From 94e4e7fa21fbbfa63073aadc67a0c56129423684 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 24 Apr 2021 07:32:12 +0200
Subject: [PATCH 1/4] Don't invalidate the cache if the Dockerfile changes

---
 .dockerignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.dockerignore b/.dockerignore
index 077abeb7..d331bc05 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -13,3 +13,4 @@
 .editorconfig
 .git*
 *.md
+docker/

From 32ad03978c5ee03c653fd718779ea46ecadcd3ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 24 Apr 2021 07:33:06 +0200
Subject: [PATCH 2/4] Clear dnf cache to reduce image size

suggested by hadolint
---
 docker/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 72445f59..e162bdc7 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -20,7 +20,8 @@ RUN dnf install -y dnf-utils \
     && sed -i '/^exclude=/ s/$/,libjpeg-turbo-*.*.9[0-9]-*/' /etc/yum.repos.d/libjpeg-turbo.repo \
     && dnf install -y libjpeg-turbo-official \
     && echo '/opt/libjpeg-turbo/lib64' >> /etc/ld.so.conf.d/libjpeg-turbo-official-x86_64.conf \
-    && ldconfig
+    && ldconfig \
+    && dnf clean all
 
 # Update the PKG_CONFIG_PATH environment variable,
 # since libjpeg-turbo is installed in a non-standard prefix
@@ -44,7 +45,8 @@ RUN dnf install -y epel-release \
         gcc-c++ \
         openssl-devel \
         pcre-devel \
-        zlib-devel
+        zlib-devel \
+    && dnf clean all
 
 # Create nginx user and group
 RUN groupadd nginx \

From 8b202c21eabb03a0ba032e3e0a965861ec4b2854 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 24 Apr 2021 08:07:48 +0200
Subject: [PATCH 3/4] quote command output

suggested by hadolint
---
 docker/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index e162bdc7..45bdc49b 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -78,7 +78,7 @@ RUN cmake3 .. \
 --lock-path=/run/lock/subsys/nginx;\
 --user=nginx;\
 --group=nginx" \
-    && make -j$(nproc) \
+    && make -j"$(nproc)" \
     && ldconfig
 
 WORKDIR /var/www/imagesweserv

From 5e9490cecd15edf093172ac410f2574a0b43e5cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 24 Apr 2021 08:08:06 +0200
Subject: [PATCH 4/4] Remove mkdir -p where -m is used

mkdir -p -m 700 only creates the last directory with the 700 permission
not the ones created by the -p switch in lower levels.
Also some of the directories already exist and do not need to be created.
---
 docker/Dockerfile | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 45bdc49b..22432e78 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -84,11 +84,10 @@ RUN cmake3 .. \
 WORKDIR /var/www/imagesweserv
 
 # Ensure nginx directories exist
-RUN mkdir -p -m 700 /var/lib/nginx \
-    && mkdir -p -m 700 /var/lib/nginx/tmp \
-    && mkdir -p -m 700 /var/log/nginx \
-    && mkdir -p -m 755 /usr/share/nginx/html \
-    && mkdir -p -m 755 /usr/lib64/nginx/modules \
+RUN mkdir -m 700 /var/lib/nginx \
+    && mkdir -m 700 /var/lib/nginx/tmp \
+    && mkdir -m 700 /usr/lib64/nginx \
+    && mkdir -m 755 /usr/lib64/nginx/modules \
     # Forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/weserv-access.log \
     && ln -sf /dev/stderr /var/log/nginx/weserv-error.log \