mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix: reduce Kaniko disk usage in Node.js Dockerfiles
All checks were successful
ci/woodpecker/push/orchestrator Pipeline was successful
Details
ci/woodpecker/push/web Pipeline was successful
Details
ci/woodpecker/push/api Pipeline was successful
Details

Browse Source 
- Combine production stage RUN commands into single layers
  (each RUN triggers a full Kaniko filesystem snapshot)
- Remove BuildKit --mount=type=cache for pnpm store
  (Kaniko builds are ephemeral in CI, cache is never reused)
- Remove syntax=docker/dockerfile:1 directive (no longer needed
  without BuildKit cache mounts)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-16 20:21:44 -06:00
parent d2ed1f2817
commit 18e5f6312b
3 changed files with 19 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apps/orchestrator/Dockerfile
View File

@@ -1,6 +1,3 @@
# syntax=docker/dockerfile:1
# Enable BuildKit features for cache mounts
# Base image for all stages
# Uses Debian slim (glibc) instead of Alpine (musl) for native addon compatibility.
FROM node:24-slim AS base
@@ -26,9 +23,8 @@ COPY packages/config/package.json ./packages/config/
COPY apps/orchestrator/package.json ./apps/orchestrator/
# Install ALL dependencies (not just production)
# This ensures NestJS packages and other required deps are available
RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
pnpm install --frozen-lockfile
# No cache mount — Kaniko builds are ephemeral in CI
RUN pnpm install --frozen-lockfile
# ======================
# Builder stage
@@ -69,16 +65,14 @@ LABEL org.opencontainers.image.vendor="Mosaic Stack"
LABEL org.opencontainers.image.title="Mosaic Orchestrator"
LABEL org.opencontainers.image.description="Agent orchestration service for Mosaic Stack"
# Remove npm (unused in production — we use pnpm) to reduce attack surface
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx
# Install dumb-init for proper signal handling (static binary from GitHub,
# avoids apt-get which fails under Kaniko with bookworm GPG signature errors)
ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init
RUN chmod 755 /usr/local/bin/dumb-init
# Create non-root user
RUN groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nestjs
# Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot)
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
&& chmod 755 /usr/local/bin/dumb-init \
&& groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nestjs
WORKDIR /app