Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use official golang as base container #191

Merged
merged 1 commit into from
May 27, 2019
Merged

Use official golang as base container #191

merged 1 commit into from
May 27, 2019

Conversation

J0WI
Copy link
Contributor

@J0WI J0WI commented Jan 25, 2018

Docker is already providing a well supported base image for Go apps. Those official images are also continuously maintained and scanned for security issues.
Please note that this will also bump the version of Go to 1.9.3 and Alpine 3.6 (by the time of writing).

btw: would be great if you could fullfil the steps to become an "official" image yourself. :)

See also: https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/

@thaJeztah
Copy link

Thanks! I think there's additional improvements that can be made to the Dockerfile

  • Pin to a specific version of go to prevent (possibly undesired) updates to go, and make the build deterministic, e.g. pin to the current 1.9 (to get the latest 1.9 patch release of Go), or even 1.9.3 to specify an exact version
  • Use a multi-stage build: Golang, and other build-time dependencies are not needed in the final image; a multi-stage build allows you to copy just the build artifact (i.e., the "MailHog" binary) to the final image
  • Do not use go get to get the source code; doing so makes the build undeterministic (docker build will fetch the latest code from "master", which may not be the branch you're building from; also this makes it not possible for others to build from their fork of Mailhog, or from a local version). Using COPY instead to build prevents this situation.

With the above changes, the Dockerfile would look something like;

#
# MailHog Dockerfile
#
FROM golang:1.9-alpine3.7 AS build

WORKDIR /go/src/github.com/mailhog/MailHog
COPY . .
RUN go install

FROM alpine:3.7

# Install ca-certificates, required for the "release message" feature:
RUN apk --no-cache add ca-certificates

# Add mailhog user/group with uid/gid 1000.
# This is a workaround for boot2docker issue #581, see
# https://github.com/boot2docker/boot2docker/issues/581
RUN adduser -D -u 1000 mailhog

USER mailhog

WORKDIR /home/mailhog

ENTRYPOINT ["MailHog"]

# Expose the SMTP and HTTP ports:
EXPOSE 1025 8025

COPY --from=build /go/src/github.com/mailhog/MailHog/LICENSE.md /
COPY --from=build /go/bin/MailHog /usr/local/bin/

Diff/patch for the above (including changes to the .dockerignore, which currently ignores all local files);

diff --git a/.dockerignore b/.dockerignore
index 72e8ffc..f5b25d0 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1 +1,6 @@
-*
+.git
+.dockerignore
+.travis.yml
+docs
+Dockerfile
+Makefile
diff --git a/Dockerfile b/Dockerfile
index 8bd1a15..6af92eb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,18 +1,16 @@
 #
 # MailHog Dockerfile
 #
+FROM golang:1.9-alpine3.7 AS build
 
-FROM golang:alpine
+WORKDIR /go/src/github.com/mailhog/MailHog
+COPY . .
+RUN go install
 
-# Install MailHog:
-RUN apk --no-cache add --virtual build-dependencies \
-    git \
-  && mkdir -p /root/gocode \
-  && export GOPATH=/root/gocode \
-  && go get github.com/mailhog/MailHog \
-  && mv /root/gocode/bin/MailHog /usr/local/bin \
-  && rm -rf /root/gocode \
-  && apk del --purge build-dependencies
+FROM alpine:3.7
+
+# Install ca-certificates, required for the "release message" feature:
+RUN apk --no-cache add ca-certificates
 
 # Add mailhog user/group with uid/gid 1000.
 # This is a workaround for boot2docker issue #581, see
@@ -27,3 +25,6 @@ ENTRYPOINT ["MailHog"]
 
 # Expose the SMTP and HTTP ports:
 EXPOSE 1025 8025
+
+COPY --from=build /go/src/github.com/mailhog/MailHog/LICENSE.md /
+COPY --from=build /go/bin/MailHog /usr/local/bin/

@J0WI
Copy link
Contributor Author

J0WI commented Feb 9, 2018

To be deterministic we could use precompiled releases (or sources), which would also give us the ability to use version tags.
But unfortunately this projects seems not to be maintained.

@thaJeztah
Copy link

By copying it directly from the Git source, the build is tied with the commit you’re building from, and doesn’t require binaries to be built separately.

Not sure the project is not maintained, but (as many open source projects) is worked on in spare time of the author/maintainer; I guess @ian-kent is busy, so patience, and give it some time

@blueimp blueimp mentioned this pull request Apr 17, 2018
Closed
@tyndyll tyndyll added the needs verification Verification or testing required by maintainers label Sep 14, 2018
@tyndyll
Copy link
Member

tyndyll commented Sep 14, 2018

Marking as needs verification. While I'm expecting any issues I just want to be 100% this isn't going to break anything

@mleczakm
Copy link

@tyndyll I'm sure it shouldn't be merged, but instead approach from @thaJeztah #191 (comment) comment should be considered :)

@J0WI
Copy link
Contributor Author

J0WI commented Sep 28, 2018

Note: multi-stage builds may not work for official images: docker-library/official-images#3383

@thaJeztah
Copy link

The issue with official images is only for the official images itself, and due to the tooling used by the people building the official images (they use a fairly complicated build system, with a dependency graph between all the images, needed to make sure that re-builds are triggered in the right order when updating those images)

@J0WI
Copy link
Contributor Author

J0WI commented Nov 2, 2018

@tyndyll this would also fix security issues like #219.

blueimp added a commit to blueimp/mailhog that referenced this pull request Feb 19, 2019
@blueimp
Further optimize the Docker image.
acd15be 
- Use the official golang:alpine image for the build. (see also mailhog#191).
- Build and install MailHog from the current repository instead of retrieving it from GitHub.
- Statically compile MailHog, so it can be installed without any dependencies.
- Disable symbol table and DWARF generation for a smaller binary size.
- Build the final Docker image from scratch, adding only the MailHog binary and ca-certificates.
Fale pushed a commit to Fale/MailHog that referenced this pull request May 16, 2019
@blueimp @Fale
Further optimize the Docker image.
68feb68 
- Use the official golang:alpine image for the build. (see also mailhog#191).
- Build and install MailHog from the current repository instead of retrieving it from GitHub.
- Statically compile MailHog, so it can be installed without any dependencies.
- Disable symbol table and DWARF generation for a smaller binary size.
- Build the final Docker image from scratch, adding only the MailHog binary and ca-certificates.
@Fale
Copy link

Fale commented May 27, 2019

I've tested it and it works properly!
Imho this should be merged

@tyndyll tyndyll removed the needs verification Verification or testing required by maintainers label May 27, 2019
@tyndyll
Copy link
Member

tyndyll commented May 27, 2019

Merging the official Golang build for now. Will create a new issue to address the points made by @thaJeztah

@tyndyll tyndyll merged commit 9b87c4c into mailhog:master May 27, 2019
@J0WI J0WI deleted the golang-base branch May 27, 2019 20:43
@Fale Fale mentioned this pull request May 27, 2019
Open
@csandanov csandanov mentioned this pull request May 29, 2019
Open
@teohhanhui
Copy link
Contributor

This needs to be built and pushed to Docker Hub.

@tyndyll
Copy link
Member

tyndyll commented Jul 10, 2019

Yes. Working on getting credentials

bnguyen12 pushed a commit to socrata/MailHog that referenced this pull request Apr 25, 2020
@tyndyll
Merge pull request mailhog#191 from J0WI/golang-base
59b4822 
Use official golang as base container
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@J0WI @thaJeztah @tyndyll @mleczakm @Fale @teohhanhui