Skip to content

feat(docker): optimize image size via multi-stage Bookworm build#149

Open
abstract-333 wants to merge 6 commits intonasa:masterfrom
abstract-333:optimize-docker
Open

feat(docker): optimize image size via multi-stage Bookworm build#149
abstract-333 wants to merge 6 commits intonasa:masterfrom
abstract-333:optimize-docker

Conversation

@abstract-333
Copy link
Copy Markdown

@abstract-333 abstract-333 commented Feb 27, 2026
edited
Loading

Summary

This PR optimizes the Docker configuration for the apod-api. It introduces a multi-stage build process and standardizes the base image to Debian Bookworm, reducing the final image size by 55%.

🛠 Key Changes

1. Base Image Standardization (Bookworm-slim)

I have transitioned the base image from Debian Trixie to python:3.12.10-slim-bookworm.

  • Reasoning: The project specifies a requirement for Python 3.12.10. While the previous environment used 3.12.12 on Trixie, the official 3.12.10 images are built on Bookworm (Debian Stable).
  • Stability: Moving to Bookworm ensures we are using a stable release rather than a testing branch (Trixie), ensuring reliable glibc compatibility for image-processing libraries like Pillow.

2. Multi-Stage Build Implementation

Implemented a two-stage build process to separate the "Builder" environment from the "Runtime" environment:

  • Stage 1 (Builder): Installs uv and compiles the virtual environment. It utilizes Docker cache mounts and bind mounts to speed up dependency installation without bloating the image.
  • Stage 2 (Runtime): Copies only the necessary application code and the pre-built .venv. This strips away build tools, uv binaries, and package caches.

3. Security Hardening

📊 Metrics & Comparison

Metric Previous (Trixie) New (Bookworm Multi-Stage) Change
Image Size 351 MB 158 MB -193 MB (55%)
Python Version 3.12.12 3.12.10 Aligned to Req
OS Environment Trixie (Testing) Bookworm (Stable) Standardized
User Privileges root nonroot Hardened

✅ Validation

  • Build: Successfully built using specific SHA256 digests for deterministic results.
  • Compatibility: Verified that Pillow, Flask, and Gunicorn function correctly on the Bookworm base.
  • Runtime: Confirmed the API responds on port 5000 and verified non-root file permissions.

@abstract-333
feat(docker): optimize image size using multi-stage alpine build
1d15143
@abstract-333
doc: add comments into docker image
cc32230
@abstract-333
feat(docker): reduce image size from 351MB to 150MB via multi-stage B…
7ef624f 
…ookworm build

- Implements multi-stage build to exclude build tools
- Maintains Debian Trixie base for glibc compatibility (Pillow support)
- Adds non-root user for security (referenced from nasa#146)
- Integrates uv with Docker cache mounts for faster builds
@abstract-333
doc: review comments
e248ddb
@abstract-333
fix(docker): add uid 1000 to nonroot user
b9994e0
@abstract-333
refactor: remove unwanted comment
667c130
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abstract-333