feat : use --no-cache-dir flag to pip in dockerfiles to save space

wapiti-scanner / wapiti

Web vulnerability scanner written in Python3

https://github.com/wapiti-scanner/wapiti

GNU General Public License v2.0

1.15k stars 176 forks source link

feat : use --no-cache-dir flag to pip in dockerfiles to save space #566

Closed Rajpratik71 closed 5 months ago

Rajpratik71 commented 6 months ago

using the "--no-cache-dir" flag in pip install, make sure downloaded packages by pip don't cache on the system. This is a best practice that makes sure to fetch from a repo instead of using a local cached one. Further, in the case of Docker Containers, by restricting caching, we can reduce image size. In terms of stats, it depends upon the number of python packages multiplied by their respective size. e.g for heavy packages with a lot of dependencies it reduces a lot by don't cache pip packages.

Further, more detailed information can be found at

https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6

codecov[bot] commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 79.47%. Comparing base (206d6ec) to head (c80f03a). Report is 4 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #566 +/- ## ========================================== + Coverage 79.36% 79.47% +0.11% ========================================== Files 113 114 +1 Lines 9323 9501 +178 ========================================== + Hits 7399 7551 +152 - Misses 1924 1950 +26 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

Slokilla commented 6 months ago

Hello @Rajpratik71, thanks for contributing. Did you measured the difference of image weight before and after ?

Slokilla commented 6 months ago

Thanks for the correction. I asked you to measure the delta between with and without your changes because you modified multi-stage dockerfiles. As you modify the build stage, I do not think it has any impact on the final image.

Rajpratik71 commented 6 months ago

Thanks for the correction. I asked you to measure the delta between with and without your changes because you modified multi-stage dockerfiles. As you modify the build stage, I do not think it has any impact on the final image.

In all these "Dockerfile", "--no-cache-dir" will help to reduce the overall size of image as one image is being used for other as base image in some cases.

I don't explicitly checked the delta in terms of docker image size but once the build workflow is approved and succeeds I can extract the diff

Qwarctick commented 5 months ago

Disabling the cache is not useful as images use multi-stage builds. The pip cache folder is by default in ~/.cache/pip and is not copied to the final stage.

For the sake of argument, I did the test for the main image (Dockerfile) and there's no difference in size.

The only place it might be useful is for the Dockerfile.test image, as there is no multi-stage. But this image is only used locally. So it's not much of a problem.