Docker Community Forums

Share and learn in the Docker community.

Surprise behaviour of docker build --pull on multi-stage Dockerfile


(Jason Stangroome) #1

I recently ran docker build --pull on a multi-stage Dockerfile which referenced the same base image in two of the FROM directives, e.g.:

FROM ubuntu:latest AS first
RUN printf 'compiling' >/compiled && sleep 900s
# ^^ slow enough that a new ubuntu image could be published in this time
FROM ubuntu:latest AS second
COPY --from=first /compiled /
RUN echo Potentially based on different versions of ubuntu image

When running docker build --pull I saw the following output:

Step 1/5 : FROM ubuntu:latest AS first
latest: Pulling from library/ubuntu
297061f60c36: Pull complete
e9ccef17b516: Pull complete
dbc33716854d: Pull complete
8fe36b178d25: Pull complete
686596545a94: Pull complete
Digest: sha256:1dfb94f13f5c181756b2ed7f174825029aca902c78d0490590b1aaa203abc052
Status: Downloaded newer image for ubuntu:latest
 ---> 0b1edfbffd27
Step 3/5 : FROM ubuntu:latest AS second
latest: Pulling from library/ubuntu
Digest: sha256:1dfb94f13f5c181756b2ed7f174825029aca902c78d0490590b1aaa203abc052
Status: Image is up to date for ubuntu:latest
 ---> 0b1edfbffd27

What is surprising here is that docker build is re-pulling the same image again mid-build. In this particular instance, the image at the registry did not change between steps but I have seen the ubuntu image specifically updated as often as weekly and all it takes is a CI-system build job to coincide with the time the new image is published and there will be inconsistent results.

Admittedly, in the case of this example with ubuntu, the impact of slightly different builds is likely to be minimal, if even noticeable, but other images could have a much bigger impact.

I had expected that docker build would up-front identify the list of unique image IDs referenced in all the FROM directives, pull all those, then begin the build process. I.e. in much the same way that the build context is prepared up-front before beginning the build process.

Should I raise this as a GitHub issue?