From 16d2a87e22da25579459d237af679509f4008686 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C5=A1o=20Stanovnik?= <saso.stanovnik@xlab.si> Date: Wed, 2 Mar 2022 14:15:52 +0100 Subject: [PATCH] Slightly decrease the size of the docker artefact. The size went from 2.57 GB to 1.80 GB. --- .dockerignore | 2 ++ Dockerfile | 56 +++++++++++++++++++++++++++++++++-------------- install-checks.sh | 7 ++---- 3 files changed, 44 insertions(+), 21 deletions(-) diff --git a/.dockerignore b/.dockerignore index ebd0451..914a2f3 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,5 @@ +.git/ + # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] diff --git a/Dockerfile b/Dockerfile index 4e2293a..188fa83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,32 @@ -FROM python:3.10.2-slim-bullseye +FROM debian:bullseye-20220228-slim + +# add python virtualenv and tools dir to path to be able to invoke commands +ENV PATH="/iac-scan-runner/.venv/bin:/iac-scan-runner/tools:$PATH" +CMD ["uvicorn", "iac_scan_runner.api:app", "--host", "0.0.0.0", "--port", "80"] + +# set working directory +WORKDIR /iac-scan-runner/src -# copy all files COPY . /iac-scan-runner -WORKDIR /iac-scan-runner -# install system and API requirements -RUN apt-get update \ - && apt-get -y install build-essential bash gcc git openssh-client ruby-full curl wget default-jdk nodejs npm \ +RUN cd /iac-scan-runner \ + && apt-get update \ + && apt-get -y install --no-install-recommends \ + build-essential \ + bash \ + gcc \ + git \ + openssh-client \ + curl \ + wget \ + openjdk-17-jre \ + ruby2.7 \ + nodejs \ + npm \ + unzip \ + python3 \ + python3-pip \ + python3-venv \ && apt-get update \ && mkdir -p /usr/share/man/man1 \ && npm i npm@latest -g \ @@ -14,14 +34,18 @@ RUN apt-get update \ && . .venv/bin/activate \ && pip3 install --upgrade pip \ && pip install -r requirements.txt \ - && ./install-checks.sh + && ./install-checks.sh \ + && npm uninstall npm \ + && apt-get -y remove \ + build-essential \ + gcc \ + npm \ + curl \ + wget \ + && apt-get autoremove -y \ + && apt-get autoclean -y \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /var/cache/* \ + && rm -rf /root/.cache/ -#add python virtualenv and tools dir to path to be able to invoke commands -ENV PATH="/iac-scan-runner/.venv/bin:$PATH" -ENV PATH="/iac-scan-runner/tools:$PATH" - -# set working directory -WORKDIR /iac-scan-runner/src - -# start the API -CMD ["uvicorn", "iac_scan_runner.api:app", "--host", "0.0.0.0", "--port", "80"] diff --git a/install-checks.sh b/install-checks.sh index 19a354d..638664a 100755 --- a/install-checks.sh +++ b/install-checks.sh @@ -6,7 +6,7 @@ export ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" export VIRTUALENV_DIR="${ROOT_DIR}/.venv" export TOOLS_DIR="${ROOT_DIR}/tools" export TMP_DIR="${TOOLS_DIR}/tmp" -export NODE_MODULES_DIR="${TOOLS_DIR}/node_modules" +export NODE_MODULES_DIR="${ROOT_DIR}/node_modules" export CONFIG_DIR="${ROOT_DIR}/config" # env vars for check executables export OPERA_CHECK_PATH="${VIRTUALENV_DIR}/bin/opera/" @@ -90,10 +90,7 @@ installMarkdownLintIfNot() { installRequiredNpmModulesIfNot() { if [ ! -f "$NODE_MODULES_DIR" ]; then - cp package.json "${TOOLS_DIR}/package.json" - cp package-lock.json "${TOOLS_DIR}/package-lock.json" - npm i --prefix "${TOOLS_DIR}" --force - rm "${TOOLS_DIR}/package.json" "${TOOLS_DIR}/package-lock.json" + npm install --force fi } -- GitLab