Merge pull request #5530 from raft-tech/5512-docker-image-size

elipe17 · web-flow · commit 9636cfa991c1 · 2026-01-07T13:46:37.000-06:00
Optimize Docker Image Size
diff --git a/.circleci/deployment/commands.yml b/.circleci/deployment/commands.yml
@@ -141,6 +141,7 @@
       - disable-npm-audit
       - install-nodejs-packages:
           app-dir: tdrs-frontend
+          override-ci-command: npm ci --omit=dev --no-fund
       - get-app-deploy-strategy:
           appname: <<parameters.frontend-appname>>
       - run:
diff --git a/tdrs-backend/.dockerignore b/tdrs-backend/.dockerignore
@@ -0,0 +1,58 @@
+# Git
+.git
+.gitignore
+
+# Python cache and bytecode
+__pycache__
+*.py[cod]
+*$py.class
+*.so
+.Python
+
+# Testing and coverage
+.coverage
+.pytest_cache
+htmlcov/
+.tox/
+.nox/
+coverage.xml
+*.cover
+
+# IDE and editors
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Environment and secrets
+.env
+.env.*
+!.env.example
+
+# Docker files (not needed inside container)
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# Documentation (not needed at runtime)
+docs/
+*.md
+mkdocs.yml
+
+# Test data files
+*.TS06
+ADS.*
+
+# Local development
+vault/
+vault_agent/
+
+# Build artifacts
+*.egg-info/
+dist/
+build/
diff --git a/tdrs-backend/Dockerfile b/tdrs-backend/Dockerfile
@@ -1,5 +1,5 @@
 ARG REGISTRY_OWNER=hhs
-ARG BASE_TAG=v0.0.6
+ARG BASE_TAG=v0.1.0
 
 FROM ghcr.io/${REGISTRY_OWNER}/tdp-backend-base:${BASE_TAG}
 
diff --git a/tdrs-backend/Dockerfile.base b/tdrs-backend/Dockerfile.base
@@ -2,36 +2,66 @@
 # docker buildx create --name mybuilder --driver=docker-container --use
 # docker buildx build -t ghcr.io/raft-tech/tdp-backend-base:dev-02 -f Dockerfile.base . --platform linux/amd64,linux/arm64 --push
 
+# =============================================================================
+# Stage 1: Builder - Install build dependencies and compile Python packages
+# =============================================================================
+FROM python:3.10.8-slim-bullseye AS builder
+
+COPY Pipfile Pipfile.lock /tdpapp/
+WORKDIR /tdpapp/
+
+# Install build dependencies, Python packages, then clean up in a single layer
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        gcc \
+        graphviz \
+        graphviz-dev \
+        libpq-dev \
+        python3-dev \
+        curl \
+        ca-certificates && \
+    pip install --no-cache-dir --upgrade pip pipenv && \
+    # If we can remove the '--dev' we will save 200MB. However, so much depends on it that it is easier to keep it for now.
+    pipenv install --dev --system --deploy && \
+    rm -rf /var/lib/apt/lists/*
+
+# Download PostgreSQL GPG key in builder stage (so curl isn't needed in runtime)
+RUN install -d /pgdg && \
+    curl -o /pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc
+
+# =============================================================================
+# Stage 2: Runtime - Minimal image with only runtime dependencies
+# =============================================================================
 FROM python:3.10.8-slim-bullseye
-ENV PYTHONUNBUFFERED=1
 
 ARG user=tdpuser
 ARG group=tdpuser
 ARG uid=1000
 ARG gid=1000
+
+ENV PYTHONUNBUFFERED=1
 ENV DJANGO_SETTINGS_MODULE=tdpservice.settings.local
 ENV DJANGO_CONFIGURATION=Local
-# Allows docker to cache installed dependencies between builds
-COPY Pipfile Pipfile.lock /tdpapp/
 
 WORKDIR /tdpapp/
 
-# Download latest listing of available packages:
-RUN apt-get -y update
-# Upgrade already installed packages:
-RUN apt-get -y upgrade
-# Install packages:
-RUN apt-get install -y gcc graphviz graphviz-dev libpq-dev python3-dev vim curl ca-certificates
-
-# Postgres client setup
-RUN apt-get update -y && apt-get upgrade -y
-RUN apt --purge remove postgresql postgresql-* && apt install -y postgresql-common curl ca-certificates && install -d /usr/share/postgresql-common/pgdg && \
-curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc && \
-sh -c 'echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list' && \
-apt -y update && apt -y upgrade && apt install postgresql-client-15 -y
-
-# Install pipenv
-RUN pip install --upgrade pip pipenv
-RUN pipenv install --dev --system --deploy
-
-RUN groupadd -g ${gid} ${group} && useradd -u ${uid} -g ${group} -s /bin/sh ${user}
+# Copy PostgreSQL GPG key from builder
+COPY --from=builder /pgdg/apt.postgresql.org.asc /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc
+
+# Install only runtime dependencies and PostgreSQL client in a single layer
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        libpq5 \
+        graphviz \
+        ca-certificates && \
+    echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends postgresql-client-15 && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    groupadd -g ${gid} ${group} && \
+    useradd -u ${uid} -g ${group} -s /bin/sh ${user}
+
+# Copy Python packages from builder stage
+COPY --from=builder /usr/local/lib/python3.10/site-packages /usr/local/lib/python3.10/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
diff --git a/tdrs-frontend/.dockerignore b/tdrs-frontend/.dockerignore
@@ -1,4 +1,53 @@
+# Git
 .git
+.gitignore
+
+# Dependencies (will be installed fresh)
 node_modules
-npm-debug.log
+
+# Build output (will be created fresh)
 build
+dist
+
+# Logs
+npm-debug.log
+yarn-debug.log
+yarn-error.log
+*.log
+
+# Testing
+coverage
+.nyc_output
+cypress/videos
+cypress/screenshots
+pa11y-screenshots
+
+# IDE and editors
+.idea
+.vscode
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Environment files
+.env
+.env.*
+!.env.development
+!.env.production
+
+# Docker files (not needed inside container)
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# Documentation
+*.md
+docs
+
+# Misc
+.eslintcache
+.prettierignore
diff --git a/tdrs-frontend/Dockerfile b/tdrs-frontend/Dockerfile
@@ -1,5 +1,5 @@
 ARG REGISTRY_OWNER=hhs
-ARG BASE_TAG=v0.1.0
+ARG BASE_TAG=v0.2.0
 
 FROM ghcr.io/${REGISTRY_OWNER}/tdp-frontend-base:${BASE_TAG} AS localdev
 
@@ -13,19 +13,19 @@ FROM localdev AS build
 RUN npm run build:development
 
 # ---
-# Stage 2: Serve over nginx
+# Stage 2: Serve over nginx (minimal production image)
 FROM nginx:1.25-alpine AS nginx
 
-# Copy the build folder (from the result of the Stage 1 "build" stage) to the root of nginx (www)
+# Copy only the built static files from build stage
 COPY --from=build /home/node/app/build /usr/share/nginx/html
 
-# To using react router
-# it's necessary to overwrite the default nginx configurations:
-# remove default nginx configuration file, replace with custom conf
-RUN rm /etc/nginx/conf.d/default.conf
-RUN rm /etc/nginx/nginx.conf
+# Copy nginx configuration
 COPY nginx/local/default.conf.template /etc/nginx/default.conf.template
 COPY nginx/local/locations.conf /etc/nginx/locations.conf
-#COPY nginx/local/under_maintenance.html /etc/nginx/under_maintenance.html
 COPY nginx/src/503.html /usr/share/nginx/html/503_.html
 COPY nginx/src/static/ /usr/share/nginx/html/static/
+
+# Remove default nginx config and set up custom config in single layer
+RUN rm -f /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf && \
+    chown -R nginx:nginx /usr/share/nginx/html && \
+    chmod -R 755 /usr/share/nginx/html
diff --git a/tdrs-frontend/Dockerfile.base b/tdrs-frontend/Dockerfile.base
@@ -1,16 +1,9 @@
-
-# Stage 0: Create the app directory, install dependencies, and copy in the source code
+# Base image for frontend builds
+# Note: Chromium/Puppeteer is NOT needed here - pa11y tests run on CI machine directly
 FROM node:16.13-alpine3.14 AS localdev
 
-# Due to M1 issues found here, adding solution:
-# https://stackoverflow.com/questions/69983063/
-RUN apk add chromium
-ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
-    PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
-
 USER node
 
-
 RUN mkdir /home/node/app/ && chown -R node:node /home/node/app
 WORKDIR /home/node/app
 
@@ -19,10 +12,11 @@ WORKDIR /home/node/app
 # when code changes occur
 COPY --chown=node:node package.json package-lock.json ./
 
-# Disable npm audit
-RUN npm set audit false
-# Install npm packages directly from package-lock.json <https://docs.npmjs.com/cli/v8/commands/npm-ci>
-RUN npm ci
+# Install all dependencies (devDependencies needed because @redux-devtools/extension is imported in src/configureStore.js)
+# TODO: Move @redux-devtools/extension to dependencies in package.json, then use --omit=dev to save ~500MB
+RUN npm set audit false && \
+    npm ci --omit=dev --no-fund && \
+    npm cache clean --force
 
 ENV PORT=80
 EXPOSE 80
diff --git a/tdrs-frontend/package-lock.json b/tdrs-frontend/package-lock.json
diff --git a/tdrs-frontend/package.json b/tdrs-frontend/package.json
@@ -15,6 +15,7 @@
     "axios": "^1.7.7",
     "classnames": "^2.5.1",
     "detect-file-encoding-and-language": "^2.4.0",
+    "@faker-js/faker": "^9.2.0",
     "file-type-checker": "^1.1.2",
     "history": "^5.3.0",
     "include-media": "^2.0.0",
@@ -29,14 +30,15 @@
     "react-router-dom": "^6.28.0",
     "react-scripts": "^5.0.1",
     "redux": "^5.0.1",
+    "@redux-devtools/extension": "^3.3.0",
     "redux-thunk": "^3.1.0",
     "seamless-immutable": "^7.1.4",
     "uuid": "^11.0.3"
   },
   "scripts": {
     "start": "SASS_PATH=\"`cd \"./src\";pwd`:./node_modules/@uswds:./node_modules/@uswds/uswds/packages\" react-scripts start",
     "start:ci": "CI=true HOST=localhost BROWSER=none npm run start",
-    "build": "sh -ac '. ./.env.${REACT_APP_ENV}; SASS_PATH=\"`cd \"./src\";pwd`:./node_modules/@uswds:./node_modules/@uswds/uswds/packages\" react-scripts build'",
+    "build": "sh -ac '. ./.env.${REACT_APP_ENV}; DISABLE_ESLINT_PLUGIN=true SASS_PATH=\"`cd \"./src\";pwd`:./node_modules/@uswds:./node_modules/@uswds/uswds/packages\" react-scripts build'",
     "build:development": "REACT_APP_ENV=development npm run build",
     "build:production": "REACT_APP_ENV=production npm run build",
     "test": "NODE_OPTIONS=\"$NODE_OPTIONS --experimental-vm-modules\" react-scripts test",
@@ -68,8 +70,6 @@
     "@badeball/cypress-cucumber-preprocessor": "^21.0.3",
     "@cucumber/pretty-formatter": "^2.2.0",
     "@cypress/webpack-preprocessor": "^6.0.2",
-    "@faker-js/faker": "^9.2.0",
-    "@redux-devtools/extension": "^3.3.0",
     "@testing-library/dom": "^10.4.0",
     "@testing-library/jest-dom": "^6.6.3",
     "@testing-library/react": "^16.0.1",
