From 40c619c1ece0b7237e65ba785744e613b0c1febb Mon Sep 17 00:00:00 2001
From: Benjamin Sergeant <bsergean@gmail.com>
Date: Sun, 29 Mar 2020 13:05:31 -0700
Subject: [PATCH] (docker) trim down docker image (300M -> 12M) / binary built
 without symbol and size optimization, and source code not copied over

---
 docker/Dockerfile.alpine         | 31 ++++++++++++++++---------------
 docs/CHANGELOG.md                |  4 ++++
 ixwebsocket/IXWebSocketVersion.h |  2 +-
 makefile                         | 24 +++++++++++++++++++-----
 tools/trim_repo_for_docker.sh    |  6 ++++++
 5 files changed, 46 insertions(+), 21 deletions(-)
 create mode 100644 tools/trim_repo_for_docker.sh

diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine
index 0affec50..8e8eb7ad 100644
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@@ -1,12 +1,13 @@
 FROM alpine:3.11 as build
 
-RUN apk add --no-cache gcc g++ musl-dev linux-headers cmake mbedtls-dev
-RUN apk add --no-cache make
-RUN apk add --no-cache zlib-dev
+RUN apk add --no-cache \
+    gcc g++ musl-dev linux-headers \
+    cmake mbedtls-dev make zlib-dev
 
-RUN addgroup -S app && adduser -S -G app app
-RUN chown -R app:app /opt
-RUN chown -R app:app /usr/local
+RUN addgroup -S app && \
+    adduser -S -G app app && \
+    chown -R app:app /opt && \
+    chown -R app:app /usr/local
 
 # There is a bug in CMake where we cannot build from the root top folder
 # So we build from /opt
@@ -14,21 +15,21 @@ COPY --chown=app:app . /opt
 WORKDIR /opt
 
 USER app
-RUN [ "make", "ws_mbedtls_install" ]
-RUN [ "rm", "-rf", "build" ]
+RUN make ws_mbedtls_install && \
+    sh tools/trim_repo_for_docker.sh
 
 FROM alpine:3.11 as runtime
 
-RUN apk add --no-cache libstdc++ mbedtls
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache libstdc++ mbedtls ca-certificates && \
+    addgroup -S app && \
+    adduser -S -G app app
 
-RUN addgroup -S app && adduser -S -G app app
 COPY --chown=app:app --from=build /usr/local/bin/ws /usr/local/bin/ws
-RUN chmod +x /usr/local/bin/ws
-RUN ldd /usr/local/bin/ws
 
-# Copy source code for gcc
-COPY --chown=app:app --from=build /opt /opt
+# COPY --chown=app:app --from=build /opt /opt
+
+RUN chmod +x /usr/local/bin/ws && \
+    ldd /usr/local/bin/ws
 
 # Now run in usermode
 USER app
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index e885f934..6fe713f7 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Changelog
 All changes to this project will be documented in this file.
 
+## [9.1.5] - 2020-03-29
+
+(docker) trim down docker image (300M -> 12M) / binary built without symbol and size optimization, and source code not copied over
+
 ## [9.1.4] - 2020-03-28
 
 (jsoncpp) update bundled copy to version 1.9.3 (at sha 3beb37ea14aec1bdce1a6d542dc464d00f4a6cec)
diff --git a/ixwebsocket/IXWebSocketVersion.h b/ixwebsocket/IXWebSocketVersion.h
index 1bc7bd0e..0b871525 100644
--- a/ixwebsocket/IXWebSocketVersion.h
+++ b/ixwebsocket/IXWebSocketVersion.h
@@ -6,4 +6,4 @@
 
 #pragma once
 
-#define IX_WEBSOCKET_VERSION "9.1.4"
+#define IX_WEBSOCKET_VERSION "9.1.5"
diff --git a/makefile b/makefile
index cf6e0459..61267c5c 100644
--- a/makefile
+++ b/makefile
@@ -1,5 +1,13 @@
 #
-# This makefile is just used to easily work with docker (linux build)
+# This makefile is used for convenience, and wrap simple cmake commands
+# You don't need to use it as an end user, it is more for developer.
+#
+# * work with docker (linux build)
+# * execute the unittest
+#
+# The default target will install ws, the command line tool coming with
+# IXWebSocket into /usr/local/bin
+#
 #
 all: brew
 
@@ -8,14 +16,23 @@ install: brew
 # Use -DCMAKE_INSTALL_PREFIX= to install into another location
 # on osx it is good practice to make /usr/local user writable
 # sudo chown -R `whoami`/staff /usr/local
+#
+# Release, Debug, MinSizeRel, RelWithDebInfo are the build types
+#
 brew:
 	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_WS=1 -DUSE_TEST=1 .. ; make -j 4 install)
 
+# Docker default target. We've add problem with OpenSSL and TLS 1.3 (on the
+# server side ?) and I can't work-around it easily, so we're using mbedtls on
+# Linux for the SSL backend, which works great.
+ws_mbedtls_install:
+	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DUSE_TLS=1 -DUSE_WS=1 -DUSE_MBED_TLS=1 .. ; make -j 4 install)
+
 ws:
 	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_WS=1 .. ; make -j 4)
 
 ws_install:
-	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUSE_TLS=1 -DUSE_WS=1 .. ; make -j 4 install)
+	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DUSE_TLS=1 -DUSE_WS=1 .. ; make -j 4 install)
 
 ws_openssl:
 	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_WS=1 -DUSE_OPEN_SSL=1 .. ; make -j 4)
@@ -23,9 +40,6 @@ ws_openssl:
 ws_mbedtls:
 	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_WS=1 -DUSE_MBED_TLS=1 .. ; make -j 4)
 
-ws_mbedtls_install:
-	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUSE_TLS=1 -DUSE_WS=1 -DUSE_MBED_TLS=1 .. ; make -j 4 install)
-
 ws_no_ssl:
 	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_WS=1 .. ; make -j 4)
 
diff --git a/tools/trim_repo_for_docker.sh b/tools/trim_repo_for_docker.sh
new file mode 100644
index 00000000..fdd863ac
--- /dev/null
+++ b/tools/trim_repo_for_docker.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Used to clean up some non essential folders to make the ws container
+
+rm -rf build
+rm -rf third_party/zlib
+rm -rf third_party/mbedtls