autograph icon indicating copy to clipboard operation
autograph copied to clipboard

Published 20 hours ago verified publisher icon mozilla-services

Slim down Autograph container

Open grahamalama opened this issue 2 years ago • 2 comments

The autograph container is large, which makes pulling it in CI pipelines pretty time consuming. I looked for anything we could do to make it smaller to speed up pulls, and I came up with these "quick wins":

  • build binaries in separate stage and copy to final stage
  • install deb packages with --no-install-recommends
  • remove apt-get lists as a cleanup step
  • add .git directory to .dockerignore

These changes make for a 44% reduction of the size of the compressed container

❯ ls -lah ../ | grep tar
-rw-r--r--@  1 gbeckley  staff   556M Oct 18 18:44 after.tar.gz
-rw-r--r--@  1 gbeckley  staff   998M Oct 18 18:21 before.tar.gz

grahamalama avatar Oct 18 '23 22:10 grahamalama

This passed the integration test, though I noticed some of these in the output on CircleCI:

fatal: not a git repository (or any of the parent directories): .git

I'm guessing that comes from here https://github.com/mozilla-services/autograph/blob/7bc7ab2ce78848cd6a69dc4753990a6d89e02eac/tools/autograph-client/build_test_xpis.sh#L14

Is the SHA itself important here? Maybe there's another value we can provide, or maybe it's not important in a CI setting? If we do need it, maybe we can provide it as a build arg or environment variable.

grahamalama avatar Oct 19 '23 20:10 grahamalama

N.B.: Remote settings does some gnarly stuff for testing. This is not a "guaranteed interface", but it'd be nice not to break it.

hwine avatar Oct 24 '23 22:10 hwine

@grahamalama so, @oskirby updated the dockerfile in similar ways just now. Is there still stuff left on table for us to do?

jmhodges avatar May 03 '24 20:05 jmhodges

(That comment was directed @grahamalama. Edited to be more clear!)

jmhodges avatar May 03 '24 20:05 jmhodges