#"deleting" files from a layer

So we have a package we install (gcloud/gsutil) that pulls in a bunch of cruft (like their docs files) which includes a requirements.txt with a dependency having a high CVE score. Was asked if we could "delete" that file, and came here to confirm my understanding

1. "deletes" are not real, the files still exist in prior layers
2. The dagger way to do this is to install the packages in another container and then copy the files into our runtime image
3. directory.Diff() will be helpful in finding the files added in a layer, which we can then use for a copy with include/exclude

Yes, I think you can do something like that

    ctr := dag.Container().From("alpine")

    ctrWithGcloud := ctr.
        WithFile("/opt/google-cloud-cli-linux-x86_64.tar.gz",
            dag.HTTP("https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz")).
        WithWorkdir("/opt").
        WithExec([]string{"tar", "-xzf", "google-cloud-cli-linux-x86_64.tar.gz"})

    gcloudFiles := ctr.
        Directory("/").
        Diff(ctrWithGcloud.Directory("/"))

    ctr = ctr.WithDirectory("/", gcloudFiles, dagger.ContainerWithDirectoryOpts{
        Exclude: []string{"opt/google-cloud-cli-linux-x86_64.tar.gz"},
    })

This is a very basic version, but the final container contains the uncompressed folder of gcloud but not the archive, and the archive is not present in a prior layer.

We install gcloud via yum, so it's putting files into more system directories

I believe I can hold on to a reference before / after, diff, and then add the new layer with the filtered diff to the before layer to make the clean layer

one might call it a "small detour" during installation

Our INV system paying itself back. We do all the gcloud stuff in a script that lives in the CUE, which Dagger runs within an Exec

for context, this is how we allow different teams/services to add extra stuff to their containers build by our custom wrapper around the Dagger Go SDK