Slimify docker image

Dockerfile.standalone

@@ -5,18 +5,26 @@
 # then installs the CLI system-wide.
 #
 # Entrypoint is bash, with `conjur` command available.
+FROM ubuntu:latest
 
-FROM ruby:2.4.6
+ENV CONJUR_MAJOR_VERSION=5 \
+    CONJUR_VERSION=5 \
+    DEBIAN_FRONTEND=noninteractive
 
-#---some useful tools for interactive usage---#
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-      jq curl vim nano sudo openssh-client
-# as per https://hub.docker.com/r/conjurinc/cli5/~/dockerfile/
-
-#---install summon and summon-conjur---#
-ENV CONJUR_MAJOR_VERSION=5
-ENV CONJUR_VERSION=5
+      build-essential \
+      curl \
+      git \
+      nano \
+      openssh-client \
+      ruby2.5 ruby2.5-dev \
+      sudo \
+      vim \
+      tzdata && \
+    apt-get clean
+
+# Install `summon` and `summon-conjur`
 RUN curl -sSL https://raw.githubusercontent.com/cyberark/summon/master/install.sh \
       | env TMPDIR=$(mktemp -d) bash && \
     curl -sSL https://raw.githubusercontent.com/cyberark/summon-conjur/master/install.sh \
@@ -25,20 +33,21 @@ RUN curl -sSL https://raw.githubusercontent.com/cyberark/summon/master/install.s
 # and    https://github.com/cyberark/summon-conjur#install
 ENV PATH="/usr/local/lib/summon:${PATH}"
 
-#---install Conjur 5 CLI---#
-# cache a reasonable version of api-ruby & deps
+# Install Conjur 5 CLI
+# Cache a reasonable version of api-ruby & deps
 RUN mkdir -p /usr/src && \
     cd /usr/src && \
-    git clone https://github.com/cyberark/api-ruby.git && \
+    git clone --depth 1 https://github.com/cyberark/api-ruby.git && \
     cd api-ruby && \
+    gem install bundler && \
     rake install
 
 COPY standalone.entrypoint /bin/entry
 
-# update API and install everything
+# Update API and install everything
 COPY . /usr/src/cli-ruby
 
-# only reinstall API if changed
+# Only reinstall API if changed
 RUN cd /usr/src/api-ruby && git fetch && \
     if [ $(git rev-parse HEAD origin/master | uniq | wc -l) -gt 1 ]; then \
       git reset --hard origin/master && rake install ; \

build-standalone

@@ -1,6 +1,44 @@
 #!/bin/bash -e
 
-# build the cli standalone container image
+TAG="cyberark/conjur-cli:latest"
+
+ENV_VARS=(
+  "CONJUR_MAJOR_VERSION=5"
+  "CONJUR_VERSION=5"
+  "PATH=/usr/local/lib/summon:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+)
+
+# Flatten resulting image.
+function flatten() {
+  local image="$1"
+  echo "Flattening image '$image'..."
+
+  # Since `--squash` is still experimental, we have to flatten the image
+  # by exporting and importing a container based on the source image. By
+  # doing this though, we lose a lot of the Dockerfile variables that are
+  # required for running the image (ENV, EXPOSE, WORKDIR, etc) so we
+  # manually rebuild them.
+  # See here for more details: https://github.com/moby/moby/issues/8334
+  local container=`docker create $image`
+
+  env_var_params=()
+  for env_var in ${ENV_VARS[@]}; do
+    env_var_params+=("--change")
+    env_var_params+=("ENV $env_var")
+  done
+
+  docker export $container | docker import \
+    "${env_var_params[@]}" \
+    --change 'ENTRYPOINT ["/bin/entry"]' \
+    - $image
+  docker rm $container
+}
+
+# Build the cli standalone container image
+echo "Building image $TAG"
+
 docker build . \
        -f Dockerfile.standalone \
-       -t cyberark/conjur-cli
+       -t "$TAG"
+
+flatten "$TAG"