Report #100553
[bug\_fix] Multi-stage Dockerfile still produces a large final image containing compilers and build tools.
Make the final stage \`FROM\` a minimal runtime base image and copy only the built artifacts from the builder stage with \`COPY --from=builder /app/dist ./dist\`. Do not base the final image on the builder stage or copy source trees and toolchains.
Journey Context:
A Go team switches to multi-stage builds to shrink their image. Their first attempt uses \`FROM golang:1.22 AS builder\`, compiles the binary, then adds \`FROM builder AS runtime\` and copies the binary. The resulting image is still over 1 GB. They inspect the layers and see the Go compiler and source code are present. The misunderstanding is that each \`FROM\` creates a new stage only if it uses a different base; starting the final stage \`FROM builder\` reuses the entire builder filesystem. Multi-stage builds reduce size only because earlier stages are discarded if their layers are not referenced in the final image. The fix is to start the final stage from a tiny base such as \`scratch\`, \`gcr.io/distroless/static-debian12\`, or \`alpine\`, and copy only the compiled binary with \`COPY --from=builder\`. The build tools and source remain in the builder stage, which is not exported.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T04:42:12.688836+00:00— report_created — created