In Dockerfiles I'm seeing most people using this syntax
RUN apt-get -y update \
&& apt-get install -y libicu-dev
over this one
RUN apt-get -y update
RUN apt-get install -y libicu-dev
For me the first one gets only one line (layer) cached while the second caches both (am I wrong ?) and stops as soon as a command is not successful.
Besides I don't find the first one more readable.
So why would we use the first syntax ?
It is optimisation for docker image layer. I also recommend to read Best practices for writing Dockerfiles
There is also interesting presentation from DockerCon EU 2017.
Lesser the layers, better the image.
Hence, combining commands using && will create a single layer.
Having two RUN will create two layers.
According to the images and layers documentation
Each layer is only a set of differences from the layer before it
So for example 2 layers creating different files would not use more disk space. Especially since Docker 17.05 allows multi-stage builds. However, it still could use more space if the second one is entirely modifying files from the first one.
Following Khapov Igor's comment I found out the real answer to the original question in the best practice doc:
Using
apt-get updatealone in aRUNstatement causes caching issues and subsequentapt-get installinstructions fail.
It's actually more about layer dependencies with previous commands for which results can evolve over time like apt-get update.
That's why they are telling:
Always combine
RUN apt-get updatewithapt-get installin the sameRUNstatement
Each command in a Dockerfile creates another image layer.
Combining commands is a way to end up with less layers overall.
See https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#images-and-layers
This line:
RUN apt-get -y update \
&& apt-get install -y libicu-dev
will create one single docker layer and these lines:
RUN apt-get -y update
RUN apt-get install -y libicu-dev
will create two different layers.
This is the main reason why when you need to install something in your docker machine (ex: via APT) you tend to keep everything in one single line (aka layer)
As the other answers already said, every command generates a layer and it's usually desirable to have the minimum amount of layers per image.
Each layer is only a set of differences from the layer before it. The layers are stacked on top of each other. When you create a new container, you add a new writable layer on top of the underlying layers.
This means that unless you're going to "squash" your image (which translates in using the --squash option during the build), you end up having an image consuming space for nothing.
Example
# Dockerfile
FROM ubuntu
RUN apt-get update
RUN apt-get install -y --no-install-recommends dnsutils
RUN echo $( dig somewhere.nowhere )
RUN apt-get remove --purge dnsutils
RUN rm -rf /var/lib/apt/lists/*
COPY magicalScript.sh /
CMD /magicalScript.sh
In this case you'll have layers containing only overhead:
apt-get update dnsutils installed, dnsutils The problem is that all those layers remain there and consume space for no reason at all.
Why squash is not always a good solution? Because the layers represents a cache as well. And it's extremely useful when you need to perform a lot of builds and you need them to be as fast as possible.
Usually it's good practice to group together operation related the installation of new packages on the OS:
# Dockerfile
FROM ubuntu
RUN useradd docker \
&& mkdir /home/docker \
&& chown docker:docker /home/docker \
&& addgroup docker staff
RUN apt-get update \
&& apt-get install -y --no-install-recommends ed less locales vim-tiny wget ca-certificates fonts-texgyre \
&& rm -rf /var/lib/apt/lists/*
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
&& locale-gen en_US.utf8 \
&& /usr/sbin/update-locale LANG=en_US.UTF-8
CMD ["mySpecialCommand"]
