Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: web docker image optimisation #173

Merged
merged 11 commits into from
Apr 5, 2024
Merged

feat: web docker image optimisation #173

merged 11 commits into from
Apr 5, 2024

Conversation

Abbhiishek
Copy link
Contributor

@Abbhiishek Abbhiishek commented Apr 5, 2024
edited
Loading

User description

Description

Optimized the Dockerfile for the web application by introducing multi-stage builds, improving build efficiency and security.
Added output: "standalone" configuration in next.config.js to support the optimized Docker build process.
Updated docker-compose.yml and docker-compose-test.yml to include web and api services, facilitating easier development and testing.

Fixes #113

Dependencies

Mention any dependencies/packages used

Future Improvements

Mention any improvements to be done in future related to any file/feature

Mentions

Mention and tag the people

Screenshots of relevant screens

Add screenshots of relevant screens

Developer's checklist

  • My PR follows the style guidelines of this project
  • I have performed a self-check on my work

If changes are made in the code:

  • I have followed the coding guidelines
  • My changes in code generate no new warnings
  • My changes are breaking another fix/feature of the project
  • I have added test cases to show that my feature works
  • I have added relevant screenshots in my PR
  • There are no UI/UX issues

Documentation Update

  • This PR requires an update to the documentation at docs.keyshade.xyz
  • I have made the necessary updates to the documentation, or no documentation changes are required.

Type

enhancement, documentation

Description

  • Optimized the Dockerfile for the web application by introducing multi-stage builds, improving build efficiency and security.
  • Added output: "standalone" configuration in next.config.js to support the optimized Docker build process.
  • Updated docker-compose.yml and docker-compose-test.yml to include web and api services, facilitating easier development and testing.

Changes walkthrough

Relevant files
Enhancement
next.config.js
Add Standalone Output Configuration for Next.js                   

apps/web/next.config.js

  • Added output: "standalone" configuration to next.config.js for
    optimized Docker builds.
    		•  +1/-0     
    Dockerfile
    Optimize Web Dockerfile for Efficiency and Security           

    apps/web/Dockerfile

  • Transitioned to multi-stage builds with base, builder, installer, and
    runner stages for optimized image size and security.
  • Introduced turbo and pnpm for efficient dependency management and
    builds.
  • Implemented non-root user nextjs for running the application,
    enhancing security.
  • Adjusted Docker commands to leverage Next.js output file tracing for
    reduced image size.
    		•  +44/-13 
    docker-compose-test.yml
    Extend docker-compose-test with Web and API Services         

    docker-compose-test.yml

  • Added web and api services with build and port configurations for
    testing environment.
    		•  +20/-1   
    docker-compose.yml
    Extend docker-compose with Web and API Services                   

    docker-compose.yml

  • Added web and api services with build and port configurations for
    development environment.
    		•  +20/-0   

    PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    @Abbhiishek
    feat: web docker image optimisation
    9108701 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
    @codiumai-pr-agent-free codiumai-pr-agent-free bot added type: documentation Improvements or additions to documentation type: enhancement New feature or request labels Apr 5, 2024
    @codiumai-pr-agent-free CodiumAI PR-Agent (Free)
    Copy link
    Contributor

    PR Description updated to latest commit (9108701)

    @codiumai-pr-agent-free CodiumAI PR-Agent (Free)
    Copy link
    Contributor

    PR Review

    ⏱️ Estimated effort to review [1-5]

    2, because the changes are mostly around Dockerfile optimizations and configuration adjustments. The complexity is moderate, focusing on build process improvements and does not involve deep application logic changes.

    🧪 Relevant tests

    No

    🔍 Possible issues

    Dockerfile Best Practices: The Dockerfile changes introduce multi-stage builds which is a good practice. However, the RUN apk update commands should ideally be followed by apk upgrade to ensure all packages are up to date. Not doing so might leave the image vulnerable to known issues in older package versions.

    User Permissions: The Dockerfile correctly creates a non-root user for running the application, which is a good security practice. However, ensure that the application running inside the container does not require root-level access for any operations.

    🔒 Security concerns

    No
    ✨ Review tool usage guide:

    Overview:
    The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

    The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

    • When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:
    /review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

    [pr_reviewer]
some_config1=...
some_config2=...

    See the review usage page for a comprehensive guide on using this tool.

    @codiumai-pr-agent-free CodiumAI PR-Agent (Free)
    Copy link
    Contributor

    PR Code Suggestions

    CategorySuggestions                                                                                                                                                       
    Enhancement
    Combine apk add and apk update into a single RUN instruction to reduce image layers.

    To reduce the number of layers and improve the build performance, you can combine the RUN
    apk add --no-cache libc6-compat and RUN apk update commands into a single RUN instruction.
    This not only reduces the image size but also the build time.

    apps/web/Dockerfile [5-6]

    -RUN apk add --no-cache libc6-compat
-RUN apk update
+RUN apk update && apk add --no-cache libc6-compat
    Optimize Next.js build for Docker with output: "standalone".

    Adding the output: "standalone" configuration to your Next.js project optimizes the build
    for Docker by creating a smaller output. This is a good practice for improving the
    efficiency of your Docker images.

    apps/web/next.config.js [4]

    -output: "standalone",
+output: "standalone", // Optimizes the build for Docker deployment
    Best practice
    Use a specific version tag for the base image to ensure consistent builds.

    Consider using a more specific tag than node:20-alpine for the base image to ensure a
    consistent environment across different builds. Using a specific version helps in avoiding
    unexpected breaks due to updates in the base image.

    apps/web/Dockerfile [1]

    -FROM node:20-alpine AS base
+FROM node:20.1.0-alpine AS base
    Use --no-cache with pnpm install to ensure fresh dependencies.

    To avoid potential caching issues and ensure that the most recent packages are used during
    the build, consider adding --no-cache to the pnpm install command. This ensures that the
    latest versions of dependencies are fetched every time the Docker image is built.

    apps/web/Dockerfile [24]

    -RUN pnpm  install
+RUN pnpm install --no-cache
    Security
    Run the application as a non-root user to enhance security.

    To improve the security of your Docker image, consider running the application as a
    non-root user. This can be achieved by creating a user with less privileged access and
    switching to this user before running the application command.

    apps/web/Dockerfile [39]

     USER nextjs
+# Ensure that the application runs as a non-root user for improved security
    ✨ Improve tool usage guide:

    Overview:
    The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

    • When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:
    /improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

    [pr_code_suggestions]
some_config1=...
some_config2=...

    See the improve usage page for a comprehensive guide on using this tool.

    Abbhiishek and others added 2 commits April 5, 2024 10:42
    @Abbhiishek
    fix: executable write permission
    9633c3d 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
    @rajdip-b
    Merge branch 'develop' into dockerbuild
    255469f
    rajdip-b
    rajdip-b requested changes Apr 5, 2024
    View reviewed changes
    apps/web/Dockerfile Outdated Show resolved Hide resolved
    docker-compose-test.yml Outdated Show resolved Hide resolved
    docker-compose.yml Outdated Show resolved Hide resolved
    apps/web/Dockerfile Outdated Show resolved Hide resolved
    @Abbhiishek
    fix: write permission
    1af92f7 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
    @Abbhiishek
    Merge branch 'dockerbuild' of https://github.com/Abbhiishek/keyshade
    158fc7f 
    …into dockerbuild
    @Abbhiishek
    fix: root added as user
    fc75362
    @Abbhiishek
    fix: ignore-scripts
    be98f79
    @Abbhiishek
    fix: default user
    ae60781
    @Abbhiishek
    fix: permission
    078cdba 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
    @rajdip-b
    Copy link
    Member

    rajdip-b commented Apr 5, 2024

    I think this is okay. Because you are using 644. Eitherways there wont be root access so feel there wont be any issue.

    rajdip-b
    rajdip-b requested changes Apr 5, 2024
    View reviewed changes
    Copy link
    Member

    @rajdip-b rajdip-b left a comment

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    image
    I'm getting this error when I try to run the image @Abbhiishek

    @Abbhiishek
    Copy link
    Contributor Author

    image

    it's running by the below command:

    docker build -f apps/web/Dockerfile .

    @rajdip-b
    Copy link
    Member

    rajdip-b commented Apr 5, 2024

    image

    it's running by the below command:

    docker build -f apps/web/Dockerfile .

    Builds are working fine. Running the image is where its getting stuck in docker run.

    @Abbhiishek
    Copy link
    Contributor Author

    image

    @rajdip-b
    Copy link
    Member

    rajdip-b commented Apr 5, 2024
    edited
    Loading

    Hmmmm, thats odd. Can you please list the commands you used for building and running?

    EDIT: can you also include that sharp package?

    @Abbhiishek
    Copy link
    Contributor Author

    i got it i found the issue. will work on this.

    @Abbhiishek
    Copy link
    Contributor Author

    removing --chmod builds and run the container smoothly.

    COPY --from=installer  --chown=nextjs:nodejs /app/apps/web/.next/standalone ./
COPY --from=installer  --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static
COPY --from=installer  --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public

    @Abbhiishek
    fix: docker build run
    c0e7956 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
    @Abbhiishek
    fix: ignore-scripts
    39a1c68 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
    @sonarcloud SonarCloud
    Copy link

    sonarcloud bot commented Apr 5, 2024

    Quality Gate Passed Quality Gate passed

    Issues
    1 New issue
    0 Accepted issues

    Measures
    0 Security Hotspots
    No data about Coverage
    No data about Duplication

    See analysis details on SonarCloud

    @rajdip-b
    Copy link
    Member

    rajdip-b commented Apr 5, 2024

    Awesome! works like a charm

    @rajdip-b rajdip-b merged commit 444286a into keyshade-xyz:develop Apr 5, 2024
    5 checks passed
    @rajdip-b
    Copy link
    Member

    rajdip-b commented Apr 5, 2024

    @Abbhiishek would you be interested in taking up the api dockerfile optimization?

    @Abbhiishek
    Copy link
    Contributor Author

    @Abbhiishek would you be interested in taking up the api dockerfile optimization?

    yep

    kriptonian1 pushed a commit that referenced this pull request Apr 24, 2024
    @Abbhiishek @rajdip-b @kriptonian1
    chore(docker): Optimized web Dockerfile to reduct image size (#173)
    77baabe 
    Signed-off-by: Abhishek kushwaha <abhishekkushwaha1479@gmail.com>
Co-authored-by: Rajdip Bhattacharya <agentR47@gmail.com>
    rajdip-b pushed a commit that referenced this pull request May 12, 2024
    @semantic-release-bot
    chore(release): 1.3.0 [skip ci]
    b53dd7c 
    ## [1.3.0](v1.2.0...v1.3.0) (2024-05-12)

### 🚀 Features

* Add approval support ([#158](#158)) ([e09ae60](e09ae60))
* **api:** Add configuration live update support ([#181](#181)) ([f7d6684](f7d6684))
* **api:** Add feature to export data of a workspace ([#152](#152)) ([46833aa](46833aa))
* **api:** Add Integration support ([#203](#203)) ([f1ae87e](f1ae87e))
* **api:** Add note to [secure] and variable ([#151](#151)) ([2e62351](2e62351))
* **api:** Add OAuth redirection and polished authentication ([#212](#212)) ([d2968bc](d2968bc))
* **api:** Add support for storing and managing variables ([#149](#149)) ([963a8ae](963a8ae))
* **api:** Added GitLab OAuth ([#188](#188)) ([4d3bbe4](4d3bbe4))
* **api:** Added validation for reason field ([#190](#190)) ([90b8ff2](90b8ff2))
* **api:** Create default workspace on user's creation ([#182](#182)) ([3dc0c4c](3dc0c4c))
* **api:** Reading `port` Dynamically ([#170](#170)) ([fd46e3e](fd46e3e))
* **auth:** Add Google OAuth ([#156](#156)) ([cf387ea](cf387ea))
* **web:** Added waitlist ([#168](#168)) ([1084c77](1084c77))
* **web:** Landing revamp ([#165](#165)) ([0bc723b](0bc723b))

### 🐛 Bug Fixes

* **web:** alignment issue in “Collaboration made easy” section ([#178](#178)) ([df5ca75](df5ca75))
* **workspace:** delete duplicate tailwind config ([99d922a](99d922a))

### 📚 Documentation

* add contributor list ([f37569a](f37569a))
* Add integration docs ([#204](#204)) ([406ddb7](406ddb7))
* Added integration docs to gitbook summary ([ab37530](ab37530))
* **api:** Add swagger docs of API key controller ([#167](#167)) ([2910476](2910476))
* **api:** Add swagger docs of User Controller ([#166](#166)) ([fd59522](fd59522))
* fix typo in environment-variables.md ([#163](#163)) ([48294c9](48294c9))
* Remove supabase from docs ([#169](#169)) ([eddbce8](eddbce8))
* **setup:** replace NX with Turbo in setup instructions ([#175](#175)) ([af8a460](af8a460))
* Update README.md ([b59f16b](b59f16b))
* Update running-the-api.md ([177dbbf](177dbbf))
* Update running-the-api.md ([#193](#193)) ([3d5bcac](3d5bcac))

### 🔧 Miscellaneous Chores

* Added lockfile ([60a3b9b](60a3b9b))
* Added lockfile ([6bb512c](6bb512c))
* **api:** Added type inference and runtime validation to `process.env` ([#200](#200)) ([249e07d](249e07d))
* **api:** Fixed prisma script env errors ([#209](#209)) ([8762354](8762354))
* **API:** Refactor authority check functions in API ([#189](#189)) ([e9d710d](e9d710d))
* **api:** Refactor user e2e tests ([b38d45a](b38d45a))
* **ci:** Disabled api stage release ([97877c4](97877c4))
* **ci:** Update stage deployment config ([868a6a1](868a6a1))
* **codecov:** update api-e2e project coverage ([1e90d7e](1e90d7e))
* **dockerfile:** Fixed web dockerfile ([6134bb2](6134bb2))
* **docker:** Optimized web Dockerfile to reduct image size ([#173](#173)) ([444286a](444286a))
* **release:** Downgraded package version ([c173fee](c173fee))
* **release:** Fix failing release ([#213](#213)) ([40f64f3](40f64f3))
* **release:** Install pnpm ([1081bea](1081bea))
* **release:** Updated release commit ([b8958e7](b8958e7))
* **release:** Updated release commit ([e270eb8](e270eb8))
* Update deprecated husky Install command ([#202](#202)) ([e61102c](e61102c))
* Upgrade @million/lint from 0.0.66 to 0.0.73 ([#172](#172)) ([dd43ed9](dd43ed9))
* **web:** Updated fly memory config ([4debc66](4debc66))

### 🔨 Code Refactoring

* **api:** Made events central to workspace ([#159](#159)) ([9bc00ae](9bc00ae))
* **api:** Migrated to cookie based authentication ([#206](#206)) ([ad6911f](ad6911f))
* **monorepo:** Migrate from nx to turbo ([#153](#153)) ([88b4b00](88b4b00))
    @rajdip-b
    Copy link
    Member

    🎉 This PR is included in version 1.3.0 🎉

    The release is available on GitHub release

    Your semantic-release bot 📦🚀

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @rajdip-b rajdip-b rajdip-b approved these changes

    @kriptonian1 kriptonian1 Awaiting requested review from kriptonian1 kriptonian1 is a code owner

    Assignees
    No one assigned
    Labels
    type: documentation Improvements or additions to documentation type: enhancement New feature or request
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.

    Optimize dockerfiles
    2 participants
    @Abbhiishek @rajdip-b