🔧 chore(docker): overhaul precommit Dockerfile to multi-stage build

samzong · samzong · commit 3640555acae6 · 2025-11-20T15:52:18.000+08:00
Signed-off-by: samzong &lt;samzong.lu@gmail.com&gt;
diff --git a/Dockerfile.precommit b/Dockerfile.precommit
@@ -1,37 +1,118 @@
-FROM golang:1.24
+# =========================================================================
+# Nodejs Stage
+# =========================================================================
+FROM node:20-bookworm-slim AS node_builder
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Install Base env
-RUN apt-get update && apt-get install -y \
-    make \
-    build-essential \
-    pkg-config \
-    python3 \
-    libssl-dev \
-    ca-certificates \
-    python3-pip
+RUN set -eux; \
+    npm install -g markdownlint-cli
 
-# Install Node.js and npm
-RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - && \
-    apt-get install -y nodejs
 
-# Install Rust
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-ENV PATH="/root/.cargo/bin:${PATH}"
+# =========================================================================
+# Golang Stage
+# =========================================================================
+FROM golang:1.24-bookworm AS go_builder
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Markdown
-RUN npm install -g markdownlint-cli
+ARG GOLANGCI_LINT_VERSION=v2.5.0
+ENV PATH=/usr/local/go/bin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
-# Install pre-commit and tools
-RUN pip install --break-system-packages pre-commit
+# ==> Install golangci-lint
+RUN set -eux; \
+    go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}; \
+    mv /go/bin/golangci-lint /usr/local/bin/golangci-lint; \
+    strip --strip-unneeded /usr/local/bin/golangci-lint 2>/dev/null || true
 
-# Yamllint
-RUN pip install --break-system-packages yamllint
 
-# CodeSpell
-RUN pip install --break-system-packages codespell
+# =========================================================================
+# Rust Stage
+# =========================================================================
+FROM rust:bookworm AS rust_builder
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Shellcheck
-RUN pip install --break-system-packages shellcheck-py
+# ==> Install rustfmt
+RUN set -eux; \
+    rustup component add rustfmt 2>/dev/null || true
+ 
 
-# Golangci-lint
-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.5.0
+# =========================================================================
+# Python Stage
+# =========================================================================
+FROM python:3.11-bookworm AS python_builder
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+ENV PRE_COMMIT_HOME=/opt/pre-commit
+
+# ==> Install pre-commit and related tools
+RUN set -eux; \
+    python3 -m venv /opt/py-tools; \
+    /opt/py-tools/bin/pip install --upgrade pip; \
+    /opt/py-tools/bin/pip install --no-cache-dir pre-commit yamllint codespell; \
+    /opt/py-tools/bin/pip cache purge >/dev/null 2>&1 || true; \
+    find /opt/py-tools -type d -name '__pycache__' -prune -exec rm -rf {} +; \
+    find /opt/py-tools -name '*.pyc' -delete; \
+    find /opt/py-tools -type d -name 'tests' -exec rm -rf {} +
+ 
+
+# =========================================================================
+# Final Stage
+# =========================================================================
+FROM python:3.11-bookworm
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+LABEL maintainer="Gemini"
+LABEL description="Slimmed-down pre-commit environment"
+
+ARG APT_MIRROR
+ENV APT_MIRROR=${APT_MIRROR}
+
+# ==> 1. Set environment variables
+ENV LANG=C.UTF-8 \
+    RUSTUP_HOME=/opt/rustup \
+    CARGO_HOME=/opt/cargo \
+    PIP_BREAK_SYSTEM_PACKAGES=1 \
+    PRE_COMMIT_HOME=/opt/pre-commit \
+    NODE_PATH=/usr/local/lib/node_modules \
+    PATH=/usr/local/go/bin:/opt/cargo/bin:/opt/py-tools/bin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+RUN set -eux; \
+    python3 -m venv /opt/py-tools; \
+    /opt/py-tools/bin/pip install --upgrade pip; \
+    /opt/py-tools/bin/pip install --no-cache-dir pre-commit yamllint codespell; \
+    /opt/py-tools/bin/pip cache purge >/dev/null 2>&1 || true; \
+    find /opt/py-tools -type d -name '__pycache__' -prune -exec rm -rf {} +; \
+    find /opt/py-tools -name '*.pyc' -delete
+
+RUN set -eux; \
+    if [ -n "${APT_MIRROR:-}" ]; then \
+      rm -f /etc/apt/sources.list.d/debian.sources; \
+      SEC_MIRROR="${APT_MIRROR/debian/debian-security}"; \
+      echo "deb ${APT_MIRROR} bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list; \
+      echo "deb ${APT_MIRROR} bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list; \
+      echo "deb ${SEC_MIRROR} bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list; \
+    fi
+
+# ==> 2. Install only essential runtime packages
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends --fix-missing \
+        ca-certificates \
+        git \
+        make \
+        gcc \
+        pkg-config \
+        libssl-dev \
+        shellcheck; \
+        rm -rf /var/lib/apt/lists/* /usr/share/doc /usr/share/man /usr/share/info /usr/share/locale /usr/share/zoneinfo
+
+# ==> 3. Copy tools and runtimes from the builder stage
+COPY --from=go_builder /usr/local/go /usr/local/go
+COPY --from=go_builder /usr/local/bin/golangci-lint /usr/local/bin/golangci-lint
+COPY --from=rust_builder /usr/local/rustup /opt/rustup
+COPY --from=rust_builder /usr/local/cargo /opt/cargo
+COPY --from=node_builder /usr/local/bin/node /usr/local/bin/node
+RUN ln -sf /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm
+RUN ln -sf /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
+COPY --from=node_builder /usr/local/lib/node_modules /usr/local/lib/node_modules
+RUN ln -sf /usr/local/lib/node_modules/markdownlint-cli/markdownlint.js /usr/local/bin/markdownlint
+
+WORKDIR /app
