11 issues in Dockerfile
emanuelb opened this issue · 0 comments
- sudo not needed
there is no need to install & use sudo in container as it's run by root inside container.
sudo is installed in:
and used in:
- Old bundletool
latest version is 1.7.0: https://github.com/google/bundletool/releases/download/1.7.0/bundletool-all-1.7.0.jar
- old command line tools
latest is: https://dl.google.com/android/repository/commandlinetools-linux-7302050_latest.zip
from: https://developer.android.com/studio/index.html#command-tools
- Install
python3-pip
instead of usingget-pip.py
trusteeWallet/docker/Dockerfile.androidprebuild
Lines 14 to 17 in 55f72dc
Documentation of pip installation suggest to not use git-pip
when there is available package for distro:
https://pip.pypa.io/en/stable/installing/#installing-with-get-pip-py
https://pip.pypa.io/en/stable/installing/#using-linux-package-managers
The python3-pip
package for ubuntu install pip.
- Add
--no-install-recommends
for apt-get install commands:
adding --no-install-recommends
for apt-get install
commands will probably/may reduce the amount of packages installed (then the package list may need to be increased with some required dependencies for the usage which are part of the recommended list, like for example ca-certificates
package)
- Combine RUN
trusteeWallet/docker/Dockerfile.verifyandroidbuild
Lines 23 to 30 in 55f72dc
trusteeWallet/docker/Dockerfile.androidprebuild
Lines 29 to 34 in 55f72dc
each RUN command create layer, it's better to use less RUN commands instead, such as:
RUN set -ex; \
command1; \
command2;
- Use COPY instead of ADD
-
Use valid values for BUILD_NUMBER & COMMIT_SHA :
trusteeWallet/docker/Dockerfile.verifyandroidbuild
Lines 3 to 4 in 55f72dc
as example, add comment before it to change them, as currently the values are invalid (not sha commit) -
old cmake
newest from android sdk tools: 3.18.1
- use npm ci
npm ci
is needed for reproducible package versions installation.
- Running as root in container
Currently every command is run under root in the container, it's better to run whats possible under regular user instead.
Use USER
directive to change to user created with command such as useradd -ms /bin/bash appuser