Slim down docker image by removing some temporary files

NickeZ · NickeZ · commit ece243ed8453 · 2024-08-13T13:32:23.000+02:00
diff --git a/.ci/run-container-ci b/.ci/run-container-ci
@@ -25,7 +25,7 @@
 set -e
 set -x
 
-CONTAINER=shiftcrypto/firmware_v2:41
+CONTAINER=shiftcrypto/firmware_v2:test
 
 if [ "$1" == "pull" ] ; then
 	docker pull "$CONTAINER"
diff --git a/Dockerfile b/Dockerfile
@@ -14,29 +14,26 @@
 # limitations under the License.
 
 # Latest Ubuntu LTS
-FROM ubuntu:22.04
-ENV DEBIAN_FRONTEND noninteractive
+FROM ubuntu:22.04@sha256:0eb0f877e1c869a300c442c41120e778db7161419244ee5cbc6fa5f134e74736
+ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y wget nano rsync curl gnupg2 jq unzip bzip2
+RUN apt-get update && apt-get upgrade -y &&\
+    apt-get install -y wget nano rsync curl gnupg2 jq unzip bzip2 &&\
+    rm -r /var/lib/apt/lists/*
 
-# for clang-*-15, see https://apt.llvm.org/
+# Install gcc8-arm-none-eabi
+RUN wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2?revision=d830f9dd-cd4f-406d-8672-cca9210dd220?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,8-2018-q4-major &&\
+    echo "fb31fbdfe08406ece43eef5df623c0b2deb8b53e405e2c878300f7a1f303ee52 gcc.tar.bz2" | sha256sum -c &&\
+    tar -xjf gcc.tar.bz2 -C /usr/local --strip-components=1 &&\
+    rm -f gcc.tar.bz2
+
+# for clang-*-18, see https://apt.llvm.org/
 RUN echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" >> /etc/apt/sources.list && \
     echo "deb-src http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" >> /etc/apt/sources.list && \
     wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
 
-# Install gcc8-arm-none-eabi
-RUN mkdir ~/Downloads &&\
-    cd ~/Downloads &&\
-    wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2?revision=d830f9dd-cd4f-406d-8672-cca9210dd220?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,8-2018-q4-major &&\
-    echo "fb31fbdfe08406ece43eef5df623c0b2deb8b53e405e2c878300f7a1f303ee52 gcc.tar.bz2" | sha256sum -c &&\
-    cd ~/Downloads &&\
-    tar -xjvf gcc.tar.bz2 &&\
-    rm -f gcc.tar.bz2 &&\
-    cd ~/Downloads && rsync -a gcc-arm-none-eabi-8-2018-q4-major/ /usr/local/
-
-# Tools for building
 RUN apt-get update && apt-get install -y \
-    build-essential \
+    make \
     llvm-18 \
     gcc-10 \
     binutils \
@@ -54,95 +51,81 @@ RUN apt-get update && apt-get install -y \
     lib32z1 \
     libusb-1.0-0-dev \
     libudev-dev \
-    libhidapi-dev
-
-RUN apt-get update && apt-get install -y \
+    libhidapi-dev \
     doxygen \
-    graphviz
+    graphviz \
+    python3 \
+    python3-pip \
+    clang-format-18 \
+    clang-tidy-18 \
+    bash-completion \
+    && rm -r /var/lib/apt/lists/*
 
 # Set gcc-10 as the default gcc
 RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100
 RUN update-alternatives --install /usr/bin/gcov gcov /usr/bin/gcov-10 100
 
-# Tools for CI
-RUN apt-get update && apt-get install -y \
-    python3 \
-    python3-pip \
-    clang-format-18 \
-    clang-tidy-18
+# Make Python3 the default
+RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1
 
-RUN python3 -m pip install --upgrade pip
+# Install latest pip
+RUN python -m pip install --no-cache-dir --upgrade pip==24.2
 
 # Python modules
-COPY py/bitbox02 /tmp/bitbox02
-RUN python3 -m pip install /tmp/bitbox02
-RUN rm -r /tmp/bitbox02
-COPY py/requirements.txt /tmp
-RUN python3 -m pip install --upgrade --requirement /tmp/requirements.txt
-RUN rm /tmp/requirements.txt
+RUN --mount=source=py/bitbox02,target=/mnt/bitbox02,rw \
+    pip install --no-cache-dir /mnt/bitbox02
+RUN --mount=source=py/requirements.txt,target=/mnt/requirements.txt \
+    pip install --no-cache-dir --upgrade --requirement /mnt/requirements.txt
 
 # Python modules for CI
-RUN python3 -m pip install --upgrade \
+RUN pip install --no-cache-dir --upgrade \
     pylint==2.13.9 \
     pylint-protobuf==0.20.2 \
     black==22.3.0 \
     mypy==0.960 \
-    mypy-protobuf==3.2.0
-
-# Python modules for packaging
-RUN python3 -m pip install --upgrade \
+    mypy-protobuf==3.2.0 \
     setuptools==41.2.0 \
     wheel==0.33.6 \
-    twine==1.15.0
+    twine==1.15.0 \
+    gcovr==7.2
 
 #Install protoc from release, because the version available on the repo is too old
 RUN mkdir -p /opt/protoc && \
     curl -L0 https://github.com/protocolbuffers/protobuf/releases/download/v21.2/protoc-21.2-linux-x86_64.zip -o /tmp/protoc-21.2-linux-x86_64.zip && \
-    unzip /tmp/protoc-21.2-linux-x86_64.zip -d /opt/protoc
-ENV PATH /opt/protoc/bin:$PATH
-
-# Make Python3 the default
-RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1
-
-# Developer tools
-RUN apt-get update && apt-get install -y \
-    bash-completion
-# Install gcovr from PIP to get a newer version than in apt repositories
-RUN python3 -m pip install gcovr
+    unzip /tmp/protoc-21.2-linux-x86_64.zip -d /opt/protoc &&\
+    rm /tmp/protoc-21.2-linux-x86_64.zip
+ENV PATH=/opt/protoc/bin:$PATH
 
 # Install Go, used for the tools in tools/go and for test/gounittest
-ENV GOPATH /opt/go
-ENV GOROOT /opt/go_dist/go
-ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH
+ENV GOPATH=/opt/go
+ENV GOROOT=/opt/go_dist/go
+ENV PATH=$GOROOT/bin:$GOPATH/bin:$PATH
 RUN mkdir -p /opt/go_dist && \
     curl https://dl.google.com/go/go1.19.3.linux-amd64.tar.gz | tar -xz -C /opt/go_dist
 
 # Install lcov from release (the one from the repos is too old).
-RUN cd /opt && wget https://github.com/linux-test-project/lcov/releases/download/v1.14/lcov-1.14.tar.gz && tar -xf lcov-1.14.tar.gz
-ENV PATH /opt/lcov-1.14/bin:$PATH
+RUN curl -L https://github.com/linux-test-project/lcov/releases/download/v1.14/lcov-1.14.tar.gz | tar -xz -C /opt
+ENV PATH=/opt/lcov-1.14/bin:$PATH
 
 # Install rust compiler
-ENV PATH /opt/cargo/bin:$PATH
+ENV PATH=/opt/cargo/bin:$PATH
 ENV RUSTUP_HOME=/opt/rustup
-COPY src/rust/rust-toolchain.toml /tmp/rust-toolchain.toml
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | CARGO_HOME=/opt/cargo sh -s -- --default-toolchain $(grep -oP '(?<=channel = ")[^"]+' /tmp/rust-toolchain.toml) -y
-RUN rustup target add thumbv7em-none-eabi
-RUN rustup component add rustfmt
-RUN rustup component add clippy
-RUN rustup component add rust-src
-RUN CARGO_HOME=/opt/cargo cargo install cbindgen --version 0.26.0 --locked
-RUN CARGO_HOME=/opt/cargo cargo install bindgen-cli --version 0.69.4 --locked
+RUN --mount=source=tools/prost-build-proto,target=/mnt/prost-build-proto,rw \
+    --mount=source=src/rust/rust-toolchain.toml,target=/mnt/rust-toolchain.toml \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs |\
+    CARGO_HOME=/opt/cargo sh -s -- --default-toolchain $(grep -oP '(?<=channel = ")[^"]+' /mnt/rust-toolchain.toml) -y &&\
+    rustup target add thumbv7em-none-eabi &&\
+    rustup component add rustfmt &&\
+    rustup component add clippy &&\
+    rustup component add rust-src &&\
+    CARGO_HOME=/opt/cargo cargo install cbindgen --version 0.26.0 --locked &&\
+    CARGO_HOME=/opt/cargo cargo install bindgen-cli --version 0.69.4 --locked &&\
+    CARGO_HOME=/opt/cargo cargo install --path /mnt/prost-build-proto --locked
 
 # Until cargo vendor supports vendoring dependencies of the rust std libs we
 # need a copy of this file next to the toml file. It also has to be world
 # writable so that invocations of `cargo vendor` can update it. Below is the
 # tracking issue for `cargo vendor` to support rust std libs.
 # https://github.com/rust-lang/wg-cargo-std-aware/issues/23
-RUN cp "$(rustc --print=sysroot)/lib/rustlib/src/rust/Cargo.lock" "$(rustc --print=sysroot)/lib/rustlib/src/rust/library/test/"
-RUN chmod 777 $(rustc --print=sysroot)/lib/rustlib/src/rust/library/test/Cargo.lock
-
-COPY tools/prost-build-proto prost-build-proto
-RUN CARGO_HOME=/opt/cargo cargo install --path prost-build-proto --locked
-
-# Clean temporary files to reduce image size
-RUN rm -rf /var/lib/apt/lists/*
+RUN cp "$(rustc --print=sysroot)/lib/rustlib/src/rust/Cargo.lock" "$(rustc --print=sysroot)/lib/rustlib/src/rust/library/test/" &&\
+    chmod 777 $(rustc --print=sysroot)/lib/rustlib/src/rust/library/test/Cargo.lock
diff --git a/Makefile b/Makefile
@@ -129,7 +129,7 @@ jlink-flash-factory-setup: | build
 jlink-flash-firmware-semihosting: | build-semihosting
 	JLinkExe -if SWD -device ATSAMD51J20 -speed 4000 -autoconnect 1 -CommanderScript ./build-semihosting/scripts/firmware.jlink
 dockerinit:
-	./scripts/container.sh build --pull --platform linux/amd64 --force-rm --no-cache -t shiftcrypto/firmware_v2 .
+	./scripts/container.sh build --pull --platform linux/amd64 --no-cache -t shiftcrypto/firmware_v2 .
 dockerdev:
 	./scripts/dockerenv.sh
 dockerrel:
