Multi-stage builds jużaw multipli stagi FROM f'Dockerfile wieħed — ibina l-applikazzjoni f'stagi wieħed (b'tools ta' build kollha) u kopja biss l-artifacts finali f'stagi finali nadif u minimu. Dan jipproduċi immaġini tal-produzzjoni ħafna iżgħar u aktar siguri.
Il-problema: build tools jiskaldaw l-immaġini
Building an app needs build tools (compilers, dev dependencies, SDKs), but the
FINAL image shouldn't include them:
→ they bloat the image (larger size, slower deploys)
→ they increase the attack surface (more software = more vulnerabilities)
→ You want only the built artifact + its runtime in the final image.
