2016-10-14 18:30:36 -04:00
---
title: "build"
description: "The build command description and usage"
2016-11-03 18:48:30 -04:00
keywords: "build, docker, image"
2016-10-14 18:30:36 -04:00
---
2015-06-21 16:41:38 -04:00
# build
2016-07-07 14:43:18 -04:00
```markdown
Usage: docker build [OPTIONS] PATH | URL | -
2015-06-21 16:41:38 -04:00
2016-07-07 14:43:18 -04:00
Build an image from a Dockerfile
2015-06-21 16:41:38 -04:00
cli: use custom annotation for aliases
Cobra allows for aliases to be defined for a command, but only allows these
to be defined at the same level (for example, `docker image ls` as alias for
`docker image list`). Our CLI has some commands that are available both as a
top-level shorthand as well as `docker <object> <verb>` subcommands. For example,
`docker ps` is a shorthand for `docker container ps` / `docker container ls`.
This patch introduces a custom "aliases" annotation that can be used to print
all available aliases for a command. While this requires these aliases to be
defined manually, in practice the list of aliases rarely changes, so maintenance
should be minimal.
As a convention, we could consider the first command in this list to be the
canonical command, so that we can use this information to add redirects in
our documentation in future.
Before this patch:
docker images --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Options:
-a, --all Show all images (default hides intermediate images)
...
With this patch:
docker images --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Aliases:
docker image ls, docker image list, docker images
Options:
-a, --all Show all images (default hides intermediate images)
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-28 04:52:25 -04:00
Aliases:
docker image build, docker build, docker buildx build, docker builder build
2016-07-07 14:43:18 -04:00
Options:
2017-01-13 10:01:58 -05:00
--add-host value Add a custom host-to-IP mapping (host:ip) (default [])
2016-07-07 14:43:18 -04:00
--build-arg value Set build-time variables (default [])
2016-09-22 17:38:00 -04:00
--cache-from value Images to consider as cache sources (default [])
2016-07-07 14:43:18 -04:00
--cgroup-parent string Optional parent cgroup for the container
2016-08-18 04:35:23 -04:00
--compress Compress the build context using gzip
2016-07-07 14:43:18 -04:00
--cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota
-c, --cpu-shares int CPU shares (relative weight)
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--disable-content-trust Skip image verification (default true)
-f, --file string Name of the Dockerfile (Default is 'PATH/Dockerfile')
--force-rm Always remove intermediate containers
--help Print usage
2017-04-06 08:33:56 -04:00
--iidfile string Write the image ID to the file
2016-07-07 14:43:18 -04:00
--isolation string Container isolation technology
--label value Set metadata for an image (default [])
-m, --memory string Memory limit
--memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap
2016-12-09 10:15:26 -05:00
--network string Set the networking mode for the RUN instructions during build
2016-03-06 07:29:23 -05:00
'bridge': use default Docker bridge
'none': no networking
'container:< name | id > ': reuse another container's network stack
'host': use the Docker host network stack
'< network-name > |< network-id > ': connect to a user-defined network
2016-07-07 14:43:18 -04:00
--no-cache Do not use cache when building the image
2019-05-15 14:31:01 -04:00
-o, --output Output destination (format: type=local,dest=path)
2016-07-07 14:43:18 -04:00
--pull Always attempt to pull a newer version of the image
2020-03-15 10:11:43 -04:00
--progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty).
2018-08-30 20:47:29 -04:00
Use plain to show container output
2016-07-07 14:43:18 -04:00
-q, --quiet Suppress the build output and print image ID on success
--rm Remove intermediate containers after a successful build (default true)
2018-08-30 20:47:29 -04:00
--secret Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret"
2016-06-07 15:15:50 -04:00
--security-opt value Security Options (default [])
2016-12-28 17:44:07 -05:00
--shm-size bytes Size of /dev/shm
2016-07-07 14:43:18 -04:00
The format is `<number><unit>` . `number` must be greater than `0` .
Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes),
or `g` (gigabytes). If you omit the unit, the system uses bytes.
2016-12-09 10:15:26 -05:00
--squash Squash newly built layers into a single new layer (**Experimental Only**)
2018-10-05 05:35:09 -04:00
--ssh SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|< id > [=< socket > |< key > [,< key > ]])
2016-07-07 14:43:18 -04:00
-t, --tag value Name and optionally a tag in the 'name:tag' format (default [])
2017-05-12 20:12:10 -04:00
--target string Set the target build stage to build.
2016-07-07 14:43:18 -04:00
--ulimit value Ulimit options (default [])
```
2015-06-21 16:41:38 -04:00
2017-02-07 18:42:48 -05:00
## Description
2017-06-26 21:46:45 -04:00
The `docker build` command builds Docker images from a Dockerfile and a
"context". A build's context is the set of files located in the specified
`PATH` or `URL` . The build process can refer to any of the files in the
2022-06-27 05:51:41 -04:00
context. For example, your build can use a [*COPY* ](https://docs.docker.com/engine/reference/builder/#copy )
2017-06-26 21:46:45 -04:00
instruction to reference a file in the context.
2015-06-21 16:41:38 -04:00
2016-08-15 07:32:03 -04:00
The `URL` parameter can refer to three kinds of resources: Git repositories,
pre-packaged tarball contexts and plain text files.
### Git repositories
When the `URL` parameter points to the location of a Git repository, the
2017-04-10 20:11:28 -04:00
repository acts as the build context. The system recursively fetches the
repository and its submodules. The commit history is not preserved. A
repository is first pulled into a temporary directory on your local host. After
2017-08-16 11:53:57 -04:00
that succeeds, the directory is sent to the Docker daemon as the context.
2017-04-10 20:11:28 -04:00
Local copy gives you the ability to access private repositories using local
user credentials, VPN's, and so forth.
2015-06-21 16:41:38 -04:00
2020-04-19 11:08:37 -04:00
> **Note**
>
2017-04-18 18:58:53 -04:00
> If the `URL` parameter contains a fragment the system will recursively clone
> the repository and its submodules using a `git clone --recursive` command.
2015-06-21 16:41:38 -04:00
Git URLs accept context configuration in their fragment section, separated by a
2020-04-19 11:23:09 -04:00
colon (`:`). The first part represents the reference that Git will check out,
2017-06-26 21:46:45 -04:00
and can be either a branch, a tag, or a remote reference. The second part
2017-04-10 20:11:28 -04:00
represents a subdirectory inside the repository that will be used as a build
context.
2015-06-21 16:41:38 -04:00
For example, run this command to use a directory called `docker` in the branch
`container` :
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build https://github.com/docker/rootfs.git#container:docker
```
2015-06-21 16:41:38 -04:00
The following table represents all the valid suffixes with their build
contexts:
2022-03-30 06:37:35 -04:00
| Build Syntax Suffix | Commit Used | Build Context Used |
|--------------------------------|-----------------------|--------------------|
| `myrepo.git` | `refs/heads/master` | `/` |
| `myrepo.git#mytag` | `refs/tags/mytag` | `/` |
| `myrepo.git#mybranch` | `refs/heads/mybranch` | `/` |
| `myrepo.git#pull/42/head` | `refs/pull/42/head` | `/` |
| `myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` |
| `myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` |
| `myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` |
| `myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` |
2015-06-21 16:41:38 -04:00
2016-08-15 07:32:03 -04:00
### Tarball contexts
If you pass an URL to a remote tarball, the URL itself is sent to the daemon:
2021-08-21 08:54:14 -04:00
```console
2016-08-15 07:32:03 -04:00
$ docker build http://server/context.tar.gz
2016-10-17 11:38:35 -04:00
```
2016-08-15 07:32:03 -04:00
The download operation will be performed on the host the Docker daemon is
running on, which is not necessarily the same host from which the build command
is being issued. The Docker daemon will fetch `context.tar.gz` and use it as the
build context. Tarball contexts must be tar archives conforming to the standard
`tar` UNIX format and can be compressed with any one of the 'xz', 'bzip2',
'gzip' or 'identity' (no compression) formats.
### Text files
Instead of specifying a context, you can pass a single `Dockerfile` in the
`URL` or pipe the file in via `STDIN` . To pipe a `Dockerfile` from `STDIN` :
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build - < Dockerfile
```
2016-05-27 12:01:05 -04:00
With Powershell on Windows, you can run:
2016-07-20 10:18:44 -04:00
```powershell
Get-Content Dockerfile | docker build -
```
2015-06-21 16:41:38 -04:00
2016-08-15 07:32:03 -04:00
If you use `STDIN` or specify a `URL` pointing to a plain text file, the system
places the contents into a file called `Dockerfile` , and any `-f` , `--file`
option is ignored. In this scenario, there is no context.
2015-06-21 16:41:38 -04:00
By default the `docker build` command will look for a `Dockerfile` at the root
of the build context. The `-f` , `--file` , option lets you specify the path to
an alternative file to use instead. This is useful in cases where the same set
of files are used for multiple builds. The path must be to a file within the
2016-08-15 07:32:03 -04:00
build context. If a relative path is specified then it is interpreted as
relative to the root of the context.
2015-06-21 16:41:38 -04:00
In most cases, it's best to put each Dockerfile in an empty directory. Then,
add to that directory only the files needed for building the Dockerfile. To
increase the build's performance, you can exclude files and directories by
adding a `.dockerignore` file to that directory as well. For information on
2022-06-27 05:51:41 -04:00
creating one, see the [.dockerignore file ](https://docs.docker.com/engine/reference/builder/#dockerignore-file ).
2015-06-21 16:41:38 -04:00
If the Docker client loses connection to the daemon, the build is canceled.
2015-12-09 14:26:07 -05:00
This happens if you interrupt the Docker client with `CTRL-c` or if the Docker
client is killed for any reason. If the build initiated a pull which is still
running at the time the build is cancelled, the pull is cancelled as well.
2015-06-21 16:41:38 -04:00
## Return code
On a successful build, a return code of success `0` will be returned. When the
build fails, a non-zero failure code will be returned.
There should be informational output of the reason for failure output to
`STDERR` :
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build -t fail .
Sending build context to Docker daemon 2.048 kB
Sending build context to Docker daemon
2016-11-05 22:05:19 -04:00
Step 1/3 : FROM busybox
2016-07-20 10:18:44 -04:00
---> 4986bf8c1536
2016-11-05 22:05:19 -04:00
Step 2/3 : RUN exit 13
2016-07-20 10:18:44 -04:00
---> Running in e26670ec7a0a
INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13
$ echo $?
1
```
2015-06-21 16:41:38 -04:00
See also:
2022-06-27 05:51:41 -04:00
[*Dockerfile Reference* ](https://docs.docker.com/engine/reference/builder/ ).
2015-06-21 16:41:38 -04:00
## Examples
2015-09-27 21:45:10 -04:00
### Build with PATH
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build .
Uploading context 10240 bytes
2016-11-05 22:05:19 -04:00
Step 1/3 : FROM busybox
2016-07-20 10:18:44 -04:00
Pulling repository busybox
---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/
2016-11-05 22:05:19 -04:00
Step 2/3 : RUN ls -lh /
2016-07-20 10:18:44 -04:00
---> Running in 9c9e81692ae9
total 24
drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin
drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev
drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc
drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib
lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib
dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc
lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin
dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys
drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp
drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr
---> b35f4035db3f
2016-11-05 22:05:19 -04:00
Step 3/3 : CMD echo Hello world
2016-07-20 10:18:44 -04:00
---> Running in 02071fceb21b
---> f52f38b7823e
Successfully built f52f38b7823e
Removing intermediate container 9c9e81692ae9
Removing intermediate container 02071fceb21b
```
2015-06-21 16:41:38 -04:00
This example specifies that the `PATH` is `.` , and so all the files in the
local directory get `tar` d and sent to the Docker daemon. The `PATH` specifies
where to find the files for the "context" of the build on the Docker daemon.
Remember that the daemon could be running on a remote machine and that no
parsing of the Dockerfile happens at the client side (where you're running
`docker build` ). That means that *all* the files at `PATH` get sent, not just
2022-06-27 05:51:41 -04:00
the ones listed to [*ADD* ](https://docs.docker.com/engine/reference/builder/#add )
in the Dockerfile.
2015-06-21 16:41:38 -04:00
The transfer of context from the local machine to the Docker daemon is what the
`docker` client means when you see the "Sending build context" message.
If you wish to keep the intermediate containers after the build is complete,
you must use `--rm=false` . This does not affect the build cache.
2015-09-27 21:45:10 -04:00
### Build with URL
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build github.com/creack/docker-firefox
```
2015-09-27 21:45:10 -04:00
This will clone the GitHub repository and use the cloned repository as context.
2016-08-15 07:32:03 -04:00
The Dockerfile at the root of the repository is used as Dockerfile. You can
specify an arbitrary Git repository by using the `git://` or `git@` scheme.
2021-08-21 08:54:14 -04:00
```console
2016-08-15 07:32:03 -04:00
$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz
Downloading context: http://server/ctx.tar.gz [===================>] 240 B/240 B
2016-11-05 22:05:19 -04:00
Step 1/3 : FROM busybox
2016-08-15 07:32:03 -04:00
---> 8c2e06607696
2016-11-05 22:05:19 -04:00
Step 2/3 : ADD ctx/container.cfg /
2016-08-15 07:32:03 -04:00
---> e7829950cee3
Removing intermediate container b35224abf821
2016-11-05 22:05:19 -04:00
Step 3/3 : CMD /bin/ls
2016-08-15 07:32:03 -04:00
---> Running in fbc63d321d73
---> 3286931702ad
Removing intermediate container fbc63d321d73
Successfully built 377c409b35e4
```
This sends the URL `http://server/ctx.tar.gz` to the Docker daemon, which
downloads and extracts the referenced tarball. The `-f ctx/Dockerfile`
parameter specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used
2016-12-20 03:44:17 -05:00
to build the image. Any `ADD` commands in that `Dockerfile` that refers to local
2016-08-15 07:32:03 -04:00
paths must be relative to the root of the contents inside `ctx.tar.gz` . In the
example above, the tarball contains a directory `ctx/` , so the `ADD
ctx/container.cfg /` operation works as expected.
2015-09-27 21:45:10 -04:00
### Build with -
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build - < Dockerfile
```
2015-09-27 21:45:10 -04:00
This will read a Dockerfile from `STDIN` without context. Due to the lack of a
context, no contents of any local directory will be sent to the Docker daemon.
Since there is no context, a Dockerfile `ADD` only works if it refers to a
remote URL.
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build - < context.tar.gz
```
2015-09-27 21:45:10 -04:00
This will build an image for a compressed context read from `STDIN` . Supported
formats are: bzip2, gzip and xz.
2017-02-07 18:42:48 -05:00
### Use a .dockerignore file
2015-09-27 21:45:10 -04:00
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build .
Uploading context 18.829 MB
Uploading context
2016-11-05 22:05:19 -04:00
Step 1/2 : FROM busybox
2016-07-20 10:18:44 -04:00
---> 769b9341d937
2016-11-05 22:05:19 -04:00
Step 2/2 : CMD echo Hello world
2016-07-20 10:18:44 -04:00
---> Using cache
---> 99cc1ad10469
Successfully built 99cc1ad10469
$ echo ".git" > .dockerignore
$ docker build .
Uploading context 6.76 MB
Uploading context
2016-11-05 22:05:19 -04:00
Step 1/2 : FROM busybox
2016-07-20 10:18:44 -04:00
---> 769b9341d937
2016-11-05 22:05:19 -04:00
Step 2/2 : CMD echo Hello world
2016-07-20 10:18:44 -04:00
---> Using cache
---> 99cc1ad10469
Successfully built 99cc1ad10469
```
2015-06-21 16:41:38 -04:00
This example shows the use of the `.dockerignore` file to exclude the `.git`
directory from the context. Its effect can be seen in the changed size of the
uploaded context. The builder reference contains detailed information on
2022-06-27 05:51:41 -04:00
[creating a .dockerignore file ](https://docs.docker.com/engine/reference/builder/#dockerignore-file ).
2019-05-24 15:07:52 -04:00
2022-10-25 05:54:35 -04:00
When using the [BuildKit backend ](https://docs.docker.com/build/buildkit/ ),
2022-06-27 05:51:41 -04:00
`docker build` searches for a `.dockerignore` file relative to the Dockerfile
name. For example, running `docker build -f myapp.Dockerfile .` will first look
for an ignore file named `myapp.Dockerfile.dockerignore` . If such a file is not
found, the `.dockerignore` file is used if present. Using a Dockerfile based
`.dockerignore` is useful if a project contains multiple Dockerfiles that expect
to ignore different sets of files.
2019-05-24 15:07:52 -04:00
2015-06-21 16:41:38 -04:00
2022-03-30 06:42:26 -04:00
### <a name=tag></a> Tag an image (-t, --tag)
2015-09-27 21:45:10 -04:00
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build -t vieux/apache:2.0 .
```
2015-06-21 16:41:38 -04:00
This will build like the previous example, but it will then tag the resulting
2016-05-11 09:15:50 -04:00
image. The repository name will be `vieux/apache` and the tag will be `2.0` .
[Read more about valid tags ](tag.md ).
2015-06-21 16:41:38 -04:00
2015-08-30 09:48:03 -04:00
You can apply multiple tags to an image. For example, you can apply the `latest`
tag to a newly built image and add another tag that references a specific
version.
For example, to tag an image both as `whenry/fedora-jboss:latest` and
`whenry/fedora-jboss:v2.1` , use the following:
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
```
2017-03-19 17:53:10 -04:00
2022-03-30 06:42:26 -04:00
### <a name=file></a> Specify a Dockerfile (-f, --file)
2015-06-21 16:41:38 -04:00
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build -f Dockerfile.debug .
```
2015-06-21 16:41:38 -04:00
This will use a file called `Dockerfile.debug` for the build instructions
instead of `Dockerfile` .
2021-08-21 08:54:14 -04:00
```console
2017-04-10 16:47:41 -04:00
$ curl example.com/remote/Dockerfile | docker build -f - .
```
The above command will use the current directory as the build context and read
a Dockerfile from stdin.
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
$ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod .
```
2015-06-21 16:41:38 -04:00
The above commands will build the current build context (as specified by the
`.` ) twice, once using a debug version of a `Dockerfile` and once using a
production version.
2021-08-21 08:54:14 -04:00
```console
2016-07-20 10:18:44 -04:00
$ cd /home/me/myapp/some/dir/really/deep
$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp
$ docker build -f ../../../../dockerfiles/debug /home/me/myapp
```
2015-06-21 16:41:38 -04:00
These two `docker build` commands do the exact same thing. They both use the
contents of the `debug` file instead of looking for a `Dockerfile` and will use
`/home/me/myapp` as the root of the build context. Note that `debug` is in the
directory structure of the build context, regardless of how you refer to it on
the command line.
2020-05-11 11:32:52 -04:00
> **Note**
>
> `docker build` returns a `no such file or directory` error if the
2015-06-21 16:41:38 -04:00
> file or directory does not exist in the uploaded context. This may
> happen if there is no context, or if you specify a file that is
> elsewhere on the Host system. The context is limited to the current
> directory (and its children) for security reasons, and to ensure
> repeatable builds on remote Docker hosts. This is also the reason why
2020-05-11 11:32:52 -04:00
> `ADD ../file` does not work.
2015-06-21 16:41:38 -04:00
2022-03-30 06:42:26 -04:00
### <a name=cgroup-parent></a> Use a custom parent cgroup (--cgroup-parent)
2015-09-27 21:45:10 -04:00
2015-06-21 16:41:38 -04:00
When `docker build` is run with the `--cgroup-parent` option the containers
2020-12-07 06:24:44 -05:00
used in the build will be run with the [corresponding `docker run` flag ](../run.md#specify-custom-cgroups ).
2015-06-21 16:41:38 -04:00
2022-03-30 06:42:26 -04:00
### <a name=ulimit></a> Set ulimits in container (--ulimit)
2015-09-27 21:45:10 -04:00
2015-10-08 10:20:06 -04:00
Using the `--ulimit` option with `docker build` will cause each build step's
2023-01-06 11:26:24 -05:00
container to be started using those [`--ulimit` flag values ](run.md#ulimit ).
2014-11-14 13:59:14 -05:00
2022-03-30 06:42:26 -04:00
### <a name=build-arg></a> Set build-time variables (--build-arg)
2015-09-27 21:45:10 -04:00
2014-11-14 13:59:14 -05:00
You can use `ENV` instructions in a Dockerfile to define variable
values. These values persist in the built image. However, often
persistence is not what you want. Users want to specify variables differently
depending on which host they build an image on.
A good example is `http_proxy` or source versions for pulling intermediate
files. The `ARG` instruction lets Dockerfile authors define values that users
2015-09-27 21:45:10 -04:00
can set at build-time using the `--build-arg` flag:
2014-11-14 13:59:14 -05:00
2021-08-21 08:54:14 -04:00
```console
2018-03-26 17:28:49 -04:00
$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PROXY=http://40.50.60.5:4567 .
2016-07-20 10:18:44 -04:00
```
2014-11-14 13:59:14 -05:00
This flag allows you to pass the build-time variables that are
accessed like regular environment variables in the `RUN` instruction of the
Dockerfile. Also, these values don't persist in the intermediate or final images
2020-03-15 10:11:43 -04:00
like `ENV` values do. You must add `--build-arg` for each build argument.
2014-11-14 13:59:14 -05:00
2016-05-23 10:01:59 -04:00
Using this flag will not alter the output you see when the `ARG` lines from the
Dockerfile are echoed during the build process.
2014-11-14 13:59:14 -05:00
For detailed information on using `ARG` and `ENV` instructions, see the
2022-06-27 05:51:41 -04:00
[Dockerfile reference ](https://docs.docker.com/engine/reference/builder/ ).
2015-11-09 04:11:10 -05:00
2018-04-12 04:58:13 -04:00
You may also use the `--build-arg` flag without a value, in which case the value
from the local environment will be propagated into the Docker container being
built:
2021-08-21 08:54:14 -04:00
```console
2018-04-12 04:58:13 -04:00
$ export HTTP_PROXY=http://10.20.30.2:1234
$ docker build --build-arg HTTP_PROXY .
```
2023-01-06 11:26:24 -05:00
This is similar to how `docker run -e` works. Refer to the [`docker run` documentation ](run.md#env )
2018-04-12 04:58:13 -04:00
for more information.
2022-03-30 06:42:26 -04:00
### <a name=security-opt></a> Optional security options (--security-opt)
2016-06-07 15:15:50 -04:00
2016-10-19 13:25:45 -04:00
This flag is only supported on a daemon running on Windows, and only supports
2016-06-07 15:15:50 -04:00
the `credentialspec` option. The `credentialspec` must be in the format
2016-10-19 13:25:45 -04:00
`file://spec.txt` or `registry://keyname` .
2016-06-07 15:15:50 -04:00
2022-03-30 06:42:26 -04:00
### <a name=isolation></a> Specify isolation technology for container (--isolation)
2015-11-09 04:11:10 -05:00
This option is useful in situations where you are running Docker containers on
Windows. The `--isolation=<value>` option sets a container's isolation
technology. On Linux, the only supported is the `default` option which uses
Linux namespaces. On Microsoft Windows, you can specify these values:
2022-03-30 06:37:35 -04:00
| Value | Description |
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. |
| `process` | Namespace isolation only. |
| `hyperv` | Hyper-V hypervisor partition-based isolation. |
2015-11-09 04:11:10 -05:00
Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"` .
2016-04-21 12:08:37 -04:00
2022-03-30 06:42:26 -04:00
### <a name=add-host></a> Add entries to container hosts file (--add-host)
2017-01-13 10:01:58 -05:00
You can add other hosts into a container's `/etc/hosts` file by using one or
more `--add-host` flags. This example adds a static address for a host named
`docker` :
$ docker build --add-host=docker:10.180.0.1 .
2016-04-21 12:08:37 -04:00
2022-03-30 06:42:26 -04:00
### <a name=target></a> Specifying target build stage (--target)
2017-05-12 20:12:10 -04:00
When building a Dockerfile with multiple build stages, `--target` can be used to
specify an intermediate build stage by name as a final stage for the resulting
image. Commands after the target stage will be skipped.
2020-03-17 10:01:52 -04:00
```dockerfile
2017-05-12 20:12:10 -04:00
FROM debian AS build-env
2022-03-30 06:37:35 -04:00
# ...
2017-05-12 20:12:10 -04:00
FROM alpine AS production-env
2022-03-30 06:37:35 -04:00
# ...
2017-05-12 20:12:10 -04:00
```
2021-08-21 08:54:14 -04:00
```console
2017-05-12 20:12:10 -04:00
$ docker build -t mybuildimage --target build-env .
```
2022-03-30 06:42:26 -04:00
### <a name=output></a> Custom build outputs (--output)
2019-05-15 14:31:01 -04:00
2022-08-14 15:56:06 -04:00
> **Note**
>
> This feature requires the BuildKit backend. You can either
2022-10-25 05:54:35 -04:00
> [enable BuildKit](https://docs.docker.com/build/buildkit/#getting-started) or
2022-08-14 15:56:06 -04:00
> use the [buildx](https://github.com/docker/buildx) plugin which provides more
> output type options.
2019-05-15 14:31:01 -04:00
By default, a local container image is created from the build result. The
`--output` (or `-o` ) flag allows you to override this behavior, and a specify a
custom exporter. For example, custom exporters allow you to export the build
artifacts as files on the local filesystem instead of a Docker image, which can
be useful for generating local binaries, code generation etc.
The value for `--output` is a CSV-formatted string defining the exporter type
and options. Currently, `local` and `tar` exporters are supported. The `local`
exporter writes the resulting build files to a directory on the client side. The
`tar` exporter is similar but writes the files as a single tarball (`.tar`).
If no type is specified, the value defaults to the output directory of the local
exporter. Use a hyphen (`-`) to write the output tarball to standard output
(`STDOUT`).
The following example builds an image using the current directory (`.`) as build
context, and exports the files to a directory named `out` in the current directory.
If the directory does not exist, Docker creates the directory automatically:
2021-08-21 08:54:14 -04:00
```console
2019-05-15 14:31:01 -04:00
$ docker build -o out .
```
The example above uses the short-hand syntax, omitting the `type` options, and
thus uses the default (`local`) exporter. The example below shows the equivalent
using the long-hand CSV syntax, specifying both `type` and `dest` (destination
path):
2021-08-21 08:54:14 -04:00
```console
2019-05-15 14:31:01 -04:00
$ docker build --output type=local,dest=out .
```
2020-03-15 10:11:43 -04:00
Use the `tar` type to export the files as a `.tar` archive:
2019-05-15 14:31:01 -04:00
2021-08-21 08:54:14 -04:00
```console
2019-05-15 14:31:01 -04:00
$ docker build --output type=tar,dest=out.tar .
```
The example below shows the equivalent when using the short-hand syntax. In this
case, `-` is specified as destination, which automatically selects the `tar` type,
and writes the output tarball to standard output, which is then redirected to
the `out.tar` file:
2021-08-21 08:54:14 -04:00
```console
$ docker build -o - . > out.tar
2019-05-15 14:31:01 -04:00
```
The `--output` option exports all files from the target stage. A common pattern
for exporting only specific files is to do multi-stage builds and to copy the
2022-06-27 05:51:41 -04:00
desired files to a new scratch stage with [`COPY --from` ](https://docs.docker.com/engine/reference/builder/#copy ).
2019-05-15 14:31:01 -04:00
The example `Dockerfile` below uses a separate stage to collect the
build-artifacts for exporting:
2020-03-17 10:01:52 -04:00
```dockerfile
2019-05-15 14:31:01 -04:00
FROM golang AS build-stage
RUN go get -u github.com/LK4D4/vndr
FROM scratch AS export-stage
COPY --from=build-stage /go/bin/vndr /
```
When building the Dockerfile with the `-o` option, only the files from the final
stage are exported to the `out` directory, in this case, the `vndr` binary:
2021-08-21 08:54:14 -04:00
```console
2019-05-15 14:31:01 -04:00
$ docker build -o out .
[+] Building 2.3s (7/7) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 176B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/golang:latest 1.6s
=> [build-stage 1/2] FROM docker.io/library/golang@sha256:2df96417dca0561bf1027742dcc5b446a18957cd28eba6aa79269f23f1846d3f 0.0s
=> => resolve docker.io/library/golang@sha256:2df96417dca0561bf1027742dcc5b446a18957cd28eba6aa79269f23f1846d3f 0.0s
=> CACHED [build-stage 2/2] RUN go get -u github.com/LK4D4/vndr 0.0s
=> [export-stage 1/1] COPY --from=build-stage /go/bin/vndr / 0.2s
=> exporting to client 0.4s
=> => copying files 10.30MB 0.3s
$ ls ./out
vndr
```
2022-08-14 15:56:06 -04:00
### <a name=cache-from></a> Specifying external cache sources (--cache-from)
2020-04-19 11:08:37 -04:00
> **Note**
>
> This feature requires the BuildKit backend. You can either
2022-10-25 05:54:35 -04:00
> [enable BuildKit](https://docs.docker.com/build/buildkit/#getting-started) or
2022-08-14 15:56:06 -04:00
> use the [buildx](https://github.com/docker/buildx) plugin. The previous
> builder has limited support for reusing cache from pre-pulled images.
2019-05-15 14:12:41 -04:00
In addition to local build cache, the builder can reuse the cache generated from
previous builds with the `--cache-from` flag pointing to an image in the registry.
To use an image as a cache source, cache metadata needs to be written into the
image on creation. This can be done by setting `--build-arg BUILDKIT_INLINE_CACHE=1`
when building the image. After that, the built image can be used as a cache source
for subsequent builds.
Upon importing the cache, the builder will only pull the JSON metadata from the
registry and determine possible cache hits based on that information. If there
is a cache hit, the matched layers are pulled into the local environment.
In addition to images, the cache can also be pulled from special cache manifests
generated by [`buildx` ](https://github.com/docker/buildx ) or the BuildKit CLI
(`buildctl`). These manifests (when built with the `type=registry` and `mode=max`
options) allow pulling layer data for intermediate stages in multi-stage builds.
The following example builds an image with inline-cache metadata and pushes it
to a registry, then uses the image as a cache source on another machine:
2021-08-21 08:54:14 -04:00
```console
2019-05-15 14:12:41 -04:00
$ docker build -t myname/myapp --build-arg BUILDKIT_INLINE_CACHE=1 .
$ docker push myname/myapp
```
After pushing the image, the image is used as cache source on another machine.
BuildKit automatically pulls the image from the registry if needed.
2021-08-21 08:54:14 -04:00
On another machine:
```console
2019-05-15 14:12:41 -04:00
$ docker build --cache-from myname/myapp .
```
2022-03-30 06:42:26 -04:00
### <a name=squash></a> Squash an image's layers (--squash) (experimental)
2016-04-21 12:08:37 -04:00
2017-02-13 09:01:03 -05:00
#### Overview
2016-04-21 12:08:37 -04:00
Once the image is built, squash the new layers into a new image with a single
new layer. Squashing does not destroy any existing image, rather it creates a new
2016-12-18 19:55:09 -05:00
image with the content of the squashed layers. This effectively makes it look
2016-04-21 12:08:37 -04:00
like all `Dockerfile` commands were created with a single layer. The build
cache is preserved with this method.
2017-10-24 08:23:04 -04:00
The `--squash` option is an experimental feature, and should not be considered
stable.
2016-04-21 12:08:37 -04:00
2017-10-24 08:23:04 -04:00
Squashing layers can be beneficial if your Dockerfile produces multiple layers
2019-02-07 07:23:13 -05:00
modifying the same files, for example, files that are created in one step, and
2017-10-24 08:23:04 -04:00
removed in another step. For other use-cases, squashing images may actually have
a negative impact on performance; when pulling an image consisting of multiple
layers, layers can be pulled in parallel, and allows sharing layers between
images (saving space).
2019-02-07 07:23:13 -05:00
For most use cases, multi-stage builds are a better alternative, as they give more
2017-10-24 08:23:04 -04:00
fine-grained control over your build, and can take advantage of future
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
Signed-off-by: nkwangleiGIT <nkwanglei@126.com>
2018-05-16 08:16:08 -04:00
optimizations in the builder. Refer to the [use multi-stage builds ](https://docs.docker.com/develop/develop-images/multistage-build/ )
2017-10-24 08:23:04 -04:00
section in the userguide for more information.
#### Known limitations
The `--squash` option has a number of known limitations:
2018-04-12 04:58:13 -04:00
- When squashing layers, the resulting image cannot take advantage of layer
2017-10-24 08:23:04 -04:00
sharing with other images, and may use significantly more space. Sharing the
base image is still supported.
- When using this option you may see significantly more space used due to
storing two copies of the image, one for the build cache with all the cache
2021-07-14 16:15:46 -04:00
layers intact, and one for the squashed version.
2017-10-24 08:23:04 -04:00
- While squashing layers may produce smaller images, it may have a negative
impact on performance, as a single layer takes longer to extract, and
2017-10-31 06:21:09 -04:00
downloading a single layer cannot be parallelized.
2017-10-24 08:23:04 -04:00
- When attempting to squash an image that does not make changes to the
filesystem (for example, the Dockerfile only contains `ENV` instructions),
2019-02-07 07:23:13 -05:00
the squash step will fail (see [issue #33823 ](https://github.com/moby/moby/issues/33823 )).
2017-01-13 10:01:58 -05:00
2017-02-13 09:01:03 -05:00
#### Prerequisites
2020-05-11 11:32:52 -04:00
The example on this page is using experimental mode in Docker 19.03.
Experimental mode can be enabled by using the `--experimental` flag when starting
the Docker daemon or setting `experimental: true` in the `daemon.json` configuration
file.
By default, experimental mode is disabled. To see the current configuration of
the docker daemon, use the `docker version` command and check the `Experimental`
line in the `Engine` section:
```console
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:21:11 2020
OS/Arch: darwin/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:29:16 2020
OS/Arch: linux/amd64
Experimental: true
2017-02-13 09:01:03 -05:00
[...]
```
2020-05-11 11:32:52 -04:00
To enable experimental mode, users need to restart the docker daemon with the
experimental flag enabled.
2017-02-13 09:01:03 -05:00
#### Enable Docker experimental
2020-10-26 13:30:01 -04:00
To enable experimental features, you need to start the Docker daemon with
`--experimental` flag. You can also enable the daemon flag via
`/etc/docker/daemon.json` , for example:
2017-02-13 09:01:03 -05:00
2017-10-24 08:23:04 -04:00
```json
2017-02-13 09:01:03 -05:00
{
"experimental": true
}
```
2017-10-24 08:23:04 -04:00
2017-02-13 09:01:03 -05:00
Then make sure the experimental flag is enabled:
2021-08-21 08:54:14 -04:00
```console
2017-02-13 09:01:03 -05:00
$ docker version -f '{{.Server.Experimental}}'
true
```
#### Build an image with `--squash` argument
The following is an example of docker build with `--squash` argument
2020-03-17 10:01:52 -04:00
```dockerfile
2017-02-13 09:01:03 -05:00
FROM busybox
RUN echo hello > /hello
RUN echo world >> /hello
RUN touch remove_me /remove_me
2020-09-23 06:42:17 -04:00
ENV HELLO=world
2017-02-13 09:01:03 -05:00
RUN rm /remove_me
```
2017-10-24 08:23:04 -04:00
2017-02-13 09:01:03 -05:00
An image named `test` is built with `--squash` argument.
2021-08-21 08:54:14 -04:00
```console
2017-02-13 09:01:03 -05:00
$ docker build --squash -t test .
2021-08-21 08:54:14 -04:00
< ... >
2017-02-13 09:01:03 -05:00
```
2020-05-11 11:32:52 -04:00
If everything is right, the history looks like this:
2017-02-13 09:01:03 -05:00
2021-08-21 08:54:14 -04:00
```console
2018-04-12 04:58:13 -04:00
$ docker history test
2017-02-13 09:01:03 -05:00
IMAGE CREATED CREATED BY SIZE COMMENT
4e10cb5b4cac 3 seconds ago 12 B merge sha256:88a7b0112a41826885df0e7072698006ee8f621c6ab99fca7fe9151d7b599702 to sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb
< missing > 5 minutes ago /bin/sh -c rm /remove_me 0 B
< missing > 5 minutes ago /bin/sh -c #(nop) ENV HELLO=world 0 B
< missing > 5 minutes ago /bin/sh -c touch remove_me /remove_me 0 B
< missing > 5 minutes ago /bin/sh -c echo world >> /hello 0 B
< missing > 6 minutes ago /bin/sh -c echo hello > /hello 0 B
< missing > 7 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B
< missing > 7 weeks ago /bin/sh -c #(nop) ADD file:47ca6e777c36a4cfff 1.113 MB
```
2017-10-24 08:23:04 -04:00
2020-05-11 11:32:52 -04:00
We could find that a layer's name is `<missing>` , and there is a new layer with
COMMENT `merge` .
2017-02-13 09:01:03 -05:00
2020-05-11 11:32:52 -04:00
Test the image, check for `/remove_me` being gone, make sure `hello\nworld` is
in `/hello` , make sure the `HELLO` environment variable's value is `world` .