18+ experience with InterSystems products, in different sizes of projects, different countries, and different fields except for healthcare.
important note
When you add something and delete during build with Dockerfile, you should remember how docker build works, and do it in one RUN line, if you do COPY/ADD file then delete it in RUN, it will not delete file from the image, it will hide it in the final image. Due to layered nature of Docker images, COPY/ADD/RUN are separated layers, and generates a difference between. So, file still can be exctrated.
And nowdays, the best approach to using binding in RUN
....
RUN \
--mount=type=bind,src=.,dst=/opt/app \
cp /opt/app/iris.key /usr/irissys/mgr/iris.key && \
iris start IRIS && \
....
iris stop IRIS quietly && \
rm -f /usr/irissys/mgr/iris.key
or you can mount it straight to the way where it's expected, and it will not stay in the final image
...
RUN --mount=type=bind,src=/iris.key,dst=/usr/irissys/mgr/iris.key \
iris start IRIS && \
/bin/echo -e 'do ##class(%SYSTEM.License).CKEY() halt' | iris session IRIS -U %SYS && \
iris stop IRIS quietly
I've updated the building process. Now should get updates at least in one day after official release.
And returned ML version, even when there is no official build.
This is how COPY/rm look like in reality
FROM containers.intersystems.com/intersystems/iris:latest-em COPY iris.key /usr/irissys/mgr/iris.key RUN rm -f /usr/irissys/mgr/iris.keyusing dive tool, to inspect docker images
The layer with iris.key is still there, and adds some space into final image