Running update of your package manager in a single RUN instruction stores the cache index in the file system. This cache
is not needed for the installed software to work properly.
Leaving unnecessary files in Docker image increases its size. The Docker images should be small and only contain necessary data. The cache index is obsolete after installation.
RUN apk update RUN apt-get update RUN aptitude update
Here each line represents an update command for the most popular package managers. Each of them stores the cache index in the newly created layer.
RUN apk update && apk add ... RUN apt-get update && apt-get install ... RUN aptitude update && aptitude install ...
Here in each line after the update, the package installation is executed. However, it happens in single RUN instruction so only one
layer is created. After installing all packages the cleanup of the cache index should be done. For more details please see rule
{rule:docker:S6587}.
Each execution of RUN instruction creates a new layer in Docker. If a single command apt-get update or equivalent is
executed, the cache is stored in the new layer. This increases the size of the final image. Even removing those cache in the next RUN
instruction doesn’t decrease the size of the final image. This overhead is not needed in the Docker image. Updating the cache and installing packages
should be executed in one step (one RUN instruction).