml @@ -22,6 +22,9 @@ jobs: with: submodules: recursive + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -42,3 +45,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }}-${{ github.event.pull_request.head.sha }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 089afebf..0992d842 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,6 +24,9 @@ jobs: with: submodules: recursive + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 with: @@ -44,3 +47,6 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + From be5865056fb4b8f5f9c3f91b6ccb012364f0d09e Mon Sep 17 00:00:00 2001 From: Athos Couto Date: Thu, 12 Oct 2023 17:24:10 -0300 Subject: [PATCH 3/3] Move rm -rf /var/lib/apt/lists/* to its own line --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fe45681f..66c7c9bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,8 @@ RUN apt update \ && apt install -y libclang-dev clang \ build-essential tcl protobuf-compiler file \ libssl-dev pkg-config git\ - && apt clean && rm -rf /var/lib/apt/lists/* + && apt clean \ + && rm -rf /var/lib/apt/lists/* # We need to install and set as default the toolchain specified in rust-toolchain.toml # Otherwise cargo-chef will build dependencies using wrong toolchain