Skip to content

Add cache mounts to docker files #1452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
arkid15r merged 13 commits into from
May 2, 2025
Merged

Add cache mounts to docker files #1452

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
2f892e6
Add cache mounts to docker files
ahmedxgouda May 1, 2025
74a03e6
Merge branch 'main' into feature/introduce-docker-cache-mounts
ahmedxgouda May 1, 2025
a70ee42
Fix docker e2e and unit test syntax
ahmedxgouda May 1, 2025
0b0871b
Apply coderabbit suggestion
ahmedxgouda May 1, 2025
a0813d4
Fix spelling in backend
ahmedxgouda May 1, 2025
4c3d763
Refactor Dockerfiles to use consistent cache mount for pnpm
ahmedxgouda May 1, 2025
d0c742f
Fix typo in cache mount path in docs Dockerfile.local
ahmedxgouda May 1, 2025
5023cc9
Fix typo in cache mount path in backend Dockerfile
ahmedxgouda May 1, 2025
eee5fc6
Add cache mount to cspell
ahmedxgouda May 1, 2025
c541322
Fix poetry cache
ahmedxgouda May 2, 2025
3be4c59
Add PNPM Home environement variable
ahmedxgouda May 2, 2025
bd1bcde
Merge branch 'main' into pr/ahmedxgouda/1452
arkid15r May 2, 2025
9d46437
Update code
arkid15r May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions backend/docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ FROM python:3.13.3-alpine AS builder
RUN apk update && \
addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
python -m pip install --no-cache-dir poetry
python -m pip install poetry

ENV POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1
Expand All @@ -13,7 +13,8 @@ WORKDIR /home/owasp
USER owasp

COPY --chmod=444 --chown=owasp:owasp poetry.lock pyproject.toml ./
RUN poetry install --no-root --without dev --without test
RUN --mount=type=cache,target=/root/.cache/pypoetry \
poetry install --no-root --without dev --without test

COPY apps apps
COPY docker/entrypoint.sh entrypoint.sh
Expand All @@ -33,6 +34,7 @@ ENV PATH="/home/owasp/.venv/bin:$PATH" \

WORKDIR /home/owasp

COPY --from=builder --chmod=755 --chown=owasp:owasp /home/owasp/.venv /home/owasp/.venv
COPY --from=builder --chmod=555 --chown=owasp:owasp /home/owasp /home/owasp
RUN chmod +x /home/owasp/entrypoint.sh

Expand Down
8 changes: 5 additions & 3 deletions backend/docker/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ SHELL ["/bin/sh", "-o", "pipefail", "-c"]
RUN apk update && apk upgrade && \
addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
python -m pip install --no-cache-dir poetry
python -m pip install poetry

ENV POETRY_VIRTUALENVS_IN_PROJECT=true \
PYTHONUNBUFFERED=1
Expand All @@ -13,7 +13,8 @@ USER owasp
WORKDIR /home/owasp

COPY --chmod=444 --chown=owasp:owasp poetry.lock pyproject.toml ./
RUN poetry install --no-root --without dev --without test
RUN --mount=type=cache,target=/root/.cache/pypoetry \
poetry install --no-root --without dev --without test

FROM python:3.13.3-alpine

Expand All @@ -23,7 +24,7 @@ RUN apk update && \
apk add postgresql-client redis && \
addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
python -m pip install --no-cache-dir poetry
python -m pip install poetry

ENV PATH="/home/owasp/.venv/bin:$PATH" \
PYTHONUNBUFFERED=1
Expand All @@ -33,4 +34,5 @@ EXPOSE 8000
USER owasp
WORKDIR /home/owasp

COPY --from=builder --chmod=755 --chown=owasp:owasp /home/owasp/.venv /home/owasp/.venv
COPY --from=builder --chmod=755 --chown=owasp:owasp /home/owasp /home/owasp
6 changes: 4 additions & 2 deletions backend/docker/Dockerfile.test
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ RUN addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
mkdir -p /home/owasp && \
chown owasp:owasp /home/owasp && \
python -m pip install --no-cache-dir poetry
python -m pip install poetry

ENV FORCE_COLOR=1 \
POETRY_VIRTUALENVS_IN_PROJECT=true \
Expand All @@ -14,7 +14,8 @@ WORKDIR /home/owasp
USER owasp

COPY --chmod=444 poetry.lock pyproject.toml ./
RUN poetry install --no-root
RUN --mount=type=cache,target=/root/.cache/pypoetry \
poetry install --no-root

COPY .env.example .env.example
COPY apps apps
Expand All @@ -38,4 +39,5 @@ ENV FORCE_COLOR=1 \
WORKDIR /home/owasp
USER owasp

COPY --from=builder --chmod=755 --chown=owasp:owasp /home/owasp/.venv /home/owasp/.venv
COPY --from=builder --chmod=555 --chown=owasp:owasp /home/owasp /home/owasp
4 changes: 3 additions & 1 deletion cspell/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ WORKDIR /opt/node

COPY package.json pnpm-lock.yaml ./

RUN npm install --ignore-scripts -g pnpm && \
RUN npm install --ignore-scripts -g pnpm
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Pin pnpm version for reproducible builds
Installing the latest pnpm without a version specifier can lead to unpredictable build failures when a new pnpm release is published.

Consider pinning pnpm to a known stable version, for example:

 RUN npm install --ignore-scripts -g pnpm
+RUN npm install --ignore-scripts -g pnpm@8.8.0

You can bump the @8.8.0 to whichever version aligns with your team’s compatibility requirements.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN npm install --ignore-scripts -g pnpm
RUN npm install --ignore-scripts -g pnpm
RUN npm install --ignore-scripts -g pnpm@8.8.0
🤖 Prompt for AI Agents (early access) 
In cspell/Dockerfile at line 7, the RUN command installs pnpm without specifying a version, which can cause unpredictable build failures. Modify the command to pin pnpm to a specific stable version by appending the version number after the package name, for example, use "pnpm@8.8.0" instead of just "pnpm" to ensure reproducible builds.


RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts
Comment on lines +13 to 14
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Ensure cache mount aligns with pnpm’s actual store directory
The build cache is mounted at /pnpm/store, but pnpm’s default store path is typically under the user’s home (e.g., ~/.pnpm-store). Without explicitly configuring pnpm to use /pnpm/store, the cache mount will not be utilized.

Update the install command to direct pnpm’s store into your cache mount:

 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
-    pnpm install --frozen-lockfile --ignore-scripts
+    pnpm install --frozen-lockfile --ignore-scripts --store-dir=/pnpm/store

Alternatively, set it globally before installation:

RUN pnpm config set store-dir=/pnpm/store

This ensures the cache mount is effective and speeds up subsequent builds.

🤖 Prompt for AI Agents (early access) 
In cspell/Dockerfile around lines 9 to 10, the pnpm cache mount is set to /pnpm/store but pnpm by default uses a different store directory, so the cache is not utilized. Fix this by configuring pnpm to use /pnpm/store as its store directory either by adding a command before installation to set the store-dir config globally or by passing the store-dir option directly in the install command. This ensures the cache mount is effective and speeds up builds.


WORKDIR /nest
Expand Down
1 change: 1 addition & 0 deletions cspell/custom-dict.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ psycopg
pygithub
pygoat
pymdownx
pypoetry
pyyaml
repositorycontributor
requirepass
Expand Down
6 changes: 4 additions & 2 deletions docs/docker/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ RUN addgroup -S owasp && \
adduser -S -h /home/owasp -G owasp owasp && \
mkdir -p /home/owasp && \
chown owasp:owasp /home/owasp && \
python -m pip install --no-cache-dir poetry
python -m pip install poetry

ENV FORCE_COLOR=1 \
POETRY_VIRTUALENVS_IN_PROJECT=true \
Expand All @@ -16,7 +16,8 @@ WORKDIR /home/owasp
USER owasp

COPY --chmod=444 --chown=owasp:owasp docs/poetry.lock docs/pyproject.toml mkdocs.yaml ./
RUN poetry install --no-root && \
RUN --mount=type=cache,target=/root/.cache/pypoetry \
poetry install --no-root && \
rm -rf docs/poetry.lock docs/pyproject.toml

FROM python:3.13.3-alpine
Expand All @@ -36,4 +37,5 @@ EXPOSE 8001
USER owasp
WORKDIR /home/owasp

COPY --from=builder --chmod=755 --chown=owasp:owasp /home/owasp/.venv /home/owasp/.venv
COPY --from=builder --chmod=555 --chown=owasp:owasp /home/owasp /home/owasp
3 changes: 2 additions & 1 deletion frontend/docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ WORKDIR /app

RUN npm install --ignore-scripts -g pnpm
COPY --chmod=444 package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --ignore-scripts
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts

COPY --chmod=444 .env .pnpmrc next.config.ts postcss.config.js tailwind.config.js tsconfig.json ./
COPY --chmod=555 public public
Expand Down
3 changes: 2 additions & 1 deletion frontend/docker/Dockerfile.e2e.test
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ ENV FORCE_COLOR=1
WORKDIR /app

COPY --chmod=444 package.json pnpm-lock.yaml ./
RUN npm install --ignore-scripts -g pnpm && \
RUN npm install --ignore-scripts -g pnpm
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts

COPY __tests__/e2e __tests__/e2e
Expand Down
7 changes: 4 additions & 3 deletions frontend/docker/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ RUN apk update && \
WORKDIR /home/owasp

COPY --chmod=444 --chown=node:node package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --ignore-scripts
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts

FROM node:22-alpine

Expand All @@ -21,10 +22,10 @@ RUN apk update && \
chown -R node:node /home/owasp && \
npm install --ignore-scripts -g pnpm

COPY --from=builder --chmod=755 --chown=node:node /home/owasp/node_modules /home/owasp/node_modules

EXPOSE 3000

COPY --from=builder --chmod=755 --chown=node:node /home/owasp/node_modules /home/owasp/node_modules

USER node

WORKDIR /home/owasp
3 changes: 2 additions & 1 deletion frontend/docker/Dockerfile.unit.test
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ ENV FORCE_COLOR=1
WORKDIR /app

COPY --chmod=444 package.json pnpm-lock.yaml ./
RUN npm install --ignore-scripts -g pnpm && \
RUN npm install --ignore-scripts -g pnpm
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
pnpm install --frozen-lockfile --ignore-scripts && \
chown node:node /app

Expand Down