- Consolidate apk & apt commands
- Consolidate ENV layers
- Consolidate RUN layers
- Remove unused variables
- Remove packages that are no longer needed
- Bind mount /app/Pipfile
`/cache` is now a `tmpfs` mount that has a `cache` mount on top for `pipenv` to use.
`apt` has `cache` mounts in the standard places:
- /var/lib/apt
- /var/cache/apt
* Do without --link for COPY or ADD
* Do without --checksum for ADD
* Trim the FFMPEG_VERSION variable with cut instead
I've built successfully on old Debian systems using these changes. Everything else I use has a newer docker on it.
- Specify the syntax be the latest stable version and that failed checks should stop the build.
```
By default, builds with failing build checks exit with a zero status code despite warnings. To make the build fail on warnings, set #check=error=true.
```
- Use the form of health checking that doesn't involve an extra shell on every check.
* Create a s6-overlay-extracted stage to copy from
This was largely inspired by: @socheatsok78
Our downloaded files are checked where that version doesn't do any verification of the downloads.
* Update ffmpeg to the first build with checksums.sha256
* Create a ffmpeg-extracted stage to copy from
* Don't preserve ownership from the builder
I was sick of the extra work with ffmpeg builds.
So, I managed to get sums generated for those builds and now we don't need to manually fill out SHA256 hashes anymore.
Now to bump ffmpeg, we can just change the date.
Running the ffmpeg in an earlier (hopefully cached) layer should clean up the logs a bit.
On a related note, shadowing the environment variable was causing some confusing log output, so stop doing that as well.
The shell used on the build system doesn't support `pipefail` so test for output instead.
It might be incorrect output, but in combination with running the `ffmpeg` binary earlier, this should be enough.
