GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → garethr → Multi Stage Build Example

garethr / Multi Stage Build Example

Licence: other
Example repository to accompany my talk at Velocity 2018

Labels

dockerdockerfilemakefile

Projects that are alternatives of or similar to Multi Stage Build Example

Os
Open source security/privacy focused AOSP rom
Stars: ✭ 106 (-4.5%)
Mutual labels:  makefile
Jmuduo
imitate a net library named muduo written by ChenShuo
Stars: ✭ 108 (-2.7%)
Mutual labels:  makefile
Seed
Go application GitHub repository template.
Stars: ✭ 109 (-1.8%)
Mutual labels:  makefile
Crkbd
Corne keyboard, a split keyboard with 3x6 column staggered keys and 3 thumb keys.
Stars: ✭ 2,056 (+1752.25%)
Mutual labels:  makefile
Pingprom
Prometheus uptime monitoring quickstart
Stars: ✭ 107 (-3.6%)
Mutual labels:  makefile
Python Jenkins Template
Template for Jenkins jobs for python projects.
Stars: ✭ 108 (-2.7%)
Mutual labels:  makefile
D3 Bootstrap
[DEPRECATED] d3-friendly versions of Twitter bootstrap JavaScript tools
Stars: ✭ 105 (-5.41%)
Mutual labels:  makefile
Libbrotli
meta project to build libraries from the brotli source code
Stars: ✭ 110 (-0.9%)
Mutual labels:  makefile
Urlmock
A Cocoa framework for mocking and stubbing URL requests and responses.
Stars: ✭ 107 (-3.6%)
Mutual labels:  makefile
Project
General issue tracker for the Frictionless Data project.
Stars: ✭ 108 (-2.7%)
Mutual labels:  makefile
Graphviz Scripts
Some dot files for graphviz
Stars: ✭ 106 (-4.5%)
Mutual labels:  makefile
Rprogdatascience
Stars: ✭ 108 (-2.7%)
Mutual labels:  makefile
Workflow Paper
The .md source for "The Plain Person's Guide to Plain Text Social Science". To exactly reproduce the PDF you will need current versions of R, TexLive, biber, and the support files at http://www.kieranhealy.org/resources.html.
Stars: ✭ 108 (-2.7%)
Mutual labels:  makefile
Awesome Safety Critical
List of resources about programming practices for writing safety-critical software.
Stars: ✭ 1,425 (+1183.78%)
Mutual labels:  makefile
Saturn
Stars: ✭ 110 (-0.9%)
Mutual labels:  makefile
Kamasutra Cn
那啥经(梵汉对照)- for Chinese only
Stars: ✭ 106 (-4.5%)
Mutual labels:  makefile
Beyondinteraction
openFrameworks examples for the book "Beyond Interaction".
Stars: ✭ 108 (-2.7%)
Mutual labels:  makefile
Netbsd
for NetBSD project.
Stars: ✭ 110 (-0.9%)
Mutual labels:  makefile
Riscv Rust Toolchain
RISCV Rust Toolchain
Stars: ✭ 110 (-0.9%)
Mutual labels:  makefile
Kubernetes Common Services
These services help make it easier to manage your applications environment in Kubernetes
Stars: ✭ 109 (-1.8%)
Mutual labels:  makefile
View All Similar Projects ➔

Multi-stage build example for Velocity 2018

This repository contains a working example for the talk at Velocity 2018 in London on Advanced Docker image build patterns. The focus is on the Dockerfile, with other tooling or code included to make that example actually work. The application is written in Python, but hopefully the ideas should be pretty generally applicable. The Makefile is included as much as documentation as for actual usage. I've included an annotated version of the Dockerfile below.

# We name the `base` stage so we can refence it in multiple later
# stages but only need to update it in one place if we change it
FROM python:3-alpine AS base

WORKDIR /app
RUN pip install pipenv==2018.10.13

COPY Pipfile /app/
COPY Pipfile.lock /app/

RUN pipenv install --system --deploy


# The `app` stage is used as the base for images that don't
# need the development dependencies
FROM base AS app
COPY src /app


# The `test-base` stage is used as the base for images that require
# the development dependencies. The duplication of the COPY instruction
# avoids breaking the cache for that later when the Pipfile changes 
FROM base AS test-base
RUN pipenv install --system --deploy --dev
COPY src /app


# The `Test` stage runs the application unit tests, the build will fail
# if the tests fail. Note this stage name is capitalised, this is purely
# a convetion for stages which result in useful images. Think of it like
# hint that this is a public interface
FROM test-base AS Test
RUN pytest --black


# The `Check` stage runs a check of the package dependencies against a list
# of known security vulnerabilities. The build will fail if vulnerabilities
# are found
FROM test-base AS Check
RUN safety check


# The `Security` stage checks the application for security vulnerabilities using the 
# Aqua MicroScanner. This requires providing a build-arg with your MicroScanner token
FROM app AS Security
ARG MICROSCANNER
RUN wget -O /microscanner https://get.aquasec.com/microscanner && chmod +x /microscanner
RUN /microscanner $MICROSCANNER --full-output


# The `Docs` stage builds documentation from the application source code
# and serves that on a simple web server
FROM test-base AS Docs
RUN pycco -i *.py
WORKDIR /app/docs
EXPOSE 8000
CMD ["python", "-m", "http.server"]


# `Shell` will build an image that, when run, drops you into a 
# python shell with the application context loaded
FROM app AS Shell
CMD ["flask", "shell"]


# `release` acts as the basis for images which will actually run the application 
FROM app AS release
EXPOSE 5000


# `Dev` runs the application using the development web server, and enables
# developer tools like the debugger and interactive expcetions
FROM release AS Dev
ENV FLASK_ENV=development
CMD ["python", "app.py"]


# The `Prod` stage is the default stage if the Dockerfile is run without 
# a target stage set. The resulting image will run the application using a
# production webserver and configuration
FROM release As Prod
CMD ["gunicorn", "-b", ":5000", "app:app"]

Google Cloud Build

The above Dockerfile is also used for running the tests in Google Cloud Build. See the accompanying cloudbuild.yaml file for details. The plan is to mechanically generate this file from the Dockerfile.

GitHub Actions

The Dockerfile is also used for running on GitHub with GitHub Actions. If you're thinking this duplicates the Google Cloud Build example you'd be right. This repository is intended as an example and playground. As with the cloudbuild.yaml file above it should be possible to mechanically generate this too.

workflow "Quality" {
   on = "push"
   resolves = ["check", "test", "lint", "security", "validate"]
 }

 action "check" {
   uses = "actions/docker/[email protected]"
   args = "build --target check ."
 }

 action "test" {
   uses = "actions/docker/[email protected]"
   args = "build --target test ."
 }

 action "security" {
   uses = "actions/docker/[email protected]"
   secrets = ["MICROSCANNER"]
   args = "build --target security --build-arg MICROSCANNER=${MICROSCANNER} ."
 }

 action "lint" {
   uses = "actions/docker/[email protected]"
   args = "run -i hadolint/hadolint hadolint --ignore SC2035 - < Dockerfile"
 }

 action "build" {
   uses = "actions/docker/[email protected]"
   args = "build -t sample ."
 }

 action "validate" {
   uses = "docker://gcr.io/gcp-runtimes/container-structure-test"
   needs = "build"
   args = "test --image sample --config structure-tests.yaml"
 }

Knative Build

Knative Build is a CRD for Kubernetes which supports building in a cluster. I've also included a sample buildtemplate.yaml which demonstrates using Knative Build to run the above checks as well. This template uses a local Docker socket for demonstration purposes but could be converted to a different builder if needed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].