From e4fae2f1c13bfb600176405e381012fafe838c45 Mon Sep 17 00:00:00 2001
From: Mathias Fredriksson <mafredri@gmail.com>
Date: Fri, 30 Aug 2024 15:06:16 +0300
Subject: [PATCH 1/2] chore(dogfood): optimize dockerfile for envbuilder cache
 probing

---
 dogfood/contents/Dockerfile | 45 ++++++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 16 deletions(-)

diff --git a/dogfood/contents/Dockerfile b/dogfood/contents/Dockerfile
index 421e4a1ad9a19..57e12da10a0e7 100644
--- a/dogfood/contents/Dockerfile
+++ b/dogfood/contents/Dockerfile
@@ -2,27 +2,29 @@ FROM rust:slim AS rust-utils
 # Install rust helper programs
 # ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
 ENV CARGO_INSTALL_ROOT=/tmp/
-RUN cargo install exa bat ripgrep typos-cli watchexec-cli
+RUN cargo install exa bat ripgrep typos-cli watchexec-cli && \
+	# Reduce image size.
+	rm -rf /usr/local/cargo/registry
 
 FROM ubuntu:jammy AS go
 
-RUN apt-get update && apt-get install --yes curl gcc
 # Install Go manually, so that we can control the version
 ARG GO_VERSION=1.22.5
-RUN mkdir --parents /usr/local/go
 
 # Boring Go is needed to build FIPS-compliant binaries.
-RUN curl --silent --show-error --location \
+RUN apt-get update && \
+	apt-get install --yes curl && \
+	curl --silent --show-error --location \
 	"https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
 	-o /usr/local/go.tar.gz
 
-RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
-
 ENV PATH=$PATH:/usr/local/go/bin
-
-# Install Go utilities.
 ARG GOPATH="/tmp/"
-RUN mkdir --parents "$GOPATH" && \
+# Install Go utilities.
+RUN apt-get install --yes gcc && \
+	mkdir --parents /usr/local/go && \
+	tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 && \
+	mkdir --parents "$GOPATH" && \
 	# moq for Go tests.
 	go install github.com/matryer/moq@v0.2.3 && \
 	# swag for Swagger doc generation
@@ -73,24 +75,36 @@ RUN mkdir --parents "$GOPATH" && \
 	# yq v3 used in v1.
 	go install github.com/mikefarah/yq/v4@v4.30.6 && \
 	mv /tmp/bin/yq /tmp/bin/yq4 && \
-	go install go.uber.org/mock/mockgen@v0.4.0
+	go install go.uber.org/mock/mockgen@v0.4.0 && \
+	# Reduce image size.
+	apt-get remove --yes gcc && \
+	apt-get autoremove --yes && \
+	apt-get clean && \
+	rm -rf /usr/local/go && \
+	rm -rf /tmp/go/pkg && \
+	rm -rf /tmp/go/src
 
 FROM gcr.io/coder-dev-1/alpine:3.18 as proto
 WORKDIR /tmp
 RUN apk add curl unzip
-RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip
-RUN unzip protoc.zip
+RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip && \
+	unzip protoc.zip && \
+	rm protoc.zip
 
 FROM ubuntu:jammy
 
 SHELL ["/bin/bash", "-c"]
 
+# Install packages from apt repositories
+ARG DEBIAN_FRONTEND="noninteractive"
+
 # Updated certificates are necessary to use the teraswitch mirror.
 # This must be ran before copying in configuration since the config replaces
 # the default mirror with teraswitch.
 RUN apt-get update && apt-get install --yes ca-certificates
 
 COPY files /
+
 # We used to copy /etc/sudoers.d/* in from files/ but this causes issues with
 # permissions and layer caching. Instead, create the file directly.
 RUN mkdir -p /etc/sudoers.d && \
@@ -98,9 +112,6 @@ RUN mkdir -p /etc/sudoers.d && \
 	chmod 750 /etc/sudoers.d/ && \
 	chmod 640 /etc/sudoers.d/nopasswd
 
-# Install packages from apt repositories
-ARG DEBIAN_FRONTEND="noninteractive"
-
 RUN apt-get update --quiet && apt-get install --yes \
 	ansible \
 	apt-transport-https \
@@ -231,7 +242,9 @@ RUN systemctl disable \
 # Configure systemd services for CVMs
 RUN systemctl enable \
 	docker \
-	ssh
+	ssh && \
+	# Workaround for envbuilder cache probing not working unless the filesystem is modified.
+	touch /tmp/.envbuilder-systemctl-enable-docker-ssh-workaround
 
 # Install tools with published releases, where that is the
 # preferred/recommended installation method.

From 4e632e269279b7971b37e24f7c301ceff4e35720 Mon Sep 17 00:00:00 2001
From: Mathias Fredriksson <mafredri@gmail.com>
Date: Fri, 30 Aug 2024 15:23:38 +0300
Subject: [PATCH 2/2] save ~100MB in rust-tools and go stages by wiping apt
 lists

---
 dogfood/contents/Dockerfile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dogfood/contents/Dockerfile b/dogfood/contents/Dockerfile
index 57e12da10a0e7..5922079c3d445 100644
--- a/dogfood/contents/Dockerfile
+++ b/dogfood/contents/Dockerfile
@@ -16,12 +16,14 @@ RUN apt-get update && \
 	apt-get install --yes curl && \
 	curl --silent --show-error --location \
 	"https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-	-o /usr/local/go.tar.gz
+	-o /usr/local/go.tar.gz && \
+	rm -rf /var/lib/apt/lists/*
 
 ENV PATH=$PATH:/usr/local/go/bin
 ARG GOPATH="/tmp/"
 # Install Go utilities.
-RUN apt-get install --yes gcc && \
+RUN apt-get update && \
+	apt-get install --yes gcc && \
 	mkdir --parents /usr/local/go && \
 	tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 && \
 	mkdir --parents "$GOPATH" && \
@@ -80,6 +82,7 @@ RUN apt-get install --yes gcc && \
 	apt-get remove --yes gcc && \
 	apt-get autoremove --yes && \
 	apt-get clean && \
+	rm -rf /var/lib/apt/lists/* && \
 	rm -rf /usr/local/go && \
 	rm -rf /tmp/go/pkg && \
 	rm -rf /tmp/go/src