Conversation
* convert dockerignore from blacklist-based to whitelist * decrease docker build context size significantly * make docker builds less dependent on local state (e.g. local node_modules in submodules) * add script for checking docker build context * add CI tests to monitor if surprisingly large changes are made to the build context
alxndrsn
force-pushed
the
test-docker-context
branch
from
bb9f990 to
5699ebe
Compare
alxndrsn
requested review from
matthew-white
and removed request for
matthew-white
|
Unfortunately generating |
|
Currently, /usr/odk# cat .git
gitdir: ../.git/modules/server |
|
Could we maybe delete it after the build step in the docker file? |
That could be done, but the file itself looks harmless. |
Current statsNote that listed context sizes are less in CI. This is demonstrated in #894.
|
|
@alxndrsn, it looks like you moved test/check-docker-context.sh into its own PR (#894). Does that sound right? I'm in favor of that idea. I don't totally follow the Docker things happening in that script, so it'd probably be better for someone else to review that PR. What do you think about removing the script from this PR? I should be able to review the .dockerignore file at least. |
👍 Currently integral to this PR is checking that the docker context size has not changed significantly. I'll revisit that idea when #894 is merged/rejected, and see how this PR can be simplified. |
|
PR updated to only change |
matthew-white
left a comment
matthew-white
left a comment
There was a problem hiding this comment.
This is looking very close to me!
In the previous round of review, I was mostly thinking about files that were listed that needn't be listed. This time, I did a scan through the three Central repos for files that weren't listed here but maybe need to be.
| # .git directories required for generating version.txt | ||
|
|
||
| !/.git/ |
There was a problem hiding this comment.
I feel like we should include .gitignore files as well. Those could conceivably affect what is logged to version.txt (including whether the Git working directory is clean).
There was a problem hiding this comment.
Actually, now that I say that, if we're no longer copying all files that are committed to the repo, won't version.txt indicate that the working directory isn't clean?
There was a problem hiding this comment.
Great question. I'll investigate. Given the importance of version.txt it would be good to have a test that it's created as expected.
There was a problem hiding this comment.
I don't think version.txt is affected by changes to the git working tree.
PR at #1660
There was a problem hiding this comment.
Which raises the question: should local changes be reflected in version.txt?
There was a problem hiding this comment.
I don't think
version.txtis affected by changes to the git working tree.PR at #1660
I know I was the one to approve that PR, but I thought of it more as a general test of version.txt rather than a test of changes to the git working tree. Does test-images.sh make changes to the working tree before generating version.txt? Or is that what #1662 will do?
Which raises the question: should local changes be reflected in
version.txt?
I'm not 100% sure that local changes are reflected in version.txt. I think they used to be, but I'm not sure what the current status is. It'd be kind of nice if they were, just because it gives us more information on the build. E.g., if a Sentry report comes in for a version marked -dirty, it could be that the error was due to a user changing the code. I'm not sure it's important enough to block this PR though.
| !/client/.browserslistrc | ||
| !/client/.git/ | ||
| !/client/index.html | ||
| !/client/package.json | ||
| !/client/package-lock.json | ||
| !/client/vite.config.js | ||
| !/client/public/ | ||
| !/client/src/ |
There was a problem hiding this comment.
This doesn't include /client/dist/, but is that because those files are built after the ignore step?
There was a problem hiding this comment.
It's intentional - the client /dist directory should be created inside the build container rather than passed in via the docker context.
With the current configuration, anything in the host machine's client/dist directory can end up in the generated image.
This reverts commit 7212663.
There was a problem hiding this comment.
Maybe a merge or rebase is in order? I wouldn't expect to see this file in the diff.
There was a problem hiding this comment.
You should! This PR significantly decreases the number of files in the docker context 🙂
There was a problem hiding this comment.
Very exciting to see those numbers go down!
It looks like test-images.sh is no longer in the diff since the latest merge, so I think this comment can be considered resolved.
3 participants
Update to #361
significantly(most savings would come from excluding .git dirs)To check build context locally, run:
To check against previous
.dockerignore: