docker · mrexodia · Oct 2, 2024
@@ -98,7 +98,7 @@ download of base images and dependencies.
 ```dockerfile
 # syntax=docker/dockerfile:1
 FROM ubuntu:24.04
-RUN apt-get -y update && apt-get install -y python
+RUN apt-get -y update && apt-get install -y --no-install-recommends python3
 ```
 
 Also consider [pinning base image versions](#pin-base-image-versions).
@@ -165,7 +165,7 @@ review. Adding a space before a backslash (`\`) helps as well.
 Here’s an example from the [buildpack-deps image](https://github.com/docker-library/buildpack-deps):
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
   bzr \
   cvs \
   git \
@@ -324,7 +324,7 @@ For example, you can chain commands with the `&&` operator, and use
 use escape characters to break long commands into multiple lines.
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo
@@ -339,7 +339,7 @@ with a pipeline operator:
 ```dockerfile
 RUN <<EOF
 apt-get update
-apt-get install -y \
+apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo
@@ -358,7 +358,7 @@ Always combine `RUN apt-get update` with `apt-get install` in the same `RUN`
 statement. For example:
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo
@@ -372,7 +372,7 @@ subsequent `apt-get install` instructions to fail. For example, this issue will
 
 FROM ubuntu:22.04
 RUN apt-get update
-RUN apt-get install -y curl
+RUN apt-get install -y --no-install-recommends curl
 ```
 
 After building the image, all layers are in the Docker cache. Suppose you later
@@ -383,7 +383,7 @@ modify `apt-get install` by adding an extra package as shown in the following Do
 
 FROM ubuntu:22.04
 RUN apt-get update
-RUN apt-get install -y curl nginx
+RUN apt-get install -y --no-install-recommends curl nginx
 ```
 
 Docker sees the initial and modified instructions as identical and reuses the
@@ -392,14 +392,14 @@ because the build uses the cached version. Because the `apt-get update` isn't
 run, your build can potentially get an outdated version of the `curl` and
 `nginx` packages.
 
-Using `RUN apt-get update && apt-get install -y` ensures your Dockerfile
+Using `RUN apt-get update && apt-get install -y --no-install-recommends` ensures your Dockerfile
 installs the latest package versions with no further coding or manual
 intervention. This technique is known as cache busting. You can also achieve
 cache busting by specifying a package version. This is known as version pinning.
 For example:
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo=1.3.*
@@ -413,7 +413,7 @@ Below is a well-formed `RUN` instruction that demonstrates all the `apt-get`
 recommendations.
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     aufs-tools \
     automake \
     build-essential \