Dockerfile redundant build stage

[grantmacken]

I think we can reduce Dockerfile to a 2 stage build.

FROM openjdk:8-jdk-alpine as builder
...
FROM openjdk:8-jdk-slim as jdk
...
FROM gcr.io/distroless/java:latest

to

FROM openjdk:8-jdk-slim as jdk
RUN apt-get ...
...
FROM gcr.io/distroless/java:latest

Besides, when using the alpine to build, the Alpine JDK is using Musl, but with gcr.io/distroless/java:latest and openjdk:8-jdk-slim, Glibc is used. Whether this makes any difference, is beyond me, however if we start from openjdk:8-jdk-slim , we wont have to worry.

Created branch
Dockerfile adjustment tasks

• [x] Start with openjdk-slim
• [x] Remove Dynamic Labels - they can be defined at build time
  • [x] Version ARG as tag name is only arg required at build time
  • [x] Version ARG can be a stable or RC release tag
  • [x] its quicker to build if we don't use git but grab the release tar
  • [x] use apt to get stuff for FOP
  • [x] turn build.sh shell cmds process logic into a single RUN
  • [x] move config files into config dir then symlink to origin
  • [x] leave data dir in default position - it's a separate volume anyway
  • [x] for customized config files use COPY not ADD

docker-compose.yml adjustment tasks

• [x] add config volume

[adamretter]

Okay, so we do have to be careful with any libraries which are compiled to binaries (i.e. non-java code) that uses different libc libraries. Something compiled with Musl will not run on a Glibc platform, and vice versa.

I am not sure why, or can't remember why, we have the Alpine stage? I think @duncdrum knows?

[duncdrum]

I couldn't get it to work in a two stage build, with FO still working. alpine is where we currently checkout and compile the minimal build We could try to add all of this:

RUN mkdir -p ${INSTALL_PATH}
WORKDIR ${INSTALL_PATH}
COPY build.sh build.sh

RUN apk add --no-cache --virtual .build-deps \
        augeas \
        bash \
        curl \
        git \
        && bash ./build.sh --minimal ${BRANCH} \
        && rm -rf tmp \
        && apk del .build-deps

to the openjdk (using whatever packager command is available there).

[adamretter]

@duncdrum @grantmacken I am not sure I can really help on this point. Perhaps we could get the GitHub repo to a stable state, and then we could look at this issue again then. @grantmacken once we have stabilised a bit, would you like to take a stab at a 2 stage image which has similar properties as the current one?

I think the important factors are:

1. It works (which includes support for Apache FOP)
2. small size
3. a restricted image which is application specific. This is primary reason why I chose the Google distroless images, and then the fact that they are widely used on Google compute and maintained.

[duncdrum]

@adamretter agreed my two PRs bring the repo to a working state, once they are merged I can then set up the publishing pipeline on dockerhub. Once that is all working i ll get to stripping the the dockerfile down to two build stages

[grantmacken]

@duncdrum @adamretter I've create a branch 'enhance-10-build-stages' to work on the Dockerfile The 10 refers to this issue number, not the number of stages.

[grantmacken]

Ok managed, to get a working instance from debian slim, which also collapses build.sh into the Dockerfile. There are a few design choices, which I would like to discuss, which I will raise as separate issue items.

[adamretter]

@grantmacken Perhaps it would be good to have a call with you, me and @duncdrum? Timezones could be fun:

1. I think you are on NZST (UTC+12:00)?
2. I am on IST (UTC+5:30)
3. Duncan is on CEST (UTC+2:00)

I wonder if we might be able to do a call in the morning for @duncdrum? How would 9am CEST work one day next week?

[duncdrum]

I m flexible next week

[duncdrum]

@grantmacken for some reason your are building 3.4.1, using develop it should be 5.0.0-SNAPSHOT, i m actually surprised that the betterform adjustment from 5.0.0 result in a working 3.4.1 image :) Travis log

[grantmacken]

20 merged into develop