多阶段构建在一个 Dockerfile 中使用多个 FROM 阶段 — 在一个阶段中构建应用程序(带有所有构建工具),然后仅将最终的 artifacts 复制到一个清洁、精简的最终阶段。这产生更小、更安全的生产镜像。
问题:构建工具会使镜像膨胀
Building an app needs build tools (compilers, dev dependencies, SDKs), but the
FINAL image shouldn't include them:
→ they bloat the image (larger size, slower deploys)
→ they increase the attack surface (more software = more vulnerabilities)
→ You want only the built artifact + its runtime in the final image.
