mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix: reduce Kaniko disk usage in Node.js Dockerfiles
All checks were successful
ci/woodpecker/push/orchestrator Pipeline was successful
Details
ci/woodpecker/push/web Pipeline was successful
Details
ci/woodpecker/push/api Pipeline was successful
Details

Browse Source 
- Combine production stage RUN commands into single layers
  (each RUN triggers a full Kaniko filesystem snapshot)
- Remove BuildKit --mount=type=cache for pnpm store
  (Kaniko builds are ephemeral in CI, cache is never reused)
- Remove syntax=docker/dockerfile:1 directive (no longer needed
  without BuildKit cache mounts)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-16 20:21:44 -06:00
parent d2ed1f2817
commit 18e5f6312b
3 changed files with 19 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
apps/web/Dockerfile
View File

@@ -1,6 +1,3 @@
# syntax=docker/dockerfile:1
# Enable BuildKit features for cache mounts
# Base image for all stages
# Uses Debian slim (glibc) for consistency with API/orchestrator and to prevent
# future native addon compatibility issues with Alpine's musl libc.
@@ -27,9 +24,8 @@ COPY packages/ui/package.json ./packages/ui/
COPY packages/config/package.json ./packages/config/
COPY apps/web/package.json ./apps/web/
# Install dependencies with pnpm store cache
RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
pnpm install --frozen-lockfile
# Install dependencies (no cache mount — Kaniko builds are ephemeral in CI)
RUN pnpm install --frozen-lockfile
# ======================
# Builder stage
@@ -79,19 +75,15 @@ RUN mkdir -p ./apps/web/public
# ======================
FROM node:24-slim AS production
# Remove npm (unused in production — we use pnpm) to reduce attack surface
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx
# Install pnpm (needed for pnpm start command)
RUN corepack enable && corepack prepare pnpm@10.27.0 --activate
# Install dumb-init for proper signal handling (static binary from GitHub,
# avoids apt-get which fails under Kaniko with bookworm GPG signature errors)
ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init
RUN chmod 755 /usr/local/bin/dumb-init
# Create non-root user
RUN groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nextjs
# Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot)
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
&& corepack enable && corepack prepare pnpm@10.27.0 --activate \
&& chmod 755 /usr/local/bin/dumb-init \
&& groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nextjs
WORKDIR /app