Lock dependencies and reduce final docker image size (fixes markdownlint CI runs)
#71
Conversation
… and locked it to a specific version Note: `markdownlint-cli2:0.4.0` broke our entire CI, hence why we're using an older version here. This also means that the final CI container no longer contains `npm`, but just `nodejs`.
…er layer This ensures: * `cs2pr` is installed (with all its dependencies) according to `composer.lock` * we can upgrade `composer.lock` in an automated way, in future * we don't pollute composer installation caches with artifacts coming from CI binaries (which would bloat final image)
…es: committing to local repo While it is true that `problem-matcher.json` will change in future, we want to be able to run a `docker build` without cache-slamming our layers for tiny remote file changes all the time, and maintaining the `problem-matcher.json` ourselves is no big deal (as long as we have the original file references).
…` step Previously, each `/setup` script was run sequentially, in a separate `RUN` step of the `Dockerfile`. While that removes some cache slamming problems when developing the image, it is much more efficient to run the whole `apt install` operation in a single docker layer, therefore removing any potential layer shifting that leads to many more layers, and much larger final docker image. In practice, we only expect to change this section rarely, and relying on the built-in `apt` sources is sufficient, for now. For comparison, `ghcr.io/laminas/laminas-continuous-integration:1.15.0` is `1.4Gb` in size, while the new image is `1.1Gb`, shaving off 300Mb of unused dependencies.
|
TIL: |
Ocramius
changed the title
markdownlint CI runs)
I... have an idea about this. I could likely do a pre-install script in the mezzio-swoole repo that unzips the extension If that sounds reasonable to you, I'd argue we should do that as part of this commit or at least part of the same release. As soon as it's done, I can update the mezzio-swoole repo. |
|
We should probably discuss doing that (swoole custom installation) in #72 - for now, this patch should already provide mitigation for current woes |
Unless docker version is ancient, there is a |
Ocramius
deleted the
feature/lock-dependencies-and-reduce-final-image-layer-size
branch
Description
This change attempts to fix an underlying design issue with this image, since we were using:
composer global requirenpm install -gBoth of the above lead to massive downstream problems, because dependencies keep shifting all the time. This change makes sure that all installed dependencies are fairly locked (
package-lock.jsonandcomposer.lock), and cleaned up some multi-stage build issues in the process.Specifically:
setup.shscripts, which made builds much slower, and produced multiple wasteful layersmarkdownlintto its own build stage, to prevent polluting final image withnpmartifacts/cachescs2prto its own build stage, to prevent polluting final image withcomposerartifacts/cachesIt is endorsed to run
DOCKER_BUILDKIT=1 docker build, when using this locally, or else multi-stage builds will never cache intermediate layers properly.