Advanced Build Techniques

Production images should be as small as possible. This reduces download times, storage costs, and security risks. Multi-stage builds are the best tool for this.

1. What are Multi-Stage Builds?

In a multi-stage build, you use one image for the build (compiling code, installing heavy dev dependencies) and a different, smaller image for the final product (running only the compiled code).

Example: A Go Web Application

Dockerfile:

# STAGE 1: Build the binary
FROM golang:1.19-alpine AS builder
WORKDIR /build
COPY . .
RUN go build -o myapp main.go
 
# STAGE 2: Create the final small image
FROM alpine:3.17
WORKDIR /app
# Copy ONLY the compiled binary from the 'builder' stage
COPY --from=builder /build/myapp .
 
CMD ["./myapp"]

2. Comparing Image Sizes

Let's see the difference between a single-stage and a multi-stage image.

Action:

# Building the multi-stage image
docker build -t myapp:optimized .
docker images myapp:optimized

Result:

REPOSITORY    TAG           IMAGE ID       CREATED          SIZE
myapp         optimized     a1b2c3d4e5f6   10 seconds ago   12.5MB

(A single-stage build might have been 500MB+ because it included the Go compiler and build tools!)

3. Using Distroless Images

For maximum security and minimal size, you can use Distroless images from Google. These images contain only your application and its dependencies—no shell, no package manager.

Dockerfile snippet:

# Final stage
FROM gcr.io/distroless/static-debian11
COPY --from=builder /build/myapp /
CMD ["/myapp"]

4. Layer Caching (Best Practice)

Docker builds images faster by caching layers. Order your Dockerfile from least likely to change to most likely to change.

Summary

• Use Multi-stage builds to separate build-time and run-time.
• Use Alpine or Distroless for small, secure final images.
• Cache layers correctly to speed up your CI/CD pipelines.