dan/per-13354-pdp-speed-up-docker-build (#294)

danyi1212 · web-flow · commit aab7aeb1ce29 · 2025-11-06T15:55:08.000+02:00
* Add Dockerfile and .dockerignore for improved caching and build efficiency

- Updated Dockerfile to utilize BuildKit cache mounts for cargo, Go modules, and pip installations, optimizing incremental builds.
- Expanded .dockerignore to include additional files and directories for cleaner builds, including Python artifacts, logs, and local development files.

* Update .gitignore to exclude OPA build bundles from version control
diff --git a/.dockerignore b/.dockerignore
@@ -1,17 +1,55 @@
+# Version control
 .git/
-helm/
-.venv/
-.github/
+.gitignore
+
+# Build artifacts
 target/
+.cargo/
 **/*.rs.bk
 **/*.pdb
 Cargo.lock
-.cargo/
-.dockerignore
-.gitignore
+
+# Documentation
 README.md
 docs/
-**/tests/
+*.md
+!requirements.md
+
+# CI/CD and deployment
+.github/
+helm/
+.dockerignore
+
+# Python artifacts
+.venv/
 **/__pycache__/
 **/*.pyc
-**/.DS_Store
+**/*.pyo
+**/.pytest_cache/
+.coverage
+htmlcov/
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Test files
+**/tests/
+**/*_test.rs
+**/*_test.go
+**/test_*.py
+
+# Logs and temp files
+*.log
+tmp/
+temp/
+.tmp/
+
+# Local development
+.env
+.env.local
+*.local
diff --git a/.gitignore b/.gitignore
@@ -161,3 +161,6 @@ Cargo.lock
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
+
+# Remove OPA build bundles (downloaded by build scripts)
+/custom/*
diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,10 @@ WORKDIR /app
 ENV PKGCONFIG_SYSROOTDIR=/
 RUN apk add --no-cache musl-dev openssl-dev zig pkgconf perl make
 
-RUN cargo install --locked cargo-zigbuild cargo-chef
+# Cache cargo installations
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    --mount=type=cache,target=/usr/local/cargo/git \
+    cargo install --locked cargo-zigbuild cargo-chef
 RUN rustup target add x86_64-unknown-linux-musl aarch64-unknown-linux-musl
 
 # (2) nothing changed
@@ -25,17 +28,26 @@ RUN cargo chef prepare --recipe-path recipe.json
 FROM rust_chef AS rust_builder
 COPY --from=rust_planner /app/recipe.json recipe.json
 ENV OPENSSL_DIR=/usr
-RUN cargo chef cook --recipe-path recipe.json --release --zigbuild \
-  --target x86_64-unknown-linux-musl --target aarch64-unknown-linux-musl
-
-# (4) actuall project build for all targets
+# Enable incremental compilation and use cache mounts
+ENV CARGO_INCREMENTAL=1
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    --mount=type=cache,target=/usr/local/cargo/git \
+    --mount=type=cache,target=/app/target \
+    cargo chef cook --recipe-path recipe.json --release --zigbuild \
+    --target x86_64-unknown-linux-musl --target aarch64-unknown-linux-musl
+
+# (4) actual project build for all targets
 # binary renamed to easier copy in runtime stage
 COPY . .
-RUN cargo zigbuild -r --target x86_64-unknown-linux-musl --target aarch64-unknown-linux-musl && \
-  mkdir -p /app/linux/arm64/ && \
-  mkdir -p /app/linux/amd64/ && \
-  cp target/aarch64-unknown-linux-musl/release/pdp-server /app/linux/arm64/pdp && \
-  cp target/x86_64-unknown-linux-musl/release/pdp-server /app/linux/amd64/pdp
+# Use cache mounts for incremental builds - this is the key optimization!
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    --mount=type=cache,target=/usr/local/cargo/git \
+    --mount=type=cache,target=/app/target \
+    cargo zigbuild -r --target x86_64-unknown-linux-musl --target aarch64-unknown-linux-musl && \
+    mkdir -p /app/linux/arm64/ && \
+    mkdir -p /app/linux/amd64/ && \
+    cp target/aarch64-unknown-linux-musl/release/pdp-server /app/linux/arm64/pdp && \
+    cp target/x86_64-unknown-linux-musl/release/pdp-server /app/linux/amd64/pdp
 
 
 # OPA BUILD STAGE -----------------------------------
@@ -46,7 +58,10 @@ FROM golang:bullseye AS opa_build
 COPY custom* /custom
 
 # Build OPA binary if custom_opa.tar.gz is provided
-RUN if [ -f /custom/custom_opa.tar.gz ]; \
+# Use BuildKit cache mounts for Go modules and build cache for MUCH faster incremental builds
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    if [ -f /custom/custom_opa.tar.gz ]; \
   then \
     cd /custom && \
     tar xzf custom_opa.tar.gz && \
@@ -75,9 +90,12 @@ RUN addgroup -S permit -g 1001 && \
 RUN mkdir -p /app/backup && chmod -R 777 /app/backup
 
 # Install necessary libraries and delete SQLite in a single RUN command
-RUN apk update && \
+# Use cache mount for apk to speed up package downloads
+RUN --mount=type=cache,target=/var/cache/apk \
+    ln -s /var/cache/apk /etc/apk/cache && \
+    apk update && \
     apk upgrade && \
-    apk add --no-cache bash build-base libffi-dev libressl-dev musl-dev zlib-dev gcompat wget && \
+    apk add bash build-base libffi-dev libressl-dev musl-dev zlib-dev gcompat wget && \
     apk del sqlite
 
 
@@ -106,8 +124,10 @@ COPY kong_routes.json /config/kong_routes.json
 USER root
 
 # Install python dependencies in one command to optimize layer size
+# Use cache mount for pip to speed up incremental builds
 COPY ./requirements.txt ./requirements.txt
-RUN pip install --upgrade pip setuptools && \
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install --upgrade pip setuptools && \
     pip install -r requirements.txt && \
     python -m pip uninstall -y pip setuptools && \
     rm -r /usr/local/lib/python3.10/ensurepip
