Skip to content

Improve docker cache mounts #1495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
May 27, 2025
Merged

Improve docker cache mounts #1495

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
2af3362
Improve backend
ahmedxgouda May 18, 2025
e04ec3b
Improve docs
ahmedxgouda May 18, 2025
8d0247e
Improve frontend
ahmedxgouda May 18, 2025
d9244c3
Run make check
ahmedxgouda May 18, 2025
f86a664
Apply coderabbitai suggestion
ahmedxgouda May 18, 2025
d5f8353
Merge branch 'main' into feature/improved-cache-mounts
ahmedxgouda May 26, 2025
f505fb2
Add FORCE_COLOR env
ahmedxgouda May 26, 2025
558f416
Add cache mounts to schema test image
ahmedxgouda May 26, 2025
5bdcad4
Merge branch 'main' into feature/improved-cache-mounts
ahmedxgouda May 26, 2025
45d0ea1
Apply coderabbitai suggestion
ahmedxgouda May 27, 2025
77f5419
Update code
arkid15r May 27, 2025
4912c24
Clean up mkdirs
arkid15r May 27, 2025
06ffa7e
Add npm cache mounts to cspell
ahmedxgouda May 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions backend/docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,25 @@
FROM python:3.13.3-alpine AS builder

ENV OWASP_GID=1000 \
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
OWASP_GID=1000 \
OWASP_UID=1000 \
PIP_CACHE_DIR="/home/owasp/.cache/pip" \
POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1

RUN apk update && apk upgrade && \
RUN mkdir -p ${APK_CACHE_DIR} ${POETRY_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && \
addgroup -S -g ${OWASP_GID} owasp && \
adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
mkdir -p ${POETRY_CACHE_DIR} && \
chown -R owasp:owasp /home/owasp && \
python -m pip install poetry
chown -R owasp:owasp /home/owasp

RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
python -m pip install poetry --cache-dir ${PIP_CACHE_DIR}

WORKDIR /home/owasp

Expand All @@ -34,7 +42,8 @@ RUN apk update && \
addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp

ENV PATH="/home/owasp/.venv/bin:$PATH" \
ENV FORCE_COLOR=1 \
PATH="/home/owasp/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1

WORKDIR /home/owasp
Expand Down
38 changes: 28 additions & 10 deletions backend/docker/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,26 @@ FROM python:3.13.3-alpine AS builder

SHELL ["/bin/sh", "-o", "pipefail", "-c"]

ENV OWASP_GID=1000 \
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
OWASP_GID=1000 \
OWASP_UID=1000 \
PIP_CACHE_DIR="/home/owasp/.cache/pip" \
POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1

RUN apk update && apk upgrade && \
RUN mkdir -p ${APK_CACHE_DIR} ${POETRY_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && \
addgroup -S -g ${OWASP_GID} owasp && \
adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
mkdir -p ${POETRY_CACHE_DIR} && \
chown -R owasp:owasp /home/owasp && \
python -m pip install poetry
chown -R owasp:owasp /home/owasp

RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
python -m pip install poetry --cache-dir ${PIP_CACHE_DIR}

USER owasp
WORKDIR /home/owasp
Expand All @@ -26,14 +34,24 @@ FROM python:3.13.3-alpine

SHELL ["/bin/sh", "-o", "pipefail", "-c"]

RUN apk update && \
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
FORCE_COLOR=1 \
PIP_CACHE_DIR="/home/owasp/.cache/pip" \
PATH="/home/owasp/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1

RUN mkdir -p ${APK_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && \
apk add postgresql-client redis && \
addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
python -m pip install poetry
adduser -S -h /home/owasp -G owasp owasp

ENV PATH="/home/owasp/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1
RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
python -m pip install poetry --cache-dir ${PIP_CACHE_DIR}

EXPOSE 8000

Expand Down
18 changes: 13 additions & 5 deletions backend/docker/Dockerfile.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,25 @@
FROM python:3.13.3-alpine AS builder

ENV OWASP_GID=1000 \
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
OWASP_GID=1000 \
OWASP_UID=1000 \
PIP_CACHE_DIR="/home/owasp/.cache/pip" \
POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1

RUN apk update && apk upgrade && \
RUN mkdir -p ${APK_CACHE_DIR} ${POETRY_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && \
addgroup -S -g ${OWASP_GID} owasp && \
adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
mkdir -p ${POETRY_CACHE_DIR} && \
chown -R owasp:owasp /home/owasp && \
python -m pip install poetry
chown -R owasp:owasp /home/owasp

RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
python -m pip install poetry --cache-dir ${PIP_CACHE_DIR}

WORKDIR /home/owasp
USER owasp
Expand Down
5 changes: 4 additions & 1 deletion cspell/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,15 @@ WORKDIR /opt/node

ENV PNPM_HOME="/pnpm"
ENV NPM_CONFIG_RETRY=5 \
NPM_CACHE="/nest/.npm" \
NPM_CONFIG_TIMEOUT=30000 \
PATH="$PNPM_HOME:$PATH"

RUN --mount=type=cache,target=${NPM_CACHE} \
npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE}

COPY package.json pnpm-lock.yaml ./

RUN npm install --ignore-scripts -g pnpm
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts

Expand Down
21 changes: 15 additions & 6 deletions docs/docker/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,26 @@ FROM python:3.13.3-alpine AS builder

SHELL ["/bin/sh", "-o", "pipefail", "-c"]

ENV OWASP_GID=1000 \
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
OWASP_GID=1000 \
OWASP_UID=1000 \
PIP_CACHE_DIR="/home/owasp/.cache/pip" \
POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1

RUN apk update && apk upgrade && \
RUN mkdir -p ${APK_CACHE_DIR} ${POETRY_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && \
addgroup -S -g ${OWASP_GID} owasp && \
adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
mkdir -p ${POETRY_CACHE_DIR} && \
chown -R owasp:owasp /home/owasp && \
python -m pip install poetry
chown -R owasp:owasp /home/owasp

RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
python -m pip install poetry --cache-dir ${PIP_CACHE_DIR}

WORKDIR /home/owasp
USER owasp
Expand All @@ -32,7 +40,8 @@ RUN addgroup -S owasp && \
mkdir -p /home/owasp && \
chown owasp:owasp /home/owasp

ENV PATH="/home/owasp/.venv/bin:$PATH" \
ENV FORCE_COLOR=1 \
PATH="/home/owasp/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1

EXPOSE 8001
Expand Down
18 changes: 15 additions & 3 deletions frontend/docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,25 @@ FROM node:22-alpine AS base
FROM base AS builder
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine
# to understand why libc6-compat might be needed.
ENV PNPM_HOME="/pnpm"
ENV APK_CACHE_DIR="/app/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
FORCE_COLOR=1 \
NPM_CACHE="/app/.npm" \
PNPM_HOME="/pnpm"

ENV PATH="$PNPM_HOME:$PATH"

RUN apk add --no-cache libc6-compat
RUN mkdir -p ${APK_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && apk add libc6-compat

WORKDIR /app

RUN npm install --ignore-scripts -g pnpm
RUN --mount=type=cache,target=${NPM_CACHE} \
npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE}

COPY --chmod=444 package.json pnpm-lock.yaml ./
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts
Expand Down
9 changes: 6 additions & 3 deletions frontend/docker/Dockerfile.e2e.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
FROM mcr.microsoft.com/playwright:v1.52.0-jammy

ENV PNPM_HOME="/pnpm"
ENV FORCE_COLOR=1 \
NPM_CONFIG_RETRY=5 \
NPM_CACHE="/app/.npm" \
PNPM_HOME="/pnpm"

ENV NPM_CONFIG_RETRY=5 \
NPM_CONFIG_TIMEOUT=30000 \
PATH="$PNPM_HOME:$PATH"

RUN --mount=type=cache,target=${NPM_CACHE} \
npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE}

WORKDIR /app

COPY --chmod=444 package.json pnpm-lock.yaml ./
RUN npm install --ignore-scripts -g pnpm
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts

Expand Down
39 changes: 30 additions & 9 deletions frontend/docker/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,27 @@ FROM node:22-alpine AS builder

SHELL ["/bin/sh", "-o", "pipefail", "-c"]

RUN apk update && \
apk add --no-cache git && \
mkdir -p /home/owasp && \
chown -R node:node /home/owasp && \
npm install --ignore-scripts -g pnpm
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
NPM_CACHE="/home/owasp/.npm" \
PNPM_HOME="/pnpm"

ENV PNPM_HOME="/pnpm"
ENV NPM_CONFIG_RETRY=5 \
NPM_CONFIG_TIMEOUT=30000 \
PATH="$PNPM_HOME:$PATH"

RUN mkdir -p ${APK_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && \
apk add git && \
mkdir -p /home/owasp && \
chown -R node:node /home/owasp

RUN --mount=type=cache,target=${NPM_CACHE} \
npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE}

WORKDIR /home/owasp

COPY --chmod=444 --chown=node:node package.json pnpm-lock.yaml ./
Expand All @@ -23,11 +33,22 @@ FROM node:22-alpine

SHELL ["/bin/sh", "-o", "pipefail", "-c"]

RUN apk update && \
ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
FORCE_COLOR=1 \
NPM_CACHE="/home/owasp/.npm"

RUN mkdir -p ${APK_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && \
apk add --no-cache git && \
mkdir -p /home/owasp/.next && \
chown -R node:node /home/owasp && \
npm install --ignore-scripts -g pnpm
chown -R node:node /home/owasp

RUN --mount=type=cache,target=${NPM_CACHE} \
npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE}

COPY --from=builder --chmod=755 --chown=node:node /home/owasp/node_modules /home/owasp/node_modules

Expand Down
9 changes: 6 additions & 3 deletions frontend/docker/Dockerfile.unit.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
FROM node:22-alpine

ENV PNPM_HOME="/pnpm"
ENV FORCE_COLOR=1 \
NPM_CONFIG_RETRY=5 \
NPM_CACHE="/app/.npm" \
PNPM_HOME="/pnpm"

ENV NPM_CONFIG_RETRY=5 \
NPM_CONFIG_TIMEOUT=30000 \
PATH="$PNPM_HOME:$PATH"

RUN --mount=type=cache,target=${NPM_CACHE} \
npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE}

WORKDIR /app

COPY --chmod=444 package.json pnpm-lock.yaml ./
RUN npm install --ignore-scripts -g pnpm
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts && \
chown node:node /app
Expand Down
33 changes: 25 additions & 8 deletions schema/docker/Dockerfile.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,44 @@
FROM python:3.13.3-alpine AS builder

RUN addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
mkdir -p /home/owasp && \
chown owasp:owasp /home/owasp && \
python -m pip install --no-cache-dir poetry

ENV FORCE_COLOR=1 \
SHELL ["/bin/sh", "-o", "pipefail", "-c"]

ENV APK_CACHE_DIR="/home/owasp/.cache/apk" \
APK_SYMLINK_DIR="/etc/apk/cache" \
OWASP_GID=1000 \
OWASP_UID=1000 \
PIP_CACHE_DIR="/home/owasp/.cache/pip" \
POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1

RUN mkdir -p ${APK_CACHE_DIR} && \
ln -fns ${APK_CACHE_DIR} ${APK_SYMLINK_DIR}

RUN --mount=type=cache,target=${APK_CACHE_DIR} \
apk update && apk upgrade && \
addgroup -S owasp -g ${OWASP_GID} && \
adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
mkdir -p /home/owasp && \
chown owasp:owasp /home/owasp

RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
python -m pip install poetry --cache-dir ${PIP_CACHE_DIR}

WORKDIR /home/owasp
USER owasp

COPY --chmod=444 --chown=owasp:owasp poetry.lock pyproject.toml ./
RUN poetry install --no-root
RUN --mount=type=cache,target=${POETRY_CACHE_DIR},uid=${OWASP_UID},gid=${OWASP_GID} \
poetry install --no-root

COPY *.json ./
COPY tests tests
COPY utils utils

FROM python:3.13.3-alpine

SHELL ["/bin/sh", "-o", "pipefail", "-c"]

RUN addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
mkdir -p /home/owasp && \
Expand Down