I am copy from the Fossil Dockerfile here, but it is a good expeirment is building a good, secure, docker image. But wait, there is more!
It is also extermetely small.
## Fossil SCM
[Fossil](https://www.fossil-scm.org/home/doc/trunk/www/index.wiki) is a source control manager used but Sqlite, TCL, and others.
They also have some good [information](https://www.fossil-scm.org/home/doc/trunk/www/containers.md) about how they designed and recommend usage of containers.
Here I am writing up my own notes about their docker image.
## Fossil Docker Image
Several stages are used to build the container.
### Build the app
The first part uses alpine to build a static version of the fossil binary. The binary will be copied to the final image.
We are building for a source, but a static binary. A builder stage is used so the development tools won't be on the final docker image.
We now have build the application and setup the needed user info. Fossil runs as a single binary, so there isn't much needed. So, let's create a container using the `scratch` docker image.
first we'll copy the `group` and `passwd` files as well as the `/log` and `/museum` directories. Copy the user information first and THEN copy the directories and changing ownership when you do. Also make sure we have a `/tmp` directory.
Once user informaiton and directories are there, copy the binary to `/bin`.
Why? Scratch is blank. It has no commands. Basically it is an image that needs to be hand-crafted.
But after things are copied, we setup the entry point and have a working container that only has one binary `/bin/fossil`.