Update best-practices.md (#21045)

mrexodia · web-flow · commit ff09b522683e · 2024-12-03T12:38:00.000Z
## Description

Adding `--no-install-recommends` is a common best practice and can
massively reduce image sizes. Since people copy from this page it is
good to add.
diff --git a/content/manuals/build/building/best-practices.md b/content/manuals/build/building/best-practices.md
@@ -98,7 +98,7 @@ download of base images and dependencies.
 ```dockerfile
 # syntax=docker/dockerfile:1
 FROM ubuntu:24.04
-RUN apt-get -y update && apt-get install -y python
+RUN apt-get -y update && apt-get install -y --no-install-recommends python3
 ```
 
 Also consider [pinning base image versions](#pin-base-image-versions).
@@ -165,7 +165,7 @@ review. Adding a space before a backslash (`\`) helps as well.
 Here’s an example from the [buildpack-deps image](https://github.com/docker-library/buildpack-deps):
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
   bzr \
   cvs \
   git \
@@ -322,7 +322,7 @@ For example, you can chain commands with the `&&` operator, and use
 escape characters to break long commands into multiple lines.
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo
@@ -337,7 +337,7 @@ with a pipeline operator:
 ```dockerfile
 RUN <<EOF
 apt-get update
-apt-get install -y \
+apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo
@@ -356,7 +356,7 @@ Always combine `RUN apt-get update` with `apt-get install` in the same `RUN`
 statement. For example:
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo
@@ -370,7 +370,7 @@ subsequent `apt-get install` instructions to fail. For example, this issue will
 
 FROM ubuntu:22.04
 RUN apt-get update
-RUN apt-get install -y curl
+RUN apt-get install -y --no-install-recommends curl
 ```
 
 After building the image, all layers are in the Docker cache. Suppose you later
@@ -381,7 +381,7 @@ modify `apt-get install` by adding an extra package as shown in the following Do
 
 FROM ubuntu:22.04
 RUN apt-get update
-RUN apt-get install -y curl nginx
+RUN apt-get install -y --no-install-recommends curl nginx
 ```
 
 Docker sees the initial and modified instructions as identical and reuses the
@@ -390,14 +390,14 @@ because the build uses the cached version. Because the `apt-get update` isn't
 run, your build can potentially get an outdated version of the `curl` and
 `nginx` packages.
 
-Using `RUN apt-get update && apt-get install -y` ensures your Dockerfile
+Using `RUN apt-get update && apt-get install -y --no-install-recommends` ensures your Dockerfile
 installs the latest package versions with no further coding or manual
 intervention. This technique is known as cache busting. You can also achieve
 cache busting by specifying a package version. This is known as version pinning.
 For example:
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     package-bar \
     package-baz \
     package-foo=1.3.*
@@ -411,7 +411,7 @@ Below is a well-formed `RUN` instruction that demonstrates all the `apt-get`
 recommendations.
 
 ```dockerfile
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     aufs-tools \
     automake \
     build-essential \
