Merge pull request #199 from willroberts/upgrade-node

willroberts · web-flow · commit d93487b4e934 · 2022-10-25T23:00:41.000-04:00
Upgrades Node.js to v18
diff --git a/.github/workflows/build_app.yaml b/.github/workflows/build_app.yaml
@@ -26,7 +26,7 @@ jobs:
     - name: install node.js
       uses: actions/setup-node@v3
       with:
-        node-version: 16
+        node-version: 18
 
     # Caching node_modules saves 50s on builds which don't modify dependencies.
     # Compared to yarn caching, it saves an additional 27 seconds.
diff --git a/.github/workflows/integration_tests.yaml b/.github/workflows/integration_tests.yaml
@@ -19,7 +19,7 @@ on:
 jobs:
   integration_tests:
     runs-on: ubuntu-latest
-    container: node:16
+    container: node:18-slim
     services:
       redis:
         image: redis:6
@@ -31,6 +31,9 @@ jobs:
           POSTGRES_DB: duelyst
 
     steps:
+    - name: install bcrypt dependencies and git
+      run: apt-get update && apt-get -y install python3 make gcc g++ git
+
     - name: check out code
       uses: actions/checkout@v3
 
diff --git a/.github/workflows/lint_coffeescript.yaml b/.github/workflows/lint_coffeescript.yaml
@@ -25,7 +25,7 @@ jobs:
     - name: install node.js
       uses: actions/setup-node@v3
       with:
-        node-version: 16
+        node-version: 18
 
     # Caching node_modules saves 50s on builds which don't modify dependencies.
     # Compared to yarn caching, it saves an additional 27 seconds.
diff --git a/.github/workflows/lint_javascript.yaml b/.github/workflows/lint_javascript.yaml
@@ -34,7 +34,7 @@ jobs:
     - name: install node.js
       uses: actions/setup-node@v3
       with:
-        node-version: 16
+        node-version: 18
 
     # Caching node_modules saves 50s on builds which don't modify dependencies.
     # Compared to yarn caching, it saves an additional 27 seconds.
diff --git a/.github/workflows/unit_tests.yaml b/.github/workflows/unit_tests.yaml
@@ -29,7 +29,7 @@ jobs:
     - name: install node.js
       uses: actions/setup-node@v3
       with:
-        node-version: 16
+        node-version: 18
 
     # Caching node_modules saves 50s on builds which don't modify dependencies.
     # Compared to yarn caching, it saves an additional 27 seconds.
diff --git a/desktop/package.json b/desktop/package.json
@@ -2,7 +2,7 @@
   "name": "duelyst-desktop",
   "productName": "Duelyst",
   "license": "CC0-1.0",
-  "version": "1.97.6",
+  "version": "1.97.7",
   "main": "desktop.js",
   "dependencies": {
     "electron-debug": "^2.0.0",
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,7 +1,7 @@
 version: "3.9"
 
 x-base-service: &base
-  image: node:16-alpine
+  image: node:18-slim
   entrypoint: sh
   working_dir: /app
   volumes:
diff --git a/docker/nodejs.Dockerfile b/docker/nodejs.Dockerfile
@@ -1,15 +1,14 @@
-# This image is 114MB vs. 856MB for node:lts.
-FROM node:16-alpine
+# Slim images are based on Debian, but with a smaller size footprint.
+FROM node:18-slim
+
+# Install bcrypt dependencies and git.
+# TODO: Isolate bcrypt dependencies to API images only.
+RUN apt-get update && apt-get -y install python3 make gcc g++ git
 
 # Work around boneskull/yargs dependency using the deprecated git protocol.
-RUN apk add git
 RUN git config --global url."https://github.com/".insteadOf git@github.com:
 RUN git config --global url."https://".insteadOf git://
 
-# Add Python and other build utils for bcrypt.
-# TODO: Put this into an intermediate layer to reduce Game/Migrate/SP image size.
-RUN apk add python3 make gcc g++
-
 # Include Node.js dependencies in the image.
 WORKDIR /duelyst
 COPY package.json /duelyst/
diff --git a/docker/start.sh b/docker/start.sh
@@ -1,15 +1,15 @@
 #!/usr/bin/env bash
 
+# Install bcrypt dependencies and git.
+# TODO: Isolate bcrypt dependencies to API images only.
+apt-get update && apt-get install -y python3 make gcc g++ git
+
 # Work around boneskull/yargs dependency using the deprecated git protocol.
-apk add git
 git config --global url."https://github.com/".insteadOf git@github.com:
 git config --global url."https://".insteadOf git://
 
-# Install node-gyp dependencies for bcrypt in API and worker
-apk add python3 make gcc g++
-
 # Install dependencies.
-yarn install --production
+yarn install --production && yarn cache clean
 
 # Use exec to take over the PID from the shell, enabling signal handling.
 exec yarn $1
diff --git a/docs/DOCKER.md b/docs/DOCKER.md
@@ -34,3 +34,57 @@ Tag and publish a container image:
 # <repo> is your AWS ECR repository name
 scripts/publish_container.sh <service> <version> <registry> <repo>
 ```
+
+## Notes on Image Sizes
+
+There are a few strategies we use to keep image sizes small:
+
+1. Use an alternative base image, i.e. `node:18-slim` instead of `node:18`
+2. Avoid installing Node.js `devDependencies` in container builds
+3. Purge the Yarn cache from container builds
+
+#### Comparison of Base Images
+
+Sizes of Docker images built by `scripts/build_container.sh`:
+
+| Service | Image          | Size    | ECR Size | 50 GB Limit |
+|---------|----------------|---------|----------|-------------|
+| Node.js | node:18        | 942 MB  | N/A      | N/A         |
+| Node.js | node:18-slim   | 234 MB  | N/A      | N/A         |
+| Node.js | node:18-alpine | 165 MB  | N/A      | N/A         |
+| Node.js | node:16        | 858 MB  | N/A      | N/A         |
+| Node.js | node:16-slim   | 174 MB  | N/A      | N/A         |
+| Node.js | node:16-alpine | 114 MB  | N/A      | N/A         |
+| API     | node:18        | 1170 MB | 425 MB   | 117 / 23 ea |
+| API     | node:18-slim   | 767 MB  | 254 MB   | 196 / 39 ea |
+| API     | node:18-alpine | 626 MB  | 187 MB   | 267 / 53 ea |
+| API     | node:16        | 1040 MB | 396 MB   | 126 / 25 ea |
+| API     | node:16-slim   | 615 MB  | 214 MB   | 233 / 46 ea |
+| API     | node:16-alpine | 530 MB  | 169 MB   | 295 / 59 ea |
+
+Image sizes reported by `docker image ls` include all layers, and are much
+higher than the image sizes reported by ECR. ECR gives us 50 GB of storage
+for free, so the 50 GB Limit column shows how many total images we can store
+for each image, and how many we can store for each of the five services we
+build.
+
+The `-alpine` images pull Node.js builds from unofficial-builds.nodejs.org,
+while the default and `-slim` images pull official builds from nodejs.org.
+While the `-slim` images are 25-35% larger than the `-alpine` images, they're
+still small enough to allow us to store several dozen versions in ECR before we
+start to approach the 50 GB ECR limit. Additionally, the `-slim` images are
+based on Debian, which comes with a more familiar toolchain.
+
+Similarly, Node.js v18 images are 10-20% larger than Node.js v16 images, but we
+may be able to get some of this size back by replacing Mocha, Axios, and other
+dependencies with their new native counterparts in Node.js v18.
+
+#### Regarding `bcrypt`
+
+We could further reduce image sizes by removing the `bcrypt` dependencies from
+the base image layer. These currently include `python3`, `make`, `gcc`, and
+`g++`. The `bcrypt` dependency is only used by the API service, during the
+login flow in `server/routes/session.coffee`. One option here could be to move
+authentication flows (such as JWT signing, granting, and validation) to their
+own microservice to isolate this dependency, reducing the image size of all
+other services.
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "open-duelyst",
   "license": "CC0-1.0",
-  "version": "1.97.6",
+  "version": "1.97.7",
   "engines": {
     "yarn": ">= 1.0.0"
   },
diff --git a/version.json b/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "1.97.6"
+  "version": "1.97.7"
 }
