Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trimming the size of the Docker image #243

Closed
jamietanna opened this issue Dec 7, 2022 · 4 comments
Closed

Trimming the size of the Docker image #243

jamietanna opened this issue Dec 7, 2022 · 4 comments

Comments

@jamietanna
Copy link
Contributor

jamietanna commented Dec 7, 2022
edited

I was looking into some container scans against this image - raised by a vendor tool we use to scan all our images - and noticed that there were several findings for things like Go and Java, which I was surprised as I wouldn't expect Java to be installed in the image.

Digging into whitesource/renovate:2.6.0, I noticed that:

du -sh /opt/buildpack/*
12K	/opt/buildpack/env.d
168K	/opt/buildpack/ssl
2.4G	/opt/buildpack/tools
64K	/opt/buildpack/versions
du -sh /opt/buildpack/tools/*
2.7M	/opt/buildpack/tools/composer
493M	/opt/buildpack/tools/dotnet
12M	/opt/buildpack/tools/elixir
160M	/opt/buildpack/tools/erlang
477M	/opt/buildpack/tools/golang
129M	/opt/buildpack/tools/gradle
43M	/opt/buildpack/tools/helm
308M	/opt/buildpack/tools/java
150M	/opt/buildpack/tools/lerna
104M	/opt/buildpack/tools/node
17M	/opt/buildpack/tools/npm
147M	/opt/buildpack/tools/php
15M	/opt/buildpack/tools/pnpm
315M	/opt/buildpack/tools/python
5.2M	/opt/buildpack/tools/yarn

It may be possible to trim this considerably to remove the CVEs raised by this, as well as drastically trim the size of the built image, if we were to remove some of the tools in there that we don't use?
@jamietanna
Copy link
Contributor Author

Interestingly though, these changes:

FROM whitesource/renovate:2.6.0 as renovate

USER root

# https://github.com/mend/renovate-on-prem/issues/243
RUN rm -rf /opt/buildpack/tools/{composer,dotnet,elixir,erlang,golang,gradle,helm,java,lerna,npm,php,pnpm,python,yarn} && rm -rf /opt/buildpack/versions/{composer,dotnet,elixir,erlang,golang,gradle,helm,java,lerna,npm,php,pnpm,python,yarn}

USER ubuntu

# ...

Don't appear to make any difference to the image size 🤔

@jamietanna
Copy link
Contributor Author

Oh actually, these are probably needed to i.e. bundle install after updating dependencies right? So removing these would break Renovate making changes? 😁

@rarkins
Copy link
Member

rarkins commented Dec 8, 2022

The reason you're not seeing space savings is due to the way Docker layers work.

But yes if you remove those tools then you're possibly breaking yourself if you need them

@rarkins
Copy link
Member

rarkins commented Dec 8, 2022

Please prefer discussions in future unless you have a bug

@rarkins rarkins closed this as not planned Won't fix, can't repro, duplicate, stale Dec 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamietanna @rarkins