multistage build (enhancement)

[denisandreenko]

🚀 Pull Request: Optimizing Docker Build Process with Multistage Build and Cache Busting

📝 Description:

This pull request introduces several enhancements to our Docker build process, resulting in faster and more efficient container image builds. I've implemented a multistage build approach, added a .dockerignore file, and incorporated cache busting techniques to improve the overall development workflow and reduce image size.

🏗️ Changes Made:

1. Multistage Build: I've revamped our Dockerfile to utilize a multistage build approach. The multistage build significantly reduces the final image size by building only the necessary artifacts and dependencies needed to run the application. This not only improves the efficiency of the build process but also ensures a leaner production image.

2. .dockerignore File: Introduced a .dockerignore file to exclude unnecessary files and directories from being copied into the Docker context during the build process. This reduces the amount of data that Docker needs to process and speeds up the initial build, as well as subsequent builds using cache.

3. Cache Busting: To prevent unnecessary layers from being cached during the build process, I've implemented cache busting techniques for certain steps in the Dockerfile.

📈 Expected Impact:

• Faster build times: The multistage build approach and cache busting techniques will significantly reduce build times, especially when building subsequent images.
• Smaller image size: The final production image will be smaller due to the reduction of unnecessary dependencies and artifacts.

Please review the code changes. Your feedback and suggestions are greatly appreciated!

🙌 Thank you!

[danielelisi]

Hi @denisandreenko and thanks for the PR!

We use Goreleaser for building, packaging, and publishing Signatory in different formats(Binaries and Docker) and for different OS(Linux, Mac, Windows). Specifically, we use goreleaser-cross to allow CGO cross-compilation which is required for Yubikey bault backend to work.

Goreleaser requires copying pre-compiled binaries to the Docker image as mentioned in the docs, which is why we can't move to multi-stage builds.

[danielelisi]

However I'll test your multi-stage Dockerfile with a Yubikey. If it works out fine we could have 2 Dockerfiles; we could append -goreleaser suffix to the current Dockerfile and have the one you proposed in this PR become the default Dockerfile.

[denisandreenko]

However I'll test your multi-stage Dockerfile with a Yubikey. If it works out fine we could have 2 Dockerfiles; we could append -goreleaser suffix to the current Dockerfile and have the one you proposed in this PR become the default Dockerfile.

Sounds good to me.
Just goreleaser may be not suitable for everyone who makes a fork, since configuration for new registry should be added, also it may not require to do build for different systems, etc. + this is a time overhead, so it's good to have a simple multi-stage build to test features / do quick deploy on the server.

Thanks @danielelisi for your review!

[denisandreenko]

I've separated dockerfiles. Please check that goreleaser works as expected, since I don't have access to your environment.

[denisandreenko]

Hi @danielelisi ✋

Did you have a chance to look at it?

[danielelisi]

@GImbrailo tested the image produced by the multistage build and confirmed that yubiHSM works correctly. I'll proceed and merge this