Different Dockerfile for release/development (Dockerfile.release & Dockerfile.development)
it make sense to separate Dockerfile for release and development as build-cache needed only in development which require additional COPY operation (first COPY for files required for determination of which packages to install, second COPY for all remain files of diffoscope source-code)
in release a build-cache is not used, so it's possible to just copy all needed source code in one COPY operation, as in between releases of diffoscope it's probably likely that some of the dependencies have newer versions (and the likelihood will increase in time as more dependencies are installed to support more file-formats), thus users of diffoscope release image won't gain benefit of caching if 2 COPY operation are used as in development (the layer that install dependencies will most-likely differ between releases)
so here content of improved Dockerfile.release file which fix all of the issues in #104 (closed) (except the hacky ./debian/control usage)
FROM debian:sid-slim
ARG DEBIAN_FRONTEND=noninteractive
LABEL org.opencontainers.image.title="Official diffoscope image" \
org.opencontainers.image.description="Run diffoscope with Debian." \
org.opencontainers.image.licenses="GPL-3.0" \
org.opencontainers.image.source="https://salsa.debian.org/reproducible-builds/diffoscope.git/"
COPY [".", "/srv/diffoscope"]
RUN set -ex; \
# todo: remove mkdir command below when fixed https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955619
mkdir -p /usr/share/man/man1/; \
apt-get update; \
apt-get install --yes --no-install-recommends build-essential devscripts equivs; \
mk-build-deps --install --tool 'apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' /srv/diffoscope/debian/control; \
apt-get remove --purge --yes build-essential devscripts equivs python3-pytest python3-pytest-cov; \
rm -rf /srv/diffoscope/debian \
/var/lib/apt/lists/* \
/diffoscope-build-deps* \
# todo: remove below line (dir removal) when fixed https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955619
/usr/share/man/man1/; \
useradd -ms /bin/bash user;
USER user
WORKDIR /home/user
ENV PATH="/srv/diffoscope/bin:${PATH}"
ENTRYPOINT ["/srv/diffoscope/bin/diffoscope"]
CMD ["--help"]remaining tasks are:
- add more labels, and put correct values in them, see: #104 (comment 163424)
and make the following change (adding -f Dockerfile.release) to the build command in CONTRIBUTING.md file:
--- CONTRIBUTING.md
+++ CONTRIBUTING.md
@@ -89,5 +89,5 @@
Finally, update the Docker image using:
- $ docker build --force-rm --no-cache --pull -t registry.salsa.debian.org/reproducible-builds/diffoscope .
+ $ docker build --force-rm --no-cache --pull -f Dockerfile.release -t registry.salsa.debian.org/reproducible-builds/diffoscope .
$ docker push registry.salsa.debian.org/reproducible-builds/diffoscopeRegarding the Dockerfile.development which is useful for developing using/inside container, it's problematic (not optimized, require very hackish code/operation) to use the above code mechanism which use ./debain/control from repo, alternatives are currently discussed in comments from: #104 (comment 164391)
probably a better solution to install dependencies then current code exists, which allow making efficient Dockerfile.development as well (and will decrease time to build Dockerfile.release). can the above change be merged meanwhile? or do we wait for better solution?
just noting that above Dockerfile will generate image on latest commit 0293f49a with size: 3.54GB
while the currently image used in registry.salsa.debian.org/reproducible-builds/diffoscope (version 140) is: 3.92GB
so overall decrease of 380 MB (and if older Dockerfile was used on the same commit, the difference will be higher due to new added dependencies such as apksigner)