-
-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use alpine as base for Docker image #1021
base: main
Are you sure you want to change the base?
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
UID and GUID changes would be great, especially for running in Kubernetes with securityContext
values.
# Install ca-certificates for webhooks to work | ||
RUN apt update && apt install ca-certificates -y && rm -rf /var/lib/apt/lists/* | ||
WORKDIR app | ||
FROM alpine:3.12 as runner |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using 3.18 would be a good up-to-date version with plenty of space left in the lifecycle.
Hey! Would it be possible to make the UID/GID changes separately please? I'm unlikely to want to change to alpine any time soon. Historically, there have been issues with the musl allocator performing poorly in multi-threaded environments. I wouldn't say not to building an alpine image in addition however. |
Alpine based images are 35mb while debian:bullseye-20230502-slim is 135mb.
Docker-compose could use postgres:14-alpine for another reduction in size.
Also added UID/GID to the docker-compose. This is a best practice. Otherwise the container will run with whatever user is running docker, which could be root. The Dockerfile was also modified to run with a user/group of 1000/1000 which also seems to be a common practice. (Ideally, the perms would be fixed as part of the entrypoint/cwd at runtime as well, to match the env vars, but I didn't do that)