Open Zoey2936 opened 10 months ago
Hi,
Debian based images get very big with only installing a few decencies, so I think a good Docker image should be based on alpine as default or at least provide an alpine variant.
Unfortunately we don't have enough resources to also support an alpine image and we prefer to not change the current behaviour that seems to work well.
Also, it would be nice if there would be just a :production or :latest image to always get the latest version instead of checking if after a new Debian version is released, the tag of this docker image is changed.
Agreed, I don't remember why I added this suffix.
Also, I daily check for updates of Docker image and since :production-bookworm only contains the latest version, I don't understand why it gets daily pushed, even if there are no changes on the master branch.
To use the latest Debian dependencies (security patches etc).
And I wanted to ask why the Debian image contains openssl python3 ca-certificates gnupg build-essential curl git, since they are mentioned in no install docs of PeerTube and PeerTube also works without them.
I think we can try to remove ca-certificates gnupg gosu build-essential curl git
Then the entrypoint uses gosu, why not simply su? It does the same and is preinstalled?
gosu has some differences with su: https://github.com/tianon/gosu#why
And also for the entrypoint, why running find /config ! -user peertube -exec chown peertube:peertube {} \; || true and not chown -R peertube:peertube /config?
See https://github.com/Chocobozzz/PeerTube/pull/1551
And my last suggestion would be to use npm_config_target_platform=linux npm_config_target_arch=x64 / pm_config_target_platform=linux npm_config_target_arch=arm64 to faster build the multiarch image (a few minutes instead of many hours)
I'm sorry but I'm not sure to understand as we still need the Debian ARM64 Docker image no?
Also, I daily check for updates of Docker image and since :production-bookworm only contains the latest version, I don't understand why it gets daily pushed, even if there are no changes on the master branch.
To use the latest Debian dependencies (security patches etc).
Sorry, but I don't understand this point, your node dependencies are pinned and as you don't run apt upgrade and ffmpeg seems nearly the only tool you need to pull from debian, thoose security updates would only effect ffmpwg, I don't see a reason for daily building
And what do you think about the last suggestion I wrote?
you don't run apt upgrade and ffmpeg seems nearly the only tool you need to pull from debian, thoose security updates would only effect ffmpwg, I don't see a reason for daily building
node:18-bookworm-slim
may have been updated and debian may have addressed security patches to openssl ffmpeg python3 ca-certificates gnupg gosu build-essential curl
packages
And what do you think about the last suggestion I wrote?
I edited my message so I think I answered it :)
You can install arm64 node packages in amd64 environment to speed up building and for the other point you csn further pin the base image to node:18.19.0,bookworm-slim and use dependabot to update this tag
Since you are THAT familiar, why don't you just do ALL the things you suggested and then show it to the public? I am sure, everybody here welcomes another helping hand :-) One task less to care about/one optimisation more... that is the spirit of open source.
I've already did that: https://github.com/Zoey2936/PeerTube - but I first want to know what of these changes have a chance of being merged
Describe the problem to be solved
Hello, since I think in the topic of docker, there can be many things improved here, I want to mention them:
Debian based images get very big with only installing a few decencies, so I think a good Docker image should be based on alpine as default or at least provide an alpine variant.
Also, it would be nice if there would be just a :production or :latest image to always get the latest version instead of checking if after a new Debian version is released, the tag of this docker image is changed.
Also, I daily check for updates of Docker image and since :production-bookworm only contains the latest version, I don't understand why it gets daily pushed, even if there are no changes on the master branch.
And I wanted to ask why the Debian image contains
openssl python3 ca-certificates gnupg build-essential curl git
, since they are mentioned in no install docs of PeerTube and PeerTube also works without them.Then the entrypoint uses gosu, why not simply su? It does the same and is preinstalled? And also for the entrypoint, why running
find /config ! -user peertube -exec chown peertube:peertube {} \; || true
and notchown -R peertube:peertube /config
?And my last suggestion would be to use
npm_config_target_platform=linux npm_config_target_arch=x64
/pm_config_target_platform=linux npm_config_target_arch=arm64
to faster build the multiarch image (a few minutes instead of many hours)Describe the solution you would like
Chaning this mentioned things (I can create a PR)