ci: use distroless Debian image as base

I managed to workaround building a distroless image with Earthly, and this produces a slim 20MB image. :) It also adds a volume for Disco data. I'll document a recommended workflow with Podman shortly. Part of #9
hackfixme · Apr 22, 2024 · 7fad39d · 7fad39d
1 parent ab80933
commit 7fad39d
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 26 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,12 @@
+FROM gcr.io/distroless/static-debian12
+
+# NOTE: This file is meant to be used with Earthly and can't be used on its own
+# to build Disco images.
+
+USER nonroot
+
+ENV DISCO_DATA_DIR=/opt/disco
+
+WORKDIR $DISCO_DATA_DIR
+
+VOLUME $DISCO_DATA_DIR
diff --git a/Earthfile b/Earthfile
@@ -78,49 +78,39 @@ build:
 
 build-oci-linux-amd64:
   BUILD +build
-  ARG tags="latest"
-  ARG latest=""
 
-  FROM --platform=linux/amd64 ubuntu:24.04
-  ENV DEBIAN_FRONTEND=noninteractive
-  RUN apt-get update && apt-get install -y ca-certificates
+  FROM DOCKERFILE --platform=linux/amd64 .
   COPY +build/dist/disco-*-linux-amd64/disco /usr/local/bin/
   ENTRYPOINT ["/usr/local/bin/disco"]
 
-  FOR tag IN "$tags"
-    SAVE IMAGE --push hackfixme/disco:"$tag"
-  END
-  IF [ -n "$latest" ]
-    SAVE IMAGE --push hackfixme/disco:latest
-  END
-
 
 build-oci-linux-arm64:
   BUILD +build
-  ARG tags="latest"
-  ARG latest=""
 
-  FROM --platform=linux/arm64 ubuntu:24.04
-  ENV DEBIAN_FRONTEND=noninteractive
-  RUN apt-get update && apt-get install -y ca-certificates
+  FROM DOCKERFILE --platform=linux/arm64 .
   COPY +build/dist/disco-*-linux-arm64/disco /usr/local/bin/
   ENTRYPOINT ["/usr/local/bin/disco"]
 
-  FOR tag IN "$tags"
-    SAVE IMAGE --push hackfixme/disco:"$tag"
-  END
-  IF [ -n "$latest" ]
-    SAVE IMAGE --push hackfixme/disco:latest
-  END
-
 
 build-oci:
   BUILD +build
   FROM +build
   ARG tags="latest"
   ARG latest=""
-  BUILD +build-oci-linux-amd64 --tags="$tags" --latest="$latest"
-  BUILD +build-oci-linux-arm64 --tags="$tags" --latest="$latest"
+
+  FOR tag IN "$tags"
+    FROM +build-oci-linux-amd64
+    SAVE IMAGE --push hackfixme/disco:"$tag"
+    FROM +build-oci-linux-arm64
+    SAVE IMAGE --push hackfixme/disco:"$tag"
+  END
+  FROM busybox
+  IF [ -n "$latest" ]
+    FROM +build-oci-linux-amd64
+    SAVE IMAGE --push hackfixme/disco:latest
+    FROM +build-oci-linux-arm64
+    SAVE IMAGE --push hackfixme/disco:latest
+  END
 
 
 publish-oci: