Reduce license_management image weight
Problem to solve
registry.gitlab.com/gitlab-org/security-products/license-management is currently built from https://github.com/pivotal-legacy/LicenseFinder/blob/master/Dockerfile.
This image tries to cover many cases, but not all, and result in a huge image of over 2GB. It's not really hard to reduce the size of the image.
Further details
In https://github.com/pivotal-legacy/LicenseFinder/blob/master/Dockerfile we can see a lot of package managers (and therefore languages) being installed. It's inefficient because, for example for Java, only the jdk-8 will be installed. Not only projects using a jdk-9, or jdk-10, won't work, but we also install a lot of packages that will maybe never used.
Proposal
- Create a new image from a lighter and more stable image (I suggest a
debian:stableinstead of anubuntuimage) - Improve our detection script to install the required dependencies. For example, https://github.com/pivotal-legacy/LicenseFinder/blob/master/Dockerfile#L53 can be deported to this detection script, to be executed during runtime instead.
- Invite the users to improve this part of the script, to cover more cases.
What does success look like, and how can we measure that?
registry.gitlab.com/gitlab-org/security-products/license-management < 100MB (vs ~2GB today).
license_management should be compatible with many projects out of the box. So we should keep and maintain this auto-detection, instead of asking the users to provide it all the time.
Implementation Plan
-
Build custom docker image for dotnet-core/mono. -
Remove dotnet-core/mono dependencies from default image. -
Update documentation on how to scan dotnet/mono projects using a custom image.