Skip to content

Move rdfind dedup to intermediate aggregator stage, remove from final runtime image#25

Merged
hsbt merged 2 commits intosplit-image-buildfrom
copilot/sub-pr-23-again
Mar 4, 2026
Merged

Move rdfind dedup to intermediate aggregator stage, remove from final runtime image#25
hsbt merged 2 commits intosplit-image-buildfrom
copilot/sub-pr-23-again

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 4, 2026
edited
Loading

rdfind was being installed in the final runtime image solely to run a one-shot hardlink dedup step, unnecessarily increasing the image's attack surface.

Changes

  • New aggregator stage — based on builder-bullseye (which already has rdfind), copies /build-all-ruby/ from all six parallel build group stages and runs the dedup:

    FROM builder-bullseye AS aggregator
COPY --from=ruby-0.x-2.0 /build-all-ruby/ /build-all-ruby/
# ... remaining group stages ...
RUN rdfind -makehardlinks true -makeresultsfile false /build-all-ruby

  • Final stage — replaced six individual COPY --from=ruby-* /build-all-ruby/ lines with a single COPY --from=aggregator, and dropped rdfind from the apt-get install list entirely.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI assigned Copilot and hsbt Mar 4, 2026
Copilot AI mentioned this pull request Mar 4, 2026
Merged
@hsbt
Move rdfind dedup to intermediate aggregator stage, remove from final…
a974825 
… image

Co-authored-by: hsbt <12301+hsbt@users.noreply.github.com>
Copilot AI changed the title [WIP] Update Dockerfile to split into parallel build groups Move rdfind dedup to intermediate aggregator stage, remove from final runtime image Mar 4, 2026
Copilot finished work on behalf of hsbt March 4, 2026 05:37
@hsbt hsbt marked this pull request as ready for review March 4, 2026 05:38
Copilot AI review requested due to automatic review settings March 4, 2026 05:38
@hsbt hsbt merged commit 168e434 into split-image-build Mar 4, 2026
@hsbt hsbt deleted the copilot/sub-pr-23-again branch March 4, 2026 05:38
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces the final runtime container image’s attack surface by moving the one-shot rdfind hardlink deduplication step out of the runtime stage into a new intermediate build stage.

Changes:

  • Added a new aggregator stage (based on builder-bullseye) that merges /build-all-ruby/ outputs from the six Ruby build stages and runs rdfind once there.
  • Removed rdfind from the final runtime image’s apt-get install list.
  • Simplified the final runtime stage to copy /build-all-ruby/ from the aggregator stage instead of copying it repeatedly from each Ruby build stage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@hsbt hsbt

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hsbt