Skip to content

Optimize container size #2245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RamRamez wants to merge 7 commits into
base: staging
Choose a base branch
from
Open

Optimize container size #2245

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c0e3223
optimize dockerfile
RamRamez Oct 25, 2025
1d63d26
test
RamRamez Oct 25, 2025
5a9a712
remove deploy from staging
RamRamez Oct 26, 2025
a3a0c5b
copy build to docker file
RamRamez Oct 26, 2025
cc43b54
remove python and chromium
RamRamez Oct 26, 2025
d88880f
remove tests from build, use JS migrations instead of ts, exclude nee…
RamRamez Oct 27, 2025
5f85f64
fix Redis connection issue
RamRamez Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
node_modules
npm-debug.log
.git
.gitignore
README.md
.env
.env.*
config/*.env
dist
build
coverage
logs
*.log
.DS_Store
.vscode
.idea
*.md
docker-compose*.yml
Dockerfile
.github
.gitlab-ci.yml
.travis.yml
.circleci

4 changes: 2 additions & 2 deletions .github/workflows/staging-pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ jobs:
publish:
needs: run-linters
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: read
packages: write
Expand All @@ -58,11 +57,12 @@ jobs:
with:
push: true
tags: |
ghcr.io/giveth/impact-graph:staging
ghcr.io/giveth/impact-graph:${{ github.sha }}

deploy:
needs: publish
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: SSH and Redeploy
uses: appleboy/ssh-action@v1.0.0
Expand Down
39 changes: 29 additions & 10 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
#https://hub.docker.com/_/node?tab=tags&page=1
FROM node:20.11.0-alpine3.18
# https://hub.docker.com/_/node?tab=tags&page=1
# Build stage
FROM node:20.11.0-alpine3.18 AS builder

WORKDIR /usr/src/app


COPY package*.json ./
COPY patches ./patches
COPY tsconfig.json .


RUN apk add --update alpine-sdk
RUN apk add git python3
RUN apk add --no-cache chromium --repository=http://dl-cdn.alpinelinux.org/alpine/v3.18/main
RUN npm ci
RUN npm i -g ts-node
# Combine RUN commands to reduce layers
RUN apk add --update --no-cache \
alpine-sdk \
git \
python3 \
chromium --repository=http://dl-cdn.alpinelinux.org/alpine/v3.18/main && \
npm ci && \
npm i -g ts-node

# When building docker images, docker caches the steps, so it's better to put the lines that would have lots of changes
# last, then when changing these steps the previous steps would use cache and move forward fast
Expand All @@ -22,4 +24,21 @@ COPY src ./src
COPY test ./test
COPY migration ./migration

RUN npm run build
RUN npm run build && npm prune --omit=dev

# Production stage
FROM node:20.11.0-alpine3.18

WORKDIR /usr/src/app

ENV NODE_ENV=production

# Add non-root user for security before copying files with ownership
RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001

# Copy built files from builder stage (assign ownership to non-root user)
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/node_modules ./node_modules
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/build ./build
COPY --chown=nodejs:nodejs migration ./migration
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Missing --from=builder flag on line 42.

Lines 40–41 correctly copy artifacts from the builder stage using --from=builder, but line 42 omits this flag. The migration directory will be copied from the build context instead of the builder stage, which is inconsistent and likely incorrect.

Apply this diff to fix the COPY instruction:

-COPY --chown=nodejs:nodejs migration ./migration
+COPY --from=builder --chown=nodejs:nodejs /usr/src/app/migration ./migration
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Add non-root user for security before copying files with ownership
RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001
# Copy built files from builder stage (assign ownership to non-root user)
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/node_modules ./node_modules
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/build ./build
COPY --chown=nodejs:nodejs migration ./migration
# Add non-root user for security before copying files with ownership
RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001
# Copy built files from builder stage (assign ownership to non-root user)
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/node_modules ./node_modules
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/build ./build
COPY --from=builder --chown=nodejs:nodejs /usr/src/app/migration ./migration
🤖 Prompt for AI Agents 
In Dockerfile around lines 36 to 42, the COPY for the migration directory is
missing the --from=builder flag so it pulls from the build context instead of
the builder stage; change the COPY to pull migration from the builder stage and
preserve ownership (i.e., use COPY --from=builder --chown=nodejs:nodejs
/usr/src/app/migration ./migration).


USER nodejs