It’s built as a sequence of layers stacked on top of each other.
Append-only
Docker images are append-only. That way, if we remove file it doesn’t remove it from the previous layer.
If simplified:
- Layer A: Add lots of files for the compiler.
- Layer B(→A): Compile some code.
- Layer C(→B→A): Remove the files for the compiler
To download the image we need layers A, B, and C, so we have to download the compiler even though the relevant files aren’t accessible in the final image.
Build cache
Docker builds have a cache. All layers are cached. If any of the layer cache gets invalidated, all subsequent layers need to be rebuilt.
Cache may be invalidated by changes in the files (COPY directives) or by the changes of Dockerfile content.