From e4742f1c6e5e8fda97b52207e9a7b88ecdb0d4b1 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 11 Jul 2024 20:19:44 -0500 Subject: [PATCH] container: Optimize layer cache usage With the addition of ancillary scripts like `entrypoint.sh`, the `COPY .` instruction in the build stage results in a full rebuild of the final image for every change. To avoid this, we now only copy the files that are actually required to build the wheel. The other scripts are copied later, using an intermediate layer. This avoids needing a `COPY` instruction, and therefore a new layer in the final image, for each script. Hypothetically, we could use `RUN --mount=bind` and copy the files with the `install` command, but bind-mounting the build context doesn't actually work; SELinux prevents the container builder from accessing the source directory directly. --- Containerfile | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Containerfile b/Containerfile index 61ed00f..107dbd4 100644 --- a/Containerfile +++ b/Containerfile @@ -18,10 +18,19 @@ RUN --mount=type=cache,target=/var/cache \ python3-wheel \ && : -COPY . /src +COPY .git /src/.git +COPY xactfetch.py pyproject.toml /src RUN python3 -m pip wheel -w /wheels /src + +FROM scratch AS mixin + +COPY pinentry-stub.sh /usr/local/bin/pinentry-stub + +COPY entrypoint.sh /entrypoint.sh + + FROM git.pyrocufflink.net/containerimages/dch-base RUN --mount=type=cache,target=/var/cache \ @@ -66,11 +75,11 @@ ENV PLAYWRIGHT_BROWSERS_PATH=/usr/local/playwright/browsers RUN --mount=type=bind,from=build,source=/,target=/build \ python3 -m pip install --no-index -f /build/wheels xactfetch \ && cp /build/root/.cargo/bin/rbw* /usr/local/bin/ \ - && install /build/src/pinentry-stub.sh /usr/local/bin/pinentry-stub \ - && install /build/src/entrypoint.sh /entrypoint.sh \ && playwright install chromium \ && : +COPY --from=mixin / / + VOLUME /var/lib/xactfetch WORKDIR /var/lib/xactfetch