Drone

Allow docker build without `--rm` flag

I notice in the source for the drone plugin, docker build is always run with the --rm flag.

I have docker files that are structured to utilize layer caching where possible, with things like:

FROM golang:1.13 as builder
WORKDIR /app
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY . .
RUN go build -o myApp ./

If run repeatedly on the same agent, I would hope that the module downloading would take advantage of the docker layer cache, and it does if I run docker build myself. But in drone, the --rm flag causes docker to clean up the intermediate images, and every build takes pretty constant time.

I’d like to have an option to disable that feature. There is already the purge argument to the plugin, and I assumed that would do what I want. Took some digging in the logs to realize purge still doesn’t preserve the intermediate containers.

I’d prefer just re-using the purge flag, but I could see maybe adding a new one if that is problematic. Would you accept a pull request to that effect?

The plugins/docker plugin is using docker-in-docker to build the image with an isolated filesystem, which means the plugin is not using the host machine cache. This particular plugin tries to protect the host machine cache from being mutated which could cause race conditions or present security issues (e.g. user overwrites a well-known docker image in the host cache with a malicious replacement).

Although the plugins/docker plugin is optimized for isolation, one could create a plugin that was optimized for performance and caching. Another option would be to interact directly with the host machine docker daemon, as opposed to using the plugin. See an example at https://docs.drone.io/pipeline/docker/examples/services/docker/

Thanks for the clarification. We already have makefiles that execute the correct commands, so a simple dind+make image seems reasonable.