Move to a multi-stage build (#14)

* Optimize RUN commands in Dockerfile * Update README instructions * Add circleCI config * Add workflow to enable github status check * Install goss, beautiful circleci * Fix goss tests for updated Dockerfile * Fix goss tests again * Updated Makefile commands * Last try getting CircleCI to build the correct image * Move to multi-stage build, save 340 MB * Fix the goss tests on CircleCI * Fix dive path during make test * Increase dive wasted bytes check due to /app being wrongly counted * Fix error when closing xhost on circleci
artis3n · Sep 13, 2020 · 469f8f9 · 469f8f9
1 parent a088ea6
commit 469f8f9
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 22 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -23,11 +23,9 @@ jobs:
           command: make build
       - run:
           name: Goss tests
-          command: make test
-      - run:
-          name: Close Xserver connections
-          command: 'xhost -local:'
-          when: always
+          command: |
+            eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)
+            make test
 
 workflows:
   version: 2

diff --git a/.dive-ci b/.dive-ci
@@ -0,0 +1,13 @@
+rules:
+  # If the efficiency is measured below X%, mark as failed.
+  # Expressed as a ratio between 0-1.
+  lowestEfficiency: 0.95
+
+  # If the amount of wasted space is at least X or larger than X, mark as failed.
+  # Expressed in B, KB, MB, and GB.
+  highestWastedBytes: 36MB
+
+  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
+  # Note: the base image layer is NOT included in the total image size.
+  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
+  highestUserWastedPercent: 0.20
diff --git a/.dockerignore b/.dockerignore
@@ -2,5 +2,6 @@
 .circleci
 .gitmodules
 .hadolint.yaml
+.dive-ci
 .pre-commit-config.yaml
 Makefile
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,6 @@
 # Cannot use alpine because it uses musl instead of glibc and musl doesn't have "backtrace"
 # https://github.com/openalpr/openalpr/issues/566#issuecomment-348205549
-FROM ubuntu:20.04
-LABEL Name="artis3n/pgmodeler"
-LABEL Version="0.1.0"
-LABEL maintainer="Artis3n <dev@artis3nal.com>"
+FROM ubuntu:20.04 as compiler
 
 ARG INSTALLATION_ROOT=/app
 ARG QMAKE_PATH=/usr/bin/qmake
@@ -13,6 +10,7 @@ ARG TERM=xterm
 RUN apt-get update \
     && apt-get -y install --no-install-recommends build-essential libpq-dev libqt5svg5-dev libxml2 libxml2-dev pkg-config qt5-default qttools5-dev \
     # Slim down layer size
+    # Not strictly necessary since this is a multi-stage build but hadolint would complain
     && apt-get autoremove -y \
     && apt-get autoclean -y \
     # Remove apt-get cache from the layer to reduce container size
@@ -22,10 +20,6 @@ RUN apt-get update \
 COPY ./pgmodeler /pgmodeler
 COPY ./plugins /pgmodeler/plugins
 
-# Set up non-root user
-RUN groupadd -g 1000 modeler \
-    && useradd -m -l -u 1000 -g modeler modeler
-
 WORKDIR /pgmodeler
 RUN mkdir /app \
     # Add persistence folder for project work
@@ -41,11 +35,30 @@ RUN mkdir /app \
         pgmodeler.pro \
     # Compile PgModeler - will take about 20 minutes
     && make \
-    && make install \
-    # Clean up source code after compilation succeeds
-    # We no longer need it in the container
-    && rm -rf /pgmodeler \
-    # Make modeler user owner of the compiled app
+    && make install
+
+# Now that the image is compiled, we can remove most of the image size bloat
+FROM ubuntu:20.04
+LABEL Name="artis3n/pgmodeler"
+LABEL Version="1.2.0"
+LABEL maintainer="Artis3n <dev@artis3nal.com>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG TERM=xterm
+
+RUN apt-get update \
+    && apt-get -y install --no-install-recommends libpq-dev libqt5svg5-dev libxml2 qt5-default \
+    # Slim down layer size
+    && apt-get autoremove -y \
+    && apt-get autoclean -y \
+    # Remove apt-get cache from the layer to reduce container size
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=compiler /app /app
+
+# Set up non-root user
+RUN groupadd -g 1000 modeler \
+    && useradd -m -u 1000 -g modeler modeler \
     && chown -R modeler:modeler /app
 
 USER modeler

diff --git a/goss.yaml b/goss.yaml
@@ -1,18 +1,28 @@
+user:
+  modeler:
+    exists: true
+    uid: 1000
+    gid: 1000
+    groups:
+      - modeler
+    home: /home/modeler
+
 file:
   /pgmodeler:
+    exists: false
+  /app:
     exists: true
     filetype: directory
-    size: 0
+    owner: modeler
+    group: modeler
   /app/pgmodeler:
     exists: true
     filetype: file
     owner: modeler
     group: modeler
+  # Don't test owner/group on a mounted volume, will cause issues depending on the host
   /app/savedwork:
     exists: true
-    filetype: directory
-    owner: modeler
-    group: modeler
   /app/savedwork/exist.txt:
     exists: true
     filetype: file