Google Git
Sign in
go / pkgsite-metrics / 1d669d6f650d8a907cc9abec7aa7acba410dd4de^! / .
commit1d669d6f650d8a907cc9abec7aa7acba410dd4de[log] [tgz]
authorJonathan Amsterdam <jba@google.com>Sat Feb 25 08:10:23 2023 -0500
committerJonathan Amsterdam <jba@google.com>Mon Feb 27 14:12:18 2023 +0000
tree25255eb5c1ad44f3d0dbacfaa8e9de9f74945721
parent99df97990af52c162a94916e54633f81b21e7a40 [diff]
cmd/worker/Dockerfile: reorder to enable caching

Put bundle creation before building the worker source
so docker can cache it.

Change-Id: I855b36c76fc8dbc3a772d844064c38343483cff3
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/471160
Reviewed-by: Maceo Thompson <maceothompson@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/cmd/worker/Dockerfile b/cmd/worker/Dockerfile
index 8a4405b..968b8be 100644
--- a/cmd/worker/Dockerfile
+++ b/cmd/worker/Dockerfile

@@ -25,6 +25,28 @@
 # The sandbox mounts this directory.
 RUN mkdir module
 
+#### Sandbox setup
+
+# Install runsc.
+ADD https://storage.googleapis.com/gvisor/releases/release/20221107.0/x86_64/runsc /usr/local/bin/
+RUN chmod a+rx /usr/local/bin/runsc
+
+# Set up for runsc.
+# runsc expects a directory called a "bundle" that contains a config.json
+# file and an OS filesystem.
+
+# Create the runsc bundle.
+WORKDIR /bundle
+COPY config.json .
+
+# go-image.tar.gz is a complete Docker image of a Go installation in tar format.
+# Use it for the bundle's OS filesystem.
+COPY go-image.tar.gz .
+RUN tar --same-owner -pxzf go-image.tar.gz -C rootfs
+
+# Copy the downloaded copy of the vuln DB into the bundle root.
+COPY go-vulndb rootfs/go-vulndb
+
 #### Building binaries
 
 # Set the working directory outside $GOPATH to ensure module mode is enabled.
@@ -53,28 +75,6 @@
 # Build the sandbox runner program and put it in the bundle root.
 RUN go build -mod=readonly -o /bundle/rootfs/runner ./internal/sandbox/runner.go
 
-#### Sandbox setup
-
-# Install runsc.
-ADD https://storage.googleapis.com/gvisor/releases/release/20221107.0/x86_64/runsc /usr/local/bin/
-RUN chmod a+rx /usr/local/bin/runsc
-
-# Set up for runsc.
-# runsc expects a directory called a "bundle" that contains a config.json
-# file and an OS filesystem.
-
-# Create the runsc bundle.
-WORKDIR /bundle
-COPY config.json .
-
-# go-image.tar.gz is a complete Docker image of a Go installation in tar format.
-# Use it for the bundle's OS filesystem.
-COPY go-image.tar.gz .
-RUN tar --same-owner -pxzf go-image.tar.gz -C rootfs
-
-# Copy the downloaded copy of the vuln DB into the bundle root.
-COPY go-vulndb rootfs/go-vulndb
-
 #### Worker setup
 
 WORKDIR /app