Dockerignore: convert to whitelist #361
Conversation
alxndrsn
force-pushed
the
dockerignore-whitelist
branch
from
ebd3976
to
74344c3
Compare
alxndrsn
force-pushed
the
dockerignore-whitelist
branch
from
74344c3
to
f97f3e6
Compare
There was a problem hiding this comment.
What will happen to the version files if we make this change? I'm thinking that they'll identify the excluded files as changes to the working directory and append -dirty to the version, which probably isn't what we want.
What do you think about running git clean instead at some point during the build? That way we could remove things like node_modules without causing a change that would show up in the version files.
.dockerignore
Outdated
|
|
||
| # Re-include the things we actually want | ||
|
|
||
| # .git dirs: required to generate version files in service container |
There was a problem hiding this comment.
Also required to generate version.txt in the nginx container (files/prebuild/write-version.sh I believe).
There was a problem hiding this comment.
Thanks, added to comment
| @@ -1,2 +1,22 @@ | |||
| node_modules | |||
There was a problem hiding this comment.
If we already had node_modules in here, how was it copied through during the build of that one server? Does .dockerignore work differently from .gitignore in that way?
There was a problem hiding this comment.
Yes 😞
.dockerignore
the patterns
/foo/barandfoo/barboth exclude a file or directory namedbarin thefoosubdirectory ofPATHor in the root of the git repository located atURL. Neither excludes anything else.
-- https://docs.docker.com/engine/reference/builder/#dockerignore-file
.gitignore
If there is a separator at the beginning or middle (or both) of the pattern, then the pattern is relative to the directory level of the particular .gitignore file itself. Otherwise the pattern may also match at any level below the .gitignore level.
-- https://git-scm.com/docs/gitignore#_pattern_format
Probably good to include the preceding / in .dockerignore to make the intent more explicit.
There was a problem hiding this comment.
Could we make it something like this:
/server/node_modules
/server/npm-debug.log
/client/node_modules
/client/npm-debug.log
Actually, could that change be all we need? Then an errant node_modules directory wouldn't be copied through.
There was a problem hiding this comment.
This would be an alternative approach, but I think with a blacklisting approach there is more scope for accidentally including unwanted files in the future.
Very interesting point. I don't think we can reliably keep Maybe the real issue in the Lines 12 to 14 in 2eea364 and then subsequently overwrite that with whatever the user has locally: Line 16 in 2eea364 😰 |
|
Line 16 in 2eea364 might be better replaced with: COPY server/config config/
COPY server/lib lib/ |
That change sounds sensible to me. I worry a little about the day when we add a new directory besides config/ and lib/, but it'd be easy enough to add it here if/when we do. Another option to consider: what if copy everything, but do so before the -COPY server/package*.json ./
+COPY server/ ./
RUN npm clean-install --omit=dev --legacy-peer-deps
RUN npm install pm2@5.2.0 -g
-COPY server/ ./Then even if |
I don't think this would pick up manual changes made in |
No description provided.