Skip to content

avaz/two-step-build

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
Dockerfile.builder
Dockerfile.builder
 
 
Dockerfile.release
Dockerfile.release
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 

Repository files navigation

Building docker images with two Dockerfiles

First we need to write a Dockerfile which is able to fetch and build the project:

FROM fedora:23
RUN dnf install -y git
# this is the private key you DON'T want to get leaked
COPY id_rsa /
# just for the demo; we are not using the key actually
RUN git clone https://github.com/TomasTomecek/sen /project && \
    cd /project && \
    python3 ./setup.py build
    # make clean would make sense here

Let's get the key:

cp -a ~/.ssh/id_rsa id_rsa

and don't forget to blacklist the key in .gitignore!

printf "id_rsa\n" >.gitignore

Build time!

docker build --tag=build-image .

We can copy the build artifact from build container now:

docker create --name=build-container build-image cat
docker cp build-container:/project ./build-artifact

You are free to inspect and post-process the artifact:

ls -lha ./build-artifact

Everything is fine? If so, let's build the final image.

docker build -f Dockerfile.release --tag=sen .

Is the key in final image?

cat ./test-if-key-is-present.sh
if docker run sen test -f /id_rsa
then
  printf "Key is in final image!\n"
  exit 2
else
  printf "Key is not in final image.\n"
fi
./test-if-key-is-present.sh
Key is not in final image

You can also run the whole example by executing

./build.sh

Here's a blog post about this feature.

About

Building docker images: Build and install in two steps

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 57.5%
  • Ruby 42.5%