Replace Dockerfile base with distroless - Githubissues

stackbuilders / hapistrano

Deploy tool for Haskell applications, like Capistrano for Rails

https://hackage.haskell.org/package/hapistrano

MIT License

101 stars 17 forks source link

Replace Dockerfile base with distroless #182

Closed sestrella closed 1 year ago

sestrella commented 2 years ago

Taking the Distroless Rust example as a reference, the existing Dockerfile could be split into different stages:

One that compiles the project and generates a binary
Another one that places that binary in a distroless image

The outcome would be a very tiny image. Taking into account that hapistrano is a deployment tool that is mostly executed by a CI pipeline, shrinking the image is beneficial since it would reduce the overhead produced by pulling the image from Docker Hub to the CI worker.

CristhianMotoche commented 1 year ago

I like this approach @sestrella I'll ask someone in the team to take a look at it.

CristhianMotoche commented 1 year ago

Hey @FranzGB I think you've been working on this issue lately. Any comments/questions so far?

FranzGB commented 1 year ago

Hey @FranzGB I think you've been working on this issue lately. Any comments/questions so far?

Hey @CristhianMotoche. Yes, I am working on this still! I used a Distroless base for hapistrano I am having trouble testing if it worked. Let me open up a draft so we can discuss what I did.

CristhianMotoche commented 1 year ago

Hey @sestrella. @FranzGB has been working on this in #220 but I think we faced a blocker and that is the fact that Hapistrano executes ssh (and maybe other binaries) from the host machine. In this case, the distroless images won't have the ssh command and we'll get an error as the one that I mention here. Please, let us know if there is anything that we're missing in order to continue with this.

CristhianMotoche commented 1 year ago

Hey @sestrella I was wondering if you know about a possible way to overcome the issues that we faced in @FranzGB's PR. Should we look for a different distro? Perhaps a small distribution? Let me know. Otherwise, we may not be able to solve this issue and we could close it.

CristhianMotoche commented 1 year ago

Hey @sestrella We're using the alpine image which is very small ~5MB. Although, I see the hapistrano image is ~73MB, which I think was the motivation for this issue:

REPOSITORY                         TAG        IMAGE ID       CREATED        SIZE
alpine                             3.15       59be8124109e   5 weeks ago    5.34MB
ghcr.io/stackbuilders/hapistrano   v0.4.8.0   26c1a98bb4d2   5 months ago   73.1MB

The hapistrano binary is kind of big (~44MB) and maybe that's the reason the image is kind of big. So, I don't think this is a matter of the base image that we use but the size of the binary file. Would it make sense to create a new issue to address that instead of moving into a distroless base image? WDYT?

CristhianMotoche commented 1 year ago

Hey @sestrella @FranzGB I see Hapistrano depends on some binaries to be present in the distribution (e.g. ssh, git, scp, etc). For that reason, I think it's best to keep using alpine than migrating Hapistrano to use Haskell implementations of those dependencies or installing those dependencies in a distroless image. I'll close this issue for now. Feel free to reopen it if you have another idea in mind for this issue.