feat: user multi-stage builds and remove apt and pip caches

template/python27-flask/Dockerfile

@@ -1,5 +1,5 @@
 FROM ghcr.io/openfaas/of-watchdog:0.9.3 as watchdog
-FROM python:2.7-alpine
+FROM python:2.7-alpine as builder
 
 COPY --from=watchdog /fwatchdog /usr/bin/fwatchdog
 RUN chmod +x /usr/bin/fwatchdog
@@ -21,21 +21,23 @@ WORKDIR /home/app/
 COPY --chown=app:app index.py           .
 COPY --chown=app:app requirements.txt   .
 USER root
-RUN pip install -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
 USER app
 
 RUN mkdir -p function
 RUN touch ./function/__init__.py
 WORKDIR /home/app/function/
 COPY --chown=app:app function/requirements.txt	.
-RUN pip install --user -r requirements.txt
+RUN pip install --no-cache-dir --user -r requirements.txt
 
 WORKDIR /home/app/
 
 USER root
 COPY --chown=app:app function   function
 USER app
 
+FROM builder as final
+
 ENV fprocess="python index.py"
 ENV cgi_headers="true"
 ENV mode="http"

template/python3-flask-debian/Dockerfile

@@ -7,7 +7,9 @@ RUN chmod +x /usr/bin/fwatchdog
 ARG ADDITIONAL_PACKAGE
 # Alternatively use ADD https:// (which will not be cached by Docker builder)
 
-RUN apt-get -qy update && apt-get -qy install gcc make ${ADDITIONAL_PACKAGE}
+RUN apt-get -qy update \
+    && apt-get -qy install gcc make ${ADDITIONAL_PACKAGE} \
+    && rm -rf /var/lib/apt/lists/*
 
 # Add non root user
 RUN addgroup --system app && adduser app --system --ingroup app
@@ -23,7 +25,7 @@ COPY --chown=app:app index.py           .
 COPY --chown=app:app requirements.txt   .
 
 USER root
-RUN pip install -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
 
 # Build the function directory and install any user-specified components
 USER app
@@ -32,17 +34,20 @@ RUN mkdir -p function
 RUN touch ./function/__init__.py
 WORKDIR /home/app/function/
 COPY --chown=app:app function/requirements.txt	.
-RUN pip install --user -r requirements.txt
+RUN pip install --no-cache-dir --user -r requirements.txt
 
 #install function code
 USER root
 
 COPY --chown=app:app function/   .
 
+FROM builder as tester
 ARG TEST_COMMAND=tox
 ARG TEST_ENABLED=true
 RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"
 
+
+FROM builder as final
 WORKDIR /home/app/
 
 #configure WSGI server and healthcheck

template/python3-flask/Dockerfile

@@ -23,7 +23,7 @@ COPY --chown=app:app index.py           .
 COPY --chown=app:app requirements.txt   .
 
 USER root
-RUN pip install -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
 
 # Build the function directory and install any user-specified components
 USER app
@@ -32,17 +32,20 @@ RUN mkdir -p function
 RUN touch ./function/__init__.py
 WORKDIR /home/app/function/
 COPY --chown=app:app function/requirements.txt	.
-RUN pip install --user -r requirements.txt
+RUN pip install --no-cache-dir --user -r requirements.txt
 
 #install function code
 USER root
 
 COPY --chown=app:app function/   .
 
+
+FROM builder as tester
 ARG TEST_COMMAND=tox
 ARG TEST_ENABLED=true
 RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"
 
+FROM builder as final
 WORKDIR /home/app/
 
 #configure WSGI server and healthcheck

template/python3-http-debian/Dockerfile

@@ -7,7 +7,9 @@ RUN chmod +x /usr/bin/fwatchdog
 ARG ADDITIONAL_PACKAGE
 # Alternatively use ADD https:// (which will not be cached by Docker builder)
 
-RUN apt-get -qy update && apt-get -qy install ${ADDITIONAL_PACKAGE}
+RUN apt-get -qy update \
+    && apt-get -qy install ${ADDITIONAL_PACKAGE} \
+    && rm -rf /var/lib/apt/lists/*
 
 # Add non root user
 RUN addgroup --system app && adduser app --system --ingroup app
@@ -22,22 +24,26 @@ WORKDIR /home/app/
 COPY --chown=app:app index.py           .
 COPY --chown=app:app requirements.txt   .
 USER root
-RUN pip install -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
 USER app
 
 RUN mkdir -p function
 RUN touch ./function/__init__.py
 WORKDIR /home/app/function/
 COPY --chown=app:app function/requirements.txt	.
-RUN pip install --user -r requirements.txt
+RUN pip install --no-cache-dir --user -r requirements.txt
 
 USER root
 COPY --chown=app:app function/   .
 
+FROM builder as tester
+
 ARG TEST_COMMAND=tox
 ARG TEST_ENABLED=true
 RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"
 
+
+FROM builder as final
 WORKDIR /home/app/
 
 USER app

template/python3-http/Dockerfile

@@ -22,7 +22,7 @@ WORKDIR /home/app/
 COPY --chown=app:app index.py           .
 COPY --chown=app:app requirements.txt   .
 USER root
-RUN pip install -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
 
 # Build the function directory and install any user-specified components
 USER app
@@ -31,16 +31,18 @@ RUN mkdir -p function
 RUN touch ./function/__init__.py
 WORKDIR /home/app/function/
 COPY --chown=app:app function/requirements.txt	.
-RUN pip install --user -r requirements.txt
+RUN pip install --no-cache-dir --user -r requirements.txt
 
 # install function code
 USER root
 COPY --chown=app:app function/   .
 
+FROM builder as tester
 ARG TEST_COMMAND=tox
 ARG TEST_ENABLED=true
 RUN [ "$TEST_ENABLED" = "false" ] && echo "skipping tests" || eval "$TEST_COMMAND"
 
+FROM builder as final
 WORKDIR /home/app/
 
 # configure WSGI server and healthcheck