search

mozilla-services / autograph

Mozilla's digital signature service
https://hub.docker.com/r/mozilla/autograph/
Mozilla Public License 2.0
152 stars 33 forks source link

migrate to golang:bookworm image #1070

Closed jmhodges closed 1 week ago

jmhodges commented 1 week ago

This allows us to keep up to date with recent Go releases and security patches while reducing our configuration in the Dockerfile. We'll bump the Go version in a separate change.

oskirby commented 1 week ago

FWIW, I have noticed from other Go projects I have worked on - this does increase the size of the docker image by several hundred MBs as the official golang images are way bigger than the base debian images.

jmhodges commented 1 week ago

FWIW, I have noticed from other Go projects I have worked on - this does increase the size of the docker image by several hundred MBs as the official golang images are way bigger than the base debian images.

@oskirby This isn't true for us. The debian version is gigabytes larger.

I built this version as 

docker build -t golangimage .

and the original version on main as

docker build -t debimage .

Then I ran both 

$  docker images | egrep '(debimage|golangimage)'
debimage              latest            fa11a2658e4b   6 minutes ago    6.25GB
golangimage           latest            0ae92623ffc8   10 minutes ago   4.05GB

and also

$ docker save -o golangimage.tar golangimage
$ docker save -o debimage.tar debimage
$ ls -lh *.tar
-rw-------@ 1 jhodges  staff   2.3G Nov 25 09:04 debimage.tar
-rw-------@ 1 jhodges  staff   1.2G Nov 25 09:01 golangimage.tar

And both returned 1-2 GB more.

oskirby commented 1 week ago

I stand corrected.

Also, wow those are some big images.

jmhodges commented 1 week ago

@oskirby My data was bad because I had a dirty workspace and, as you pointed out in Slack, we have the thing that ADD all of the code to it.

With a clean working space, the debian comes out ahead by about 100MB or more.

$  ls -lh *.tar                                  
-rw-------@ 1 jhodges  staff   507M Nov 25 09:40 debimage.tar
-rw-------@ 1 jhodges  staff   609M Nov 25 09:42 golangimage.tar
$  docker images | egrep '(debimage|golangimage)'
golangimage   latest    c257b106e395   About a minute ago   2.55GB
debimage      latest    347d368c9a08   3 minutes ago        2.14GB
jmhodges commented 1 week ago

The ability to use a newer Go is worth the extra 100MB to me. (Security updates and features, both)

oskirby commented 1 week ago

The ability to use a newer Go is worth the extra 100MB to me. (Security updates and features, both)

I think that's fine. Yeah