dockerTools.buildLayeredImage: pass a list of closures to mkManyPureLayers so it can exclude the top-most level

Before, every docker image had three extra layers:

1. A `closure` layer which is an internal implementation detail of
   calculating the closure of the container
2. a `name-config.json` layer which is the images' run-time
   configuration, and has no business being *in* the image as a layer.
3. a "bulk-layers" layer which is again and implementation detail
   around collecting the image's closure.

None of these layers need to be in the final product.
This commit is contained in:
Graham Christensen 2019-12-16 12:47:47 -05:00
parent f6d75f550e
commit aec80dddc0
No known key found for this signature in database
GPG Key ID: FE918C3A98C1030F

View File

@ -290,7 +290,7 @@ rec {
mkManyPureLayers = {
name,
# Files to add to the layer.
closure,
closures,
configJson,
# Docker has a 125-layer maximum, we pick 100 to ensure there is
# plenty of room for extension.
@ -303,10 +303,12 @@ rec {
isExecutable = true;
src = ./store-path-to-layer.sh;
};
overallClosure = writeText "closure" (lib.concatStringsSep " " closures);
in
runCommand "${name}-granular-docker-layers" {
inherit maxLayers;
paths = referencesByPopularity closure;
paths = referencesByPopularity overallClosure;
nativeBuildInputs = [ jshon rsync tarsum ];
enableParallelBuilding = true;
}
@ -558,7 +560,7 @@ rec {
bulkLayers = mkManyPureLayers {
name = baseName;
closure = writeText "closure" "${contentsEnv} ${configJson}";
closures = [ contentsEnv configJson ];
# One layer will be taken up by the customisationLayer, so
# take up one less.
maxLayers = maxLayers - 1;