[docker] Use a multi-stage build for base-cipd
This saves ~300MB by stripping out the packages/files needed by intermediate
stages. Unfortunately, it's still around 400MB, but most of that is the CIPD
packages themselves. I think the best way forward is to have our apps
explicitly request the packages they need, rather than use a single base image
containing all possible packages. I've organized the Dockerfile so that the
"cipd" stage could act as the base for those specialized images.
Change-Id: If95aa48afc75d7e6108df6aac005e11aaea9488a
Reviewed-on: https://skia-review.googlesource.com/c/buildbot/+/264557
Reviewed-by: Joe Gregorio <jcgregorio@google.com>
Commit-Queue: Eric Boren <borenet@google.com>
diff --git a/kube/base-cipd/Dockerfile b/kube/base-cipd/Dockerfile
index 8e79c20..6cd0c51 100644
--- a/kube/base-cipd/Dockerfile
+++ b/kube/base-cipd/Dockerfile
@@ -1,24 +1,21 @@
-# Keep the tag for base-cipd in sync with the tag used here for debian.
-FROM debian:testing-slim
+ARG CIPD_ROOT="/cipd"
+# Keep the tag for base-cipd in sync with the tag used here for debian.
+FROM debian:testing-slim AS base
RUN apt-get update && apt-get upgrade -y && apt-get install -y \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& addgroup --gid 2000 skia \
&& adduser --uid 2000 --gid 2000 skia
-
USER skia:skia
# Install the CIPD client by syncing depot_tools to the revision specified in
# recipes.cfg (we're not a recipe, but it's conveniently pinned there and auto-
# rolled) and running the wrapper script. This process requires temporarily
# installing some packages that we prefer to obtain via CIPD.
+FROM base AS install_cipd
USER root
-ENV CIPD_ROOT="/cipd"
-ENV CIPD_CACHE_DIR="${CIPD_ROOT}/.cache"
-RUN apt-get update && apt-get -y install git curl python-minimal \
- && mkdir -p ${CIPD_ROOT} && chown skia:skia ${CIPD_ROOT} \
- && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get upgrade -y && apt-get install -y git curl python-minimal
USER skia:skia
COPY ./tmp/recipes.cfg /tmp/recipes.cfg
RUN cat /tmp/recipes.cfg | \
@@ -29,13 +26,28 @@
&& cd depot_tools \
&& git reset --hard "$(cat /tmp/depot_tools_rev)" \
&& ./cipd --version \
- && cp ./.cipd_client ${CIPD_ROOT}/cipd
-ENV PATH="${CIPD_ROOT}:${PATH}"
-USER root
-RUN apt-get -y remove git python-minimal
+ && cp ./.cipd_client /tmp/cipd
-# Run "cipd ensure" to obtain the packages we need.
+# This stage brings us back to the base image, plus the CIPD binary.
+FROM base AS cipd
+USER root
+COPY --from=install_cipd /tmp/cipd /usr/local/bin/cipd
USER skia:skia
+
+# Now install the desired packages.
+FROM cipd AS install_pkgs
+ARG CIPD_ROOT
+ENV CIPD_ROOT=$CIPD_ROOT
+USER root
+RUN mkdir -p ${CIPD_ROOT} && chown skia:skia ${CIPD_ROOT}
+USER skia
COPY ./tmp/cipd.ensure /tmp/cipd.ensure
+ENV CIPD_CACHE_DIR="/tmp/.cipd_cache"
RUN cipd ensure -root=${CIPD_ROOT} -ensure-file /tmp/cipd.ensure
-ENV PATH="${CIPD_ROOT}/cipd_bin_packages:${CIPD_ROOT}/cipd_bin_packages/bin:${PATH}"
+
+# The final stage brings us back to the base image with the installed CIPD packages.
+FROM base AS base-cipd
+ARG CIPD_ROOT
+ENV CIPD_ROOT=$CIPD_ROOT
+COPY --from=install_pkgs ${CIPD_ROOT} ${CIPD_ROOT}
+ENV PATH="${CIPD_ROOT}:${CIPD_ROOT}/cipd_bin_packages:${CIPD_ROOT}/cipd_bin_packages/bin:${PATH}"