search

openwallet-foundation / acapy

ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments.
https://aca-py.org
Apache License 2.0
419 stars 512 forks source link

Slim down docker images #2310

Open dbluhm opened 1 year ago

dbluhm commented 1 year ago

The current images we're building include utilities like curl, git, less, vim-tiny, etc. I think inclusion of at least some of these utilities is a leftover from von-image days. While these utilities are helpful for debugging, it's generally considered best practice to keep container images minimal to reduce attack surface.

We should remove anything that isn't critical. Some of these utilities may be necessary while fetching and installing dependencies but are not critical after they've been retrieved. In that case, we should split the image into a multipart build so at least the resulting image is minimized.

Might be a good one to tackle alongside changes needed for #2289

dbluhm commented 1 year ago

This isn't an image size issue but just as a matter of interest:

ghcr.io/hyperledger/aries-cloudagent-python   py3.6-indy-1.16.0-0.8.2              268f7e5883d4     627 MB
ghcr.io/hyperledger/aries-cloudagent-python   py3.9-indy-1.16.0-0.8.2              9aaa2cbd5a4b     624 MB
ghcr.io/hyperledger/aries-cloudagent-python   py3.6-0.8.2                          81bfaa69ce92     599 MB
ghcr.io/hyperledger/aries-cloudagent-python   py3.9-0.8.2                          aa86a542de71     595 MB

For comparison, python base image:

docker.io/library/python                      3.9-slim-bullseye                    e95114f5f756     129 MB

My local virtual environment (which does include dev dependencies) is about 300 MB