googleforgames
Refactor Dockerfile with multi-stage builds, security enhancements, a…
Improvements made:
Multi-stage builds: We split the Dockerfile into two stages to ensure the final image contains only the necessary dependencies for runtime.
Layer reduction: Combined multiple RUN commands to reduce the number of layers.
Security best practices: Removed unnecessary packages in the final stage and cleaned up APT cache after each package installation.
Minimal base image: Used debian:bookworm-slim for the runtime to reduce image size.
Commented paths and environment settings for clarity.
This approach makes the image more secure, smaller, and efficient for production use.
What type of PR is this?
Uncomment only one
/kind <>line, press enter to put that in a new line, and remove leading whitespace from that line:Refactor Enhancement Chore
What this PR does / Why we need it: Refactors the Dockerfile with multi-stage builds, reducing image size and layers. Applies security best practices, including package minimization and using a non-root user. Improves build efficiency and readability. Reduces image size and deployment time. Enhances security and performance. Makes the Dockerfile easier to maintain and update.
Which issue(s) this PR fixes:
Closes #
Special notes for your reviewer:
Build Failed :sob:
Build Id: c358b1da-9970-450f-a960-4c73a036be9d
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: d9fcebbc-1dc4-4180-b0fc-f67ec7846696
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 38f48a35-7c27-45f4-985a-477af71a1542
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 701a2067-8c58-4d45-893a-67d9d553fc47
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: c03a4867-5426-4150-92dd-fb95e58bc507
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: c9c7237d-4567-4ee9-8641-e32da8034f86
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 300fc546-cb43-43e0-9bae-6ea2b4c3d1e4
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 6375beb6-7b60-4155-a0fa-e001985fa0dd
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: e500d048-dc77-4d9d-9bcf-f3610a468da8
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 575b2288-c16a-4683-bc9d-97164879e706
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 177fa2fb-ec5f-409d-971b-b31c11c3ad9c
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 33e4484c-94e5-4aa2-9e36-cde659736fd9
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: be38dedc-6d89-4e35-a2b6-4ec54d184e1c
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: cf009ac9-b9da-4f67-9a71-0b39d233958d
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 90d86c27-81f7-4fa6-8902-400006240c88
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: a64794f9-007b-4435-b2a4-c3c6bfd46621
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: ebd0a94c-316f-4016-867a-683b981dd5e7
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 031eb688-05ad-4c82-a40d-5e7286645290
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 661e3ba9-73c8-4d34-b079-5e18908559bf
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 1ebde3f5-6ab7-4b63-89ab-76d75d6171ce
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 4fb91b39-c222-4c34-b75a-b60979277d8d
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 5bb46e36-e46e-4a8f-b3ca-210641d32d1b
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 93f2f4b8-bd77-47a7-a97a-b6ae4c0c0af4
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 434e10bc-1df6-48f6-8860-e64416dbb525
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Build Failed :sob:
Build Id: 72226ed0-fd0d-4332-92c3-b67b8e19b9a0
Status: FAILURE
To get permission to view the Cloud Build view, join the agones-discuss Google Group.
Been watching you punch away on this 😁
I see where it's currently failing:
+ go mod edit --replace=agones.dev/agones@latest=../../../agones.dev/agones/
/go/src/agones.dev/agones/site/gen-api-docs.sh: line 32: go: command not found
make[1]: *** [includes/website.mk:110: test-gen-api-docs] Error 127
I have to ask one question though:
Makes the Dockerfile easier to maintain and update.
Given the pain you are having - do you think this is still true? This is a build image only used in dev -- is all this pain worth it? 🤔 seems like a lot of yak shaving, and I'm not quite sure the final benefit is going to be.
Don't let me stop you, I'm curious where you finally end up, but figured how long you've been working on this, I figured I would ask the question 😄
Hi Mark , Thanks for your comment . I've been motivated to contribute to this project because of its importance in the democratization of Games infrastructure, and I believe I can help improve it with a better solution. This is one of my first experiences in the world of open source contribution, and I love a good challenge.
When I start something, I like to see it through to the end—it's a valuable learning opportunity for me, especially as I continue searching for a job.
Regarding the Dockerfile, multi-stage builds are something I recently learned, and I thought this project could benefit from them.
Regarding the Dockerfile, multi-stage builds are something I recently learned, and I thought this project could benefit from them.
I definitely appreciate the effort, and love the commitment - but I'll ask the question: Can you articulate a concrete benefit here, or is this dev to scratch a technology itch (we've all been there ☺️).
What do you think?
Hi Mark, While I was motivated to exercise my recent learning of multi-stage builds, the changes provide tangible benefits. They reduce the image size by excluding unnecessary build tools, improve security by minimizing the attack surface, and speed up builds with better caching. So, it’s a blend of practicing new skills while delivering real advantages to the project.
I hope I have answered your question.