The Docker image is too huge

[haohaolee]

Description

The current docker image size is too large, after checking the Dockerfile, it seems it is unnecessary too many RUN commands and based on centos (Every RUN will add a new layer)

If the author of hawkeye agrees, I can try to create a pull request for this later

---

[felixhammerl]

I agree :)

[alimalek71]

@felixhammerl @haohaolee Do you mind if I work on this issue?

[felixhammerl]

please do :)

[alimalek71]

@felixhammerl I am trying to add an alpine Dockerfile for the project but one of the rust packages, cargo-audit has an error on installation, which I can't find any solution for it till now. except for this issue, other languages seem to be ok. I think it will gonna take too much time for me because I am not an expert in rust lang. If you know someone who can help me with this issue, please let me know.

The error:

error: failed to compile `cargo-audit v0.10.0`, intermediate artifacts can be found at `/tmp/cargo-installiGgUWX`
Caused by:
  cannot produce proc-macro for `abscissa_derive v0.4.0` as the target `x86_64-unknown-linux-musl` does not support these crate types

The Dockerfile I'm working on it is here

[alimalek71]

It seems we can't use alpine because some of the RUST's dependency for build need dynamic linking which needs GNU base Linux so Alpine is not base on GNU.

[haohaolee]

@alimalek71 Hi, as you may know, rust currently doesn't support dynamic build with musl as host. The trick that I use is using a gnu host with a musl target to build static linked binary. Here is a Dockerfile you can refer to:

FROM ekidd/rust-musl-builder AS build

RUN cargo install cargo-audit --root /home/rust && \
    strip /home/rust/bin/cargo-audit

FROM alpine:3.10

COPY --from=build /home/rust/bin/cargo-audit /usr/local/bin/

[alimalek71]

@haohaolee I would be glad if you tell me your comments and help me to improve it and really Thank you for bits of help :heart:

[haohaolee]

@alimalek71 I have a basic idea for this task: we don't need to build every component our self, we can try to leverage the package manager from the linux distro (alpine here), only build components when necessary. What I mean is use the something like the following to install nodejs python ruby php and java:

RUN apk add --no-cache nodejs \
            python py2-pip \
            ruby ruby-rdoc \
            php-cli php-phar php-mbstring php-json php-openssl \
            openjdk8-jre

Then install other components as the original Dockerfile does

It will be easier to maintain and much clearer than original one What do you think?

[alimalek71]

@haohaolee I agree with you and at first, I did like it but based on the version of components installed and the support of alpine at version 3.10 I didn't install all the components from alpine package manager. For example, the ruby version is installed is 2.6 but in alpine package managers, it is 2.5.

By the way, would it be good to create separate Dockerfiles for each component? for example scanner-cli:{version}-nodejs-alpine, scanner-cli:{version}-ruby-alpine

[haohaolee]

@alimalek71 If version 2.5 can work with hawkeye, I don't think it is a big deal. What do you think @felixhammerl , do we need to stick to some specific version of ruby?

[felixhammerl]

Implemented in v1.8.0