From eaa15f5ecce65fdef645b6c4ffc9a0163a3b5a3c Mon Sep 17 00:00:00 2001 From: TSDPRASAD88 Date: Sat, 8 Nov 2025 13:34:46 +0530 Subject: [PATCH] improve: optimize Dockerfiles and add contributor Docker build documentation --- .dockerignore | 46 ++++++++++++++++++++++++++--- README.md | 32 ++++++++++++++++++++ build/package/docker/Dockerfile | 31 +++++++++++++++---- build/package/docker/Dockerfile.arm | 31 +++++++++++++++---- 4 files changed, 124 insertions(+), 16 deletions(-) diff --git a/.dockerignore b/.dockerignore index 8f9f57dfab..7178303f9f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,44 @@ -** -!dist_linux/** -!dist_linux_arm64/** -!build/package/docker/.ds.container.d3e2c84f976743bdb92a7044ef12e381 +# Ignore Git files +.git +.gitignore + +# Mac system files +.DS_Store **/.DS_Store + +# Editor directories +.vscode/ +.idea/ + +# Build outputs +dist/ +dist_linux/ +dist_linux_arm64/ +build/ +coverage/ + +# Binary artifacts +*.exe +*.dll +*.so +*.dylib +*.out +*.test + +# Logs +*.log + +# Ignore vendor folder (unless needed) +vendor/ + +# Temporary files +*.tmp +*.swp + +# Scripts and command outputs **/*.command + +# Cache +.cache/ +npm-debug.log +yarn-error.log diff --git a/README.md b/README.md index ba39fcd871..b32ddfb226 100644 --- a/README.md +++ b/README.md @@ -741,6 +741,38 @@ Examples: * `slim --quiet vulnerability epss --op list --date 2024-01-05` * `slim --quiet vulnerability epss --op list --filter-cve-id-pattern 2023 --filter-score-gt 0.92 --limit 2 --offset 3` +## Building Slim from the Provided Dockerfiles (Contributor Guide) + +SlimToolkit includes Dockerfiles used to package the runtime CLI into minimal container images. +These images are useful for development, debugging, and testing container-based execution of Slim. + +### Build the main Slim runtime image + +```bash +docker build \ + -f build/package/docker/Dockerfile \ + -t slim-dev:latest . + +Run Slim inside the container +docker run --rm -it slim-dev:latest --help + +Build the ARM64 runtime image (Apple Silicon / ARM servers) +docker build \ + -f build/package/docker/Dockerfile.arm \ + -t slim-dev-arm64:latest . + +Analyze a local Docker image using Slim inside a container +docker run --rm -it \ + -v /var/run/docker.sock:/var/run/docker.sock \ + slim-dev:latest \ + build your-image:tag + +Rebuild without cache +docker build --no-cache \ + -f build/package/docker/Dockerfile \ + -t slim-dev:latest . + + ## RUNNING CONTAINERIZED diff --git a/build/package/docker/Dockerfile b/build/package/docker/Dockerfile index 7933059290..fc20cb7c9f 100644 --- a/build/package/docker/Dockerfile +++ b/build/package/docker/Dockerfile @@ -1,13 +1,32 @@ -FROM alpine:latest as ca-certs -LABEL build-role=ca-certs -RUN apk update && apk upgrade && apk add --no-cache ca-certificates && update-ca-certificates 2>/dev/null || true +# Stage 1: Build CA certificates +FROM alpine:latest AS ca-certs +LABEL build-role="ca-certs" +# Use modern best practice: avoid apk update/upgrade +RUN apk add --no-cache ca-certificates && update-ca-certificates + +# Final minimal image FROM scratch -LABEL app=slim + +# OCI recommended metadata +LABEL app="slim" +LABEL org.opencontainers.image.title="docker-slim" +LABEL org.opencontainers.image.description="DockerSlim runtime image containing the slim binary and required certificates" +LABEL org.opencontainers.image.source="https://github.com/docker-slim/docker-slim" + +# Workdir for clarity (optional but cleaner) +WORKDIR /bin + +# Copy CA certificates COPY --from=ca-certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +# Copy the slim binary package COPY dist_linux /bin + +# Copy DockerSlim container metadata file COPY build/package/docker/.ds.container.d3e2c84f976743bdb92a7044ef12e381 /.ds.container.d3e2c84f976743bdb92a7044ef12e381 -VOLUME /bin/.slim-state -ENTRYPOINT ["/bin/slim"] +# Slim keeps state here +VOLUME /bin/.slim-state +ENTRYPOINT ["/bin/slim"] diff --git a/build/package/docker/Dockerfile.arm b/build/package/docker/Dockerfile.arm index bc116d5524..f7fc31eab3 100644 --- a/build/package/docker/Dockerfile.arm +++ b/build/package/docker/Dockerfile.arm @@ -1,13 +1,32 @@ -FROM alpine:latest as ca-certs -LABEL build-role=ca-certs -RUN apk update && apk upgrade && apk add --no-cache ca-certificates && update-ca-certificates 2>/dev/null || true +# Stage 1: Build CA certificates +FROM alpine:latest AS ca-certs +LABEL build-role="ca-certs" +# Modern best practice: no apk update/upgrade +RUN apk add --no-cache ca-certificates && update-ca-certificates + +# Final minimal image for ARM builds FROM scratch -LABEL app=slim + +# OCI recommended metadata +LABEL app="slim" +LABEL org.opencontainers.image.title="docker-slim (ARM64)" +LABEL org.opencontainers.image.description="DockerSlim ARM64 runtime image containing the slim binary and required certificates" +LABEL org.opencontainers.image.source="https://github.com/docker-slim/docker-slim" + +# Workdir for consistency +WORKDIR /bin + +# Copy CA certificates COPY --from=ca-certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +# Copy the slim ARM64 binary package COPY dist_linux_arm64 /bin + +# Copy DockerSlim metadata file COPY build/package/docker/.ds.container.d3e2c84f976743bdb92a7044ef12e381 /.ds.container.d3e2c84f976743bdb92a7044ef12e381 -VOLUME /bin/.slim-state -ENTRYPOINT ["/bin/slim"] +# Slim keeps state here +VOLUME /bin/.slim-state +ENTRYPOINT ["/bin/slim"]