hngopher.com

       [HN Gopher] Show HN: Docker-phobia: Analyze Docker image size wi...
       ___________________________________________________________________
        
       Show HN: Docker-phobia: Analyze Docker image size with a treemap
        
       Author : remorses
       Score  : 58 points
       Date   : 2024-04-28 13:01 UTC (9 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | XiS wrote:
       | Cool, gonna try this soon. Would be great to use in combination
       | with Dive (https://github.com/wagoodman/dive)
        
         | pronik wrote:
         | It says in the README it leverages Dive. Basically it's a
         | visualization for Dive's JSON output, which I'd very much
         | prefer to exist as exactly that -- something I can pipe Dive's
         | JSON into. No need to wrap Dive for that.
        
           | xmorse wrote:
           | Dive doesn't have a JSON output, I had to use the internal
           | API to do it.
        
       | Scipio_Afri wrote:
       | Not using https is bad.
       | 
       | curl -sf http://goblin.run/github.com/remorses/docker-phobia | sh
       | 
       | Also why just include that shell script in the repo and have
       | people curl that?
        
         | Wingy wrote:
         | curl should probably scream when it detects piping unencrypted
         | wan (not local ips) connections to shell, sort of like what
         | openssh does when a host's fingerprint changes
        
           | mr_mitm wrote:
           | How could curl detect where it's piped to?
        
             | take-five wrote:
             | Something like (in Python)
             | 
             | os.isatty(sys.stdout.fileno())
        
               | Zambyte wrote:
               | That doesn't say where it's piped though. It could be
               | redirected to a file, or piped to something harmless like
               | jq.
        
           | adamomada wrote:
           | The shell would have to give the warning
        
         | jijijijij wrote:
         | Lol. This is an hilariously shady instruction. Is this a docker
         | inside joke or something?
        
         | remorses wrote:
         | Goblin is a service that builds a go binary for your platform
         | on the fly and downloads it in PATH. This is a much faster way
         | than setting up Github Actions to build an executable for every
         | possible platform on every release. You can also use go install
         | if you know what you are doing.
        
           | leetrout wrote:
           | > This is a much faster way than setting up Github Actions to
           | build an executable for every possible platform on every
           | release
           | 
           | It's not even that hard. Just use GoReleaser.
           | 
           | https://goreleaser.com/
        
             | xmorse wrote:
             | And then later add a script that downloads the binary from
             | Github releases. Doesn't improve the situation with curl
             | script haters
        
               | KronisLV wrote:
               | I feel like the assumption is that GitHub would be more
               | proactive about stopping malware being distributed from
               | their platform.
        
       | btreecat wrote:
       | I don't remember what this type of visualisation this is called,
       | but I really like it for understanding disk use quickly. When I
       | wish to drill into detail I find a list helps me more but the box
       | layout is usually where I like to start.
       | 
       | Looking forward to trying this.
        
         | xmorse wrote:
         | It's a treemap graph, frontend people use it all the time to
         | analyze a website javascript bundle size, I created this so
         | Docker people can make smaller images more easily
        
       | bertman wrote:
       | Why does this need to pipe a script into bash from a non-github
       | origin?
       | 
       | And in that script, you're actually piping another script from
       | yet another domain (`https://goblin.reaper.im/`), where reaper.im
       | looks like some kind of ad-infested parking domain?
        
         | akshat2602 wrote:
         | Looks like goblin.run is a project that lets you install golang
         | projects without having golang installed. OP should probably
         | preface the installation script with this.
        
           | _joel wrote:
           | or just use, I don't know, docker?
        
             | msm_ wrote:
             | Aren't go binaries statically compiled? Why is anything
             | other than a static binary download and `chmod +x` even
             | needed?
        
               | _joel wrote:
               | sure, for each arch.. or just use the thing that the tool
               | is designed for as the distribution mechanism. A `docker
               | run ...` is one step, not the two you're advocating.
        
         | remorses wrote:
         | You can also install it with go, I updated the readme
         | 
         | go install github.com/remorses/docker-phobia
        
       | cheptsov wrote:
       | Why not just show it per layer and folder via plain text?
        
       | _joel wrote:
       | No thanks, this looks shady as hell.
        
       | willswire wrote:
       | Ran this instead of that scary pipe thru sh command
       | 
       | go install github.com/remorses/docker-phobia@latest
        
       ___________________________________________________________________
       (page generated 2024-04-28 23:01 UTC)