Skip to content

Commit

Permalink
fix: make docker images smaller
Browse files Browse the repository at this point in the history 
Snyk CLI is distributed also as a set of docker images. This PR reduces
size of the images by following steps:

- Retain installed packages
    The idea is to retain installed packages for troubleshooting purposes as well as proper functionality.
    For example, ca-certificates update will be used when connecting to ssl websites, etc.

- Swap `ADD` for `COPY`
   `ADD` is intended for adding archives and `COPY` is preferred for adding files:   https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy

- Squash all `RUN` commands into one
   This creates fewer layers.

   Remove `apt`-related packages after Docker has been installed as they're no longer used.
  • Loading branch information
@grahamlyons
grahamlyons authored and Mila Votradovec committed Jun 26, 2019
1 parent 82e3527 commit a692570
Show file tree
Hide file tree
Showing 10 changed files with 129 additions and 164 deletions.
25 changes: 11 additions & 14 deletions docker/Dockerfile.docker
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,27 +3,24 @@ FROM node:8-slim
MAINTAINER Snyk Ltd

# Install Docker
RUN apt-get update
RUN apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
RUN apt-get update
RUN apt-get install -y docker-ce
RUN apt-get update && \
apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common && \
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && \
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \
apt-get install -y docker-ce jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq

RUN chmod -R a+wrx /home/node
WORKDIR /home/node
ENV HOME /home/node

# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-entrypoint.sh"]

Expand Down
31 changes: 13 additions & 18 deletions docker/Dockerfile.gradle-2.8
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,19 @@ FROM openjdk:8-jdk-slim
MAINTAINER Snyk Ltd

RUN mkdir /home/node
RUN chmod -R a+wrx /home/node
WORKDIR /home/node

#Install gradle
RUN apt-get update
RUN apt-get install -y curl
RUN curl -L https://services.gradle.org/distributions/gradle-2.8-bin.zip -o gradle-2.8-bin.zip && \
apt-get install -y unzip && \
unzip gradle-2.8-bin.zip -d /home/node/

#Install node
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y nodejs

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq
# Install gradle, node, cli
RUN apt-get update && \
apt-get install -y curl unzip && \
curl -L https://services.gradle.org/distributions/gradle-2.8-bin.zip -o gradle-2.8-bin.zip && \
unzip gradle-2.8-bin.zip -d /home/node/ &&\
curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
apt-get install -y nodejs jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

ENV HOME /home/node
ENV M2 /home/node/.m2
Expand All @@ -30,8 +25,8 @@ ENV PATH=$PATH:$GRADLE_HOME/bin
# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-entrypoint.sh"]

Expand Down
31 changes: 13 additions & 18 deletions docker/Dockerfile.gradle-4.4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,19 @@ FROM openjdk:8-jdk-slim
MAINTAINER Snyk Ltd

RUN mkdir /home/node
RUN chmod -R a+wrx /home/node
WORKDIR /home/node

#Install gradle
RUN apt-get update
RUN apt-get install -y curl
RUN curl -L https://services.gradle.org/distributions/gradle-4.4-bin.zip -o gradle-4.4-bin.zip && \
apt-get install -y unzip && \
unzip gradle-4.4-bin.zip -d /home/node/

#Install node
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y nodejs

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq
# Install gradle, node, cli
RUN apt-get update && \
apt-get install -y curl unzip && \
curl -L https://services.gradle.org/distributions/gradle-4.4-bin.zip -o gradle-4.4-bin.zip && \
unzip gradle-4.4-bin.zip -d /home/node/ && \
curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
apt-get install -y nodejs jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

ENV HOME /home/node
ENV M2 /home/node/.m2
Expand All @@ -30,8 +25,8 @@ ENV PATH=$PATH:$GRADLE_HOME/bin
# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-entrypoint.sh"]

Expand Down
31 changes: 13 additions & 18 deletions docker/Dockerfile.gradle-5.4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,19 @@ FROM openjdk:8-jdk-slim
MAINTAINER Snyk Ltd

RUN mkdir /home/node
RUN chmod -R a+wrx /home/node
WORKDIR /home/node

#Install gradle
RUN apt-get update
RUN apt-get install -y curl
RUN curl -L https://services.gradle.org/distributions/gradle-5.4-bin.zip -o gradle-5.4-bin.zip && \
apt-get install -y unzip && \
unzip gradle-5.4-bin.zip -d /home/node/

#Install node
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y nodejs

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq
# Install gradle, node, cli
RUN apt-get update && \
apt-get install -y curl unzip && \
curl -L https://services.gradle.org/distributions/gradle-5.4-bin.zip -o gradle-5.4-bin.zip && \
unzip gradle-5.4-bin.zip -d /home/node/ && \
curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
apt-get install -y nodejs jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

ENV HOME /home/node
ENV M2 /home/node/.m2
Expand All @@ -30,8 +25,8 @@ ENV PATH=$PATH:$GRADLE_HOME/bin
# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-entrypoint.sh"]

Expand Down
29 changes: 13 additions & 16 deletions docker/Dockerfile.maven-3.5.4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,25 @@ FROM openjdk:8-jdk-slim

MAINTAINER Snyk Ltd

#Install maven
RUN apt-get update
RUN apt-get install -y curl
RUN curl -L -o apache-maven-3.5.4-bin.tar.gz https://www-eu.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz
RUN tar -xvzf apache-maven-3.5.4-bin.tar.gz
RUN rm -f apache-maven-3.5.4-bin.tar.gz

#Install node
RUN mkdir /home/node
RUN chmod -R a+wrx /home/node
WORKDIR /home/node
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y nodejs

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq
# Install maven, node, cli
RUN apt-get update && \
apt-get install -y curl && \
curl -L -o apache-maven-3.5.4-bin.tar.gz https://www-eu.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz && \
tar -xvzf apache-maven-3.5.4-bin.tar.gz && \
rm -f apache-maven-3.5.4-bin.tar.gz && \
curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
apt-get install -y nodejs jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

ENV HOME /home/node
ENV M2 /home/node/.m2
ENV PATH /apache-maven-3.5.4/bin:$PATH
ENV PATH /home/node/apache-maven-3.5.4/bin:$PATH

# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project
Expand Down
18 changes: 10 additions & 8 deletions docker/Dockerfile.npm_ruby
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,22 @@ FROM node:8-slim

MAINTAINER Snyk Ltd

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq

RUN chmod -R a+wrx /home/node
WORKDIR /home/node
ENV HOME /home/node

# Install snyk cli and clean up
RUN apt-get update && \
apt-get install -y jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-entrypoint.sh"]

Expand Down
26 changes: 12 additions & 14 deletions docker/Dockerfile.python-2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,24 @@ FROM node:8-slim

MAINTAINER Snyk Ltd

# Install python
RUN apt-get update && \
apt-get install -y python python-dev python-pip libssl-dev
RUN pip install pip virtualenv -U

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq

RUN chmod -R a+wrx /home/node
WORKDIR /home/node
ENV HOME /home/node

# Install python, virtualenv, cli
RUN apt-get update && \
apt-get install -y python python-dev python-pip libssl-dev jq && \
pip install pip virtualenv -U && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-python-entrypoint.sh .
ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-python-entrypoint.sh .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-python-entrypoint.sh"]

Expand Down
30 changes: 14 additions & 16 deletions docker/Dockerfile.python-3
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,26 @@ FROM node:8-slim

MAINTAINER Snyk Ltd

# Install python
RUN apt-get update && \
apt-get install -y python3 python3-dev python3-pip libssl-dev
RUN pip3 install pip pipenv virtualenv -U
RUN ln -s /usr/bin/python3 /usr/bin/python
RUN ln -s /usr/bin/pip3 /usr/bin/pip

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq

RUN chmod -R a+wrx /home/node
WORKDIR /home/node
ENV HOME /home/node

# Install python, virtualenv and cli
RUN apt-get update && \
apt-get install -y python3 python3-dev python3-pip libssl-dev jq && \
pip3 install pip pipenv virtualenv -U && \
ln -s /usr/bin/python3 /usr/bin/python && \
ln -s /usr/bin/pip3 /usr/bin/pip && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-python-entrypoint.sh .
ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-python-entrypoint.sh .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-python-entrypoint.sh"]

Expand Down
36 changes: 15 additions & 21 deletions docker/Dockerfile.sbt-0.13.16
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,43 +3,37 @@ FROM openjdk:8-jdk-slim
MAINTAINER Snyk Ltd

RUN mkdir /home/node
RUN chmod -R a+wrx /home/node
WORKDIR /home/node

#Install sbt
RUN apt-get update
RUN apt-get install -y curl
RUN echo "deb https://dl.bintray.com/sbt/debian /" | tee -a /etc/apt/sources.list.d/sbt.list && \
apt-get install -y apt-transport-https && \
# Install sbt, node, cli
RUN apt-get update && \
apt-get install -y curl apt-transport-https && \
echo "deb https://dl.bintray.com/sbt/debian /" | tee -a /etc/apt/sources.list.d/sbt.list && \
curl -L -o sbt.deb https://dl.bintray.com/sbt/debian/sbt-0.13.16.deb && \
dpkg -i sbt.deb

RUN echo "docker-user ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers && \
dpkg -i sbt.deb && \
echo "docker-user ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers && \
mkdir -p /root/.sbt/0.13/plugins && \
mkdir -p /home/node/.sbt/0.13/plugins && \
echo "addSbtPlugin(\"net.virtual-void\" % \"sbt-dependency-graph\" % \"0.8.2\")" >> /root/.sbt/0.13/plugins/build.sbt && \
echo "addSbtPlugin(\"net.virtual-void\" % \"sbt-dependency-graph\" % \"0.8.2\")" >> /home/node/.sbt/0.13/plugins/build.sbt && \
echo "net.virtualvoid.sbt.graph.DependencyGraphSettings.graphSettings" >> /root/.sbt/0.13/user.sbt && \
echo "net.virtualvoid.sbt.graph.DependencyGraphSettings.graphSettings" >> /home/node/.sbt/0.13/user.sbt && \
echo "-sbt-version 0.13.16" >> /etc/sbt/sbtopts

#Install node
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y nodejs

# Install snyk cli
RUN npm install --global snyk snyk-to-html && \
apt-get update && \
apt-get install -y jq
echo "-sbt-version 0.13.16" >> /etc/sbt/sbtopts && \
curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
apt-get install -y nodejs jq && \
npm install --global snyk snyk-to-html && \
apt-get autoremove -y && \
apt-get clean && \
chmod -R a+wrx /home/node

ENV HOME /home/node
ENV M2 /home/node/.m2

# The path at which the project is mounted (-v runtime arg)
ENV PROJECT_PATH /project

ADD docker-entrypoint.sh .
ADD snyk_report.css .
COPY docker-entrypoint.sh .
COPY snyk_report.css .

ENTRYPOINT ["./docker-entrypoint.sh"]

Expand Down
Loading

0 comments on commit a692570

Please sign in to comment.