docker: Update Makefile/README to align with the Cirrus CI setup

docker/Dockerfile

@@ -1,63 +0,0 @@
-# See the file "COPYING" in the main distribution directory for copyright.
-
-# Layer to build Zeek.
-FROM debian:bullseye-slim AS build
-
-# Configure system for build.
-RUN apt-get -q update \
- && apt-get install -q -y --no-install-recommends \
-     bind9 \
-     bison \
-     cmake \
-     flex \
-     g++ \
-     gcc \
-     libfl2 \
-     libfl-dev \
-     libmaxminddb-dev \
-     libpcap-dev \
-     libssl-dev \
-     libz-dev \
-     make \
-     python3-minimal \
-     python3.9-dev \
-     swig \
-     ninja-build \
-     python3-pip \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-# Copy over the Zeek source tree.
-# NOTE: This assumes that we build in the context of the parent directory (the
-# Git checkout root). We e.g., ensure that in the `Makefile` in this directory.
-COPY . /src/zeek
-RUN make -C /src/zeek distclean
-
-ARG CONFFLAGS="--generator=Ninja --build-type=Release"
-
-WORKDIR /src/zeek
-RUN ./configure $CONFFLAGS && ninja -C build install
-
-# Final layer containing all artifacts.
-FROM debian:bullseye-slim AS final
-
-RUN apt-get -q update \
- && apt-get install -q -y --no-install-recommends \
-     ca-certificates \
-     git \
-     libmaxminddb0 \
-     libpython3.9 \
-     libpcap0.8 \
-     libssl1.1 \
-     libz1 \
-     python3-minimal \
-     python3-git \
-     python3-semantic-version \
-     python3-websocket \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-# Copy over Zeek installation.
-COPY --from=build /usr/local/zeek /usr/local/zeek
-ENV PATH "/usr/local/zeek/bin:${PATH}"
-ENV PYTHONPATH "/usr/local/zeek/lib/zeek/python:${PYTHONPATH}"

docker/Makefile

@@ -1,12 +1,30 @@
 # See the file "COPYING" in the main distribution directory for copyright.
 
-VERSION := $$(cat ../VERSION)
+VERSION := $(shell cat ../VERSION)
+DOCKER ?= docker
+BUILD_IMAGE := zeek-builder:$(VERSION)
+BUILD_CONTAINER := zeek-builder-container-$(VERSION)
+ZEEK_IMAGE ?= zeek:$(VERSION)"
+BUILD_DIR ?= build-docker
+ZEEK_CONFIGURE_FLAGS ?= \
+	--build-dir=$(BUILD_DIR) \
+	--generator=Ninja \
+	--build-type=Release \
+	--disable-btest-pcaps \
+	--disable-broker-tests \
+	--disable-cpp-tests
 
 .PHONY: all
 
 all:
-	@docker build -t zeek:$(VERSION) -f Dockerfile ..
-	@docker tag zeek:$(VERSION) zeek:latest
+	-docker rm $(BUILD_CONTAINER)
+	docker build -t $(BUILD_IMAGE) -f builder.Dockerfile .
+	docker run --name $(BUILD_CONTAINER) \
+		-v $(CURDIR)/../:/src/zeek -w /src/zeek \
+		$(BUILD_IMAGE) bash -xeu -c "./configure $(ZEEK_CONFIGURE_FLAGS) && ninja -C $(BUILD_DIR) install"
+	docker commit $(BUILD_CONTAINER) zeek-build
+	docker build -t $(ZEEK_IMAGE) -f final.Dockerfile .
+	docker tag $(ZEEK_IMAGE) zeek:latest
 
 test:
 	@TEST_TAG=zeek:$(VERSION) $(MAKE) -C btest

docker/README

@@ -1,19 +1,28 @@
 Container image for Zeek
 ========================
 
-This directory contains a minimal container image for Zeek. This image is
-published automatically to [DockerHub](https://hub.docker.com/u/zeekurity) for
+This directory allows building a minimal container image for Zeek. This image is
+published automatically to [DockerHub](https://hub.docker.com/u/zeek) for
 releases and for commits on the `master` branch.
 
 - Images for release are published as
-  [`zeekurity/zeek`](https://hub.docker.com/r/zeekurity/zeek) with the `latest`
+  [`zeek/zeek`](https://hub.docker.com/r/zeek/zeek) with the `latest`
   tag pointing to the latest release.
 - Development images for the `master` branch are published as
-  [`zeekurity/zeek-dev`](https://hub.docker.com/r/zeekurity/zeek-dev).
+  [`zeek/zeek-dev`](https://hub.docker.com/r/zeek/zeek-dev).
 
+These images are also pushed to Amazon ECR Public Gallery under
+the [Zeek Project](https://gallery.ecr.aws/zeek).
 
 To run the image execute e.g.,:
 
-    docker run -it zeekurity/zeek
+    docker run -it zeek/zeek
 
 To build the image execute `make` from this directory.
+
+CI
+--
+
+Note, the image build process on Cirrus CI is not using the Makefile,
+but instead open-codes the invocation due to leveraging Cirrus CI caching
+and ccache heavily.