chore: docker builds optimizations (#1795)

* Auth package dockerfile optimization * Remove libc6-compat * Remove test compose file * Backend dockerfile optimization * Frontend and ASE Dockerfile optimizations * Local HTTP Signatures app docker optimization * [Test] Bump PNPM major version * Use offline mode only for the build step * Test out pnpm v8 * Add --prefer-offline option and revert pnpm to v7 * Try out cache busting * Remove CACHE_BUST arg * Add `prefer-offline` options to all `prod-deps` stage * Remove `--prefer-offline` from auth and backend Dockerfile * Try installing TS globally * Set PNPM_HOME in all docker files * Cache bust * Revert "Cache bust" This reverts commit 7b39c57. * Fetch `httpbis-digest-headers` from registry * Bump `http-signature-utils` version * Do not install TS globally when building prod deps * Make sure that `http-signature-utils` is bumped in every package * Pin alpine version * Cache bust * Revert "Cache bust" This reverts commit 24db14d. * Update pnpm to v8
interledger · Sep 13, 2023 · 05eaadd · 05eaadd
1 parent ddb6687
commit 05eaadd
Show file tree

Hide file tree

Showing 9 changed files with 267 additions and 58 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -7,6 +7,7 @@ infrastructure
 
 .github
 .husky
+Dockerfile
 .dockerignore
 .eslintignore
 .eslintrc.yml

diff --git a/.github/workflows/rafiki/env-setup/action.yml b/.github/workflows/rafiki/env-setup/action.yml
@@ -5,8 +5,6 @@ runs:
   using: "composite"
   steps:
     - uses: pnpm/action-setup@v2
-      with:
-        version: 7
     - uses: actions/setup-node@v3
       with:
         node-version: '18'

diff --git a/localenv/local-http-signatures/Dockerfile b/localenv/local-http-signatures/Dockerfile
@@ -1,21 +1,58 @@
-FROM node:18.13.0-slim as builder
+FROM node:18-alpine3.18 AS base
 
-WORKDIR /workspace
+WORKDIR /home/rafiki
 
-RUN apt update
-RUN apt install -y curl xz-utils python3 build-essential
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 
-# version in curl is not the version used. Dependent on the last command
 RUN corepack enable
-RUN corepack prepare pnpm@7.25.1 --activate
+RUN corepack prepare pnpm@8.7.4 --activate
+RUN apk add --no-cache \
+    python3 \
+    make \
+    g++
 
-# pnpm fetch does require only lockfile
 COPY pnpm-lock.yaml ./
-RUN pnpm fetch
 
-ADD . ./
-RUN pnpm install -r --offline
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm fetch \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
 
+FROM base AS prod-deps
+
+COPY package.json pnpm-workspace.yaml .npmrc ./
+COPY localenv/local-http-signatures/package.json ./localenv/local-http-signatures/package.json
+
+RUN pnpm clean
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --frozen-lockfile \
+    --prod \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
+
+FROM base AS builder   
+
+COPY package.json pnpm-workspace.yaml .npmrc tsconfig.json tsconfig.build.json ./
+COPY openapi ./openapi
+COPY localenv/local-http-signatures ./localenv/local-http-signatures
+
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --prefer-offline \
+    --offline \
+    --frozen-lockfile
 RUN pnpm --filter local-http-signatures build
 
-CMD ["node", "./localenv/local-http-signatures/dist/app.js"]
+FROM node:18-alpine3.18 AS runner
+
+WORKDIR /home/rafiki
+
+COPY --from=prod-deps /home/rafiki/node_modules ./node_modules
+COPY --from=prod-deps /home/rafiki/localenv/local-http-signatures/node_modules ./localenv/local-http-signatures/node_modules
+COPY --from=prod-deps /home/rafiki/localenv/local-http-signatures/package.json ./localenv/local-http-signatures/package.json
+
+COPY --from=builder /home/rafiki/localenv/local-http-signatures/dist ./localenv/local-http-signatures/dist
+
+CMD ["node", "/home/rafiki/localenv/local-http-signatures/dist/app.js"]
diff --git a/localenv/mock-account-servicing-entity/Dockerfile b/localenv/mock-account-servicing-entity/Dockerfile
@@ -1,21 +1,62 @@
-FROM node:18.13.0-slim as builder
+FROM node:18-alpine3.18 AS base
 
-WORKDIR /workspace
+WORKDIR /home/rafiki
 
-RUN apt update
-RUN apt install -y curl xz-utils python3 build-essential
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 
-# version in curl is not the version used. Dependent on the last command
 RUN corepack enable
-RUN corepack prepare pnpm@7.25.1 --activate
+RUN corepack prepare pnpm@8.7.4 --activate
+RUN apk add --no-cache \
+    python3 \
+    make \
+    g++
 
-# pnpm fetch does require only lockfile
 COPY pnpm-lock.yaml ./
-RUN pnpm fetch
 
-ADD . ./
-RUN pnpm install -r --offline
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm fetch \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
 
+FROM base AS prod-deps
+
+COPY package.json pnpm-workspace.yaml .npmrc ./
+COPY localenv/mock-account-servicing-entity/package.json ./localenv/mock-account-servicing-entity/package.json
+
+RUN pnpm clean
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --prefer-offline \
+    --frozen-lockfile \
+    --prod \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
+
+FROM base AS builder   
+
+COPY package.json pnpm-workspace.yaml .npmrc tsconfig.json tsconfig.build.json ./
+COPY localenv/mock-account-servicing-entity ./localenv/mock-account-servicing-entity
+
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --offline \
+    --frozen-lockfile
 RUN pnpm --filter mock-account-servicing-entity build
 
-CMD pnpm --filter mock-account-servicing-entity start
+FROM node:18-alpine3.18 AS runner
+
+WORKDIR /home/rafiki
+
+COPY localenv/cloud-nine-wallet/seed.yml ./localenv/cloud-nine-wallet/seed.yml
+COPY localenv/happy-life-bank/seed.yml ./localenv/happy-life-bank/seed.yml
+
+COPY --from=prod-deps /home/rafiki/node_modules ./node_modules
+COPY --from=prod-deps /home/rafiki/localenv/mock-account-servicing-entity/node_modules ./localenv/mock-account-servicing-entity/node_modules
+COPY --from=prod-deps /home/rafiki/localenv/mock-account-servicing-entity/package.json ./localenv/mock-account-servicing-entity/package.json
+
+COPY --from=builder /home/rafiki/localenv/mock-account-servicing-entity/build ./localenv/mock-account-servicing-entity/build
+COPY --from=builder /home/rafiki/localenv/mock-account-servicing-entity/public ./localenv/mock-account-servicing-entity/public
+
+WORKDIR /home/rafiki/localenv/mock-account-servicing-entity
+CMD ["sh", "./node_modules/.bin/remix-serve", "build"]
diff --git a/localenv/mock-account-servicing-entity/package.json b/localenv/mock-account-servicing-entity/package.json
@@ -8,14 +8,14 @@
   },
   "dependencies": {
     "@apollo/client": "^3.8.3",
+    "@interledger/http-signature-utils": "1.0.4",
     "@remix-run/node": "^1.19.3",
     "@remix-run/react": "^1.19.3",
     "@remix-run/serve": "^1.19.3",
     "@types/node": "^18.7.12",
     "@types/uuid": "^9.0.3",
     "axios": "^1.5.0",
     "graphql": "^16.8.0",
-    "@interledger/http-signature-utils": "1.0.4",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "uuid": "^9.0.1",

diff --git a/package.json b/package.json
@@ -5,8 +5,10 @@
   "license": "Apache-2.0",
   "repository": "https://github.com/interledger/rafiki",
   "engines": {
+    "pnpm": "^8.7.4",
     "node": "18"
   },
+  "packageManager": "pnpm@8.7.4",
   "scripts": {
     "preinstall": "npx only-allow pnpm",
     "lint": "eslint --max-warnings=0 --fix .",

diff --git a/packages/auth/Dockerfile b/packages/auth/Dockerfile
@@ -1,21 +1,67 @@
-FROM node:18.13.0-slim as builder
+FROM node:18-alpine3.18 AS base
 
-WORKDIR /workspace
+WORKDIR /home/rafiki
 
-RUN apt update
-RUN apt install -y curl xz-utils python3 build-essential
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 
-# version in curl is not the version used. Dependent on the last command
 RUN corepack enable
-RUN corepack prepare pnpm@7.25.1 --activate
+RUN corepack prepare pnpm@8.7.4 --activate
+RUN apk add --no-cache \
+    python3 \
+    make \
+    g++
 
-# pnpm fetch does require only lockfile
 COPY pnpm-lock.yaml ./
-RUN pnpm fetch
 
-ADD . ./
-RUN pnpm install -r --offline
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm fetch \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
 
+FROM base AS prod-deps
+
+COPY package.json pnpm-workspace.yaml .npmrc ./
+COPY packages/auth/package.json ./packages/auth/package.json
+COPY packages/token-introspection/package.json ./packages/token-introspection/package.json
+
+RUN pnpm clean
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --prefer-offline \
+    --frozen-lockfile \
+    --prod \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
+
+FROM base AS builder   
+
+COPY package.json pnpm-workspace.yaml .npmrc tsconfig.json tsconfig.build.json ./
+COPY openapi ./openapi
+COPY packages/auth ./packages/auth
+COPY packages/token-introspection ./packages/token-introspection
+
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --offline \
+    --frozen-lockfile
 RUN pnpm --filter auth build
 
-CMD ["node", "./packages/auth/dist/index.js"]
+FROM node:18-alpine3.18 AS runner
+
+WORKDIR /home/rafiki
+
+COPY --from=prod-deps /home/rafiki/node_modules ./node_modules
+COPY --from=prod-deps /home/rafiki/packages/auth/node_modules ./packages/auth/node_modules
+COPY --from=prod-deps /home/rafiki/packages/auth/package.json ./packages/auth/package.json
+COPY --from=prod-deps /home/rafiki/packages/token-introspection/node_modules ./packages/token-introspection/node_modules
+COPY --from=prod-deps /home/rafiki/packages/token-introspection/package.json ./packages/token-introspection/package.json
+
+COPY --from=builder /home/rafiki/openapi ./openapi
+COPY --from=builder /home/rafiki/packages/auth/migrations/ ./packages/auth/migrations
+COPY --from=builder /home/rafiki/packages/token-introspection/src/openapi/token-introspection.yaml ./packages/token-introspection/src/openapi/token-introspection.yaml
+COPY --from=builder /home/rafiki/packages/auth/dist ./packages/auth/dist
+COPY --from=builder /home/rafiki/packages/token-introspection/dist ./packages/token-introspection/dist
+
+
+CMD ["node", "/home/rafiki/packages/auth/dist/index.js"]
diff --git a/packages/backend/Dockerfile b/packages/backend/Dockerfile
@@ -1,21 +1,67 @@
-FROM node:18.13.0-slim as builder
+FROM node:18-alpine3.18 AS base
 
-WORKDIR /workspace
+WORKDIR /home/rafiki
 
-RUN apt update
-RUN apt install -y curl xz-utils python3 build-essential
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
 
-# version in curl is not the version used. Dependent on the last command
 RUN corepack enable
-RUN corepack prepare pnpm@7.25.1 --activate
+RUN corepack prepare pnpm@8.7.4 --activate
+RUN apk add --no-cache \
+    python3 \
+    make \
+    g++
 
-# pnpm fetch does require only lockfile
 COPY pnpm-lock.yaml ./
-RUN pnpm fetch
 
-ADD . ./
-RUN pnpm install -r --offline
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm fetch \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
 
+FROM base AS prod-deps
+
+COPY package.json pnpm-workspace.yaml .npmrc ./
+COPY packages/backend/package.json ./packages/backend/package.json
+COPY packages/token-introspection/package.json ./packages/token-introspection/package.json
+
+RUN pnpm clean
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --prefer-offline \
+    --frozen-lockfile \
+    --prod \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
+
+FROM base AS builder   
+
+COPY package.json pnpm-workspace.yaml .npmrc tsconfig.json tsconfig.build.json ./
+COPY openapi ./openapi
+COPY packages/backend ./packages/backend
+COPY packages/token-introspection ./packages/token-introspection
+
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --offline \
+    --frozen-lockfile
 RUN pnpm --filter backend build
 
-CMD ["node", "./packages/backend/dist/index.js"]
+FROM node:18-alpine3.18 AS runner
+
+WORKDIR /home/rafiki
+
+COPY --from=prod-deps /home/rafiki/node_modules ./node_modules
+COPY --from=prod-deps /home/rafiki/packages/backend/node_modules ./packages/backend/node_modules
+COPY --from=prod-deps /home/rafiki/packages/backend/package.json ./packages/backend/package.json
+COPY --from=prod-deps /home/rafiki/packages/token-introspection/node_modules ./packages/token-introspection/node_modules
+COPY --from=prod-deps /home/rafiki/packages/token-introspection/package.json ./packages/token-introspection/package.json
+
+COPY --from=builder /home/rafiki/openapi ./openapi
+COPY --from=builder /home/rafiki/packages/backend/migrations/ ./packages/backend/migrations
+COPY --from=builder /home/rafiki/packages/token-introspection/src/openapi/token-introspection.yaml ./packages/token-introspection/src/openapi/token-introspection.yaml
+COPY --from=builder /home/rafiki/packages/backend/dist ./packages/backend/dist
+COPY --from=builder /home/rafiki/packages/token-introspection/dist ./packages/token-introspection/dist
+
+
+CMD ["node", "/home/rafiki/packages/backend/dist/index.js"]