Minimize docker release image

[jylenhof]

1/ Option used for apt installation are not optimum, so I propose to add option "--no-install-recommends".
When using this option the package "ca-certificates" is not automatically installed (libcurl dependency), but curl commands which downloads from github with https protocol will fail, so add it.

2/ use the openssh-client package instead of ssh which is a metapackage for installing openssh-client and openssh-server.
openssh-server is not needed on a docker container, so this change

3/ use a more tiny package version of vim : vim-tiny instead of vim

For the record :
I am not sure it is a so good idea to install nano and vim in a docker image which contains the visual studio code editor, so another editor. You should probably think about it

[nhooyr]

--no-install-recommends

I'm confused, based on your explanation don't we want to keep things without this? So that ca-certificates is installed automatically?

use the openssh-client package instead of ssh which is a metapackage for installing openssh-client and openssh-server.
openssh-server is not needed on a docker container, so this change

Fair!

use a more tiny package version of vim : vim-tiny instead of vim

Fair enough.

I am not sure it is a so good idea to install nano and vim in a docker image which contains the visual studio code editor, so another editor. You should probably think about it

Yes it's intentional. If code-server has issues, it's very nice to be able to fallback to a terminal editor inside your container. Perhaps we ought to only install nano, just like base debian.

[jylenhof]

For me it is a better approach to use "--no-install-recommends" to install only the package you require, you should let the debian packagement install only the required one to make what you want. Always !

To explain a little bit for what I explain for curl, there's a dependency on libcurl4 with a recommendation on ca-certificates, but it is not an absolute necessity to make it curl working. If you don't do https and use curl, you don't need it... If you want to use curl on https, you could but certificates will not be verified (you need to use -k, --insecure to make it work). If you want to use curl on https and verifiy certificates, you need to have the ca-certificates package installed. So I added the package because you use curl on https site, so found it better.

Rational to use the option in lot of website, here is an example :
https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends
https://runnable.com/blog/9-common-dockerfile-mistakes
https://www.replicated.com/blog/refactoring-a-dockerfile-for-image-size/

I hope to make it clearer

[nhooyr]

If you don't do https and use curl, you don't need it...

The release image is designed more as a somewhat batteries included image for development.

That's why it includes lots of basic default tools that people use.

I think for what you want, a purpose built slim image is the way to go.

#2488

But I will definitely at least incorporate the openssh-client suggestion!

[nhooyr]

I cherry picked your changes as 0f2085b

Thanks again! <3