Building a “docker image”, or more appropriately an OCI image, is usually associated with
Dockerfile format. Although it is one of the most generic way to build an OCI
image, it is definitely not the only way, nor the best way, depending on your use case.
And there is a decent amount of ways to create your image. Let’s try to explore some of
Don’t get me wrong, I used to love
Dockerfile. They have been extremely useful for the container ecosystem. The
recent evolutions, backed by
buildkit are also very good. But they do come with a bit of
- They do not allow (or enable) to write reproducible builds. The timestamps, the
RUNwith “random” commands is getting in the way.
- They bring a very big assumption, each and every
RUNis running in a container. Of course there is tools (as we may, or may not see) that do build
Dockerfilewithout containers, but they are a bit limited (because of that assumption).
Questions to ask yourself
In order to decide what to use to build a container image, there is a couple of questions to answer. Your answers will help you choose what tool to use.
- Is “reproductible builds” something important to you ?
- Is your CI running in containers ?
- Is your developement environment running in containers ?
- Do you care about running things as root ?
- Do you care about running things as privileged (aka giving the keys to escape the containers to the process running in the container) ?