Study the benefit of using a binary data tool to embed resources

Question

Study the benefit of using a binary data tool to embed resources

imulab opened this issue 5 years ago · 2 comments

@requaos proposed a binary data tool pkger in #38

The original intention was to avoid too many COPY commands creating too many layers. The stock files were since placed in a single folder, reducing the total number of COPY commands needed to 2 (1 for binary, 1 for public folder).

However, the use of binary data tool may still be beneficial, if:

It reduces COPY commands even more
It does not add too much complexity to the building process (requiring external software be installed)
It can help resource references in tests. Currently tests reference files in their relative paths, which is a fragile practice. It will be much better to be able to reference absolute paths from the root of the module.

Answer 1 · 2020-01-30T21:53:02.000Z

@imulab The primary benefit of using a binary data tool is the ability to have the final container be
FROM scratch
This allows for minimal container size and reduces attack surface from a security standpoint.
In production circumstances I will usually upx -9 my go binary, that is compiled with the -netgo flag to remove dependencies on an os level networking stack. Results in a <5Mb container that deploys like lightning.

Answer 2 · 2020-03-17T05:07:51.000Z

I have successfully bundled assets in the binary output in another project that uses the core lib, links is here.

Closing this issue since there no immediate intention to port the feature as well.