Document how to use Debian slim Docker images

br3ndonland · Aug 14, 2021 · 22b8253 · 22b8253
1 parent 582dcef
commit 22b8253
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/docs/docker.md b/docs/docker.md
@@ -177,3 +177,27 @@ The basic build dependencies used by inboard include `gcc`, `libc-dev`, and `mak
     Adding `--virtual .build-project` creates a "virtual package" named `.build-project` that groups the rest of the dependencies listed. All of the dependencies can then be deleted as a set by simply referencing the name of the virtual package, like `apk del .build-project`.
 
 The good news - Python is planning to support binary package distributions built for Alpine Linux. See [PEP 656](https://www.python.org/dev/peps/pep-0656/) for details.
+
+### Debian slim
+
+The [official Python Docker image](https://hub.docker.com/_/python) provides "slim" variants of the Debian base images. These images are built on Debian, but then have the build dependencies removed after Python is installed. As with Alpine Linux, there are some caveats:
+
+-   Commonly-used packages are removed, requiring reinstallation in downstream images.
+-   The overall number of security vulnerabilities will be reduced as compared to the Debian base images, but vulnerabilities inherent to Debian will still remain.
+-   If `/etc/os-release` is sourced, the `$ID` will still be `debian`, so custom environment variables or other methods must be used to identify the image as a "slim" distribution.
+
+A _Dockerfile_ equivalent to the Alpine Linux example might look like the following:
+
+!!! example "Example Debian Linux slim _Dockerfile_ for PostgreSQL project"
+
+    ```dockerfile
+    ARG INBOARD_DOCKER_TAG=fastapi-slim
+    FROM ghcr.io/br3ndonland/inboard:${INBOARD_DOCKER_TAG}
+    ENV APP_MODULE=mypackage.main:app INBOARD_DOCKER_TAG=${INBOARD_DOCKER_TAG}
+    COPY poetry.lock pyproject.toml /app/
+    WORKDIR /app/
+    RUN sh -c 'if [[ $INBOARD_DOCKER_TAG == *slim* ]]; then apt-get update -qy && apt-get install -qy --no-install-recommends gcc libc-dev libpq-dev make wget; fi' && \
+      poetry install --no-dev --no-interaction --no-root && \
+      sh -c 'if [[ $INBOARD_DOCKER_TAG == *slim* ]]; then apt-get purge --auto-remove -qy gcc libc-dev make wget; fi'
+    COPY mypackage /app/mypackage
+    ```