-
-
Save mlocher/a5a84dd5577cd69921d42d4fa3777005 to your computer and use it in GitHub Desktop.
Dockerfile best practices
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ruby:2.3.0 | |
| LABEL maintainer="Kaitlyn Tierney, [email protected]" | |
| ENV RAILS_ENV=test | |
| RUN apt-get update -qq \ | |
| && apt-get install -y --no-install-recommends \ | |
| build-essential \ | |
| libpq-dev \ | |
| nodejs \ | |
| postgresql-client \ | |
| postgresql-common \ | |
| && rm -rf /var/lib/apt/lists/* | |
| RUN mkdir -p /app | |
| WORKDIR /app | |
| COPY Gemfile Gemfile.lock ./ | |
| RUN gem install bundler \ | |
| && bundle install -j20 --without development production | |
| COPY . ./ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A couple comments :)
There are multiple Dockerfile linters available, e.g. http://hadolint.lukasmartinelli.ch or https://www.fromlatest.io (I personally prefer fromlatest.io right now). They are a great way to keep up with best practices and make sure your Dockerfiles follow them.
I made the following changes to the original
DockerfileAdded a maintainer
LABELon line 2, to make it easy to figure out who's maintaining the image. This is not strictly required, but useful, especial for public images.Move the
ENVdirective to the topic, as it's unlikely to change and this way the cache can be used in most cases.Add
--no-install-recommendsto the package installation commands, to keep the size of the Docker image down, additionally clean the apt cache at the end of theRUNcommand viarm -rf /var/lib/apt/lists/*Have each package on its own line and sort them alphabetically. (This reduces the chance of installing packages twice and makes it easier to see which packages are getting installed.)
Combine
COPYstatements, so instead of twoCOPYstatements use only a single one. For this to work, the destination needs to be a folder. AdditionallyWORKDIRsets your current working directory, so any relative paths following that directive are relative to that directory. (That way you don't have to specify/appwhen copying theGemfile, but simply copy it to./Combine multiple
RUNstatements that are logically connected to generate fewer layersSwitch from
ADDtoCOPYfor the remaining files.ADDshould only be used in case you need the special behavior it provides (around downloading remote files or extracting archives), which is not the case for most Dockerfiles.