Skip to content

Image size improvements and pinned Netexec version#735

Merged
NeffIsBack merged 3 commits into
Pennyw0rth:mainfrom
kaisersource:patch-1
Jul 3, 2025
Merged

Image size improvements and pinned Netexec version#735
NeffIsBack merged 3 commits into
Pennyw0rth:mainfrom
kaisersource:patch-1

Conversation

@kaisersource

@kaisersource kaisersource commented Jun 13, 2025

Copy link
Copy Markdown
Contributor

Description

This PR introduces a multi-stage Docker build for latest version of NetExec, using the latest python:3.13-slim-bookworm as the base image. The multi-stage setup optimizes the final image size by separating the build environment from the runtime environment.
Summary of Changes

Adds a builder stage that Installs necessary build dependencies The final stage:

  • Copies only the required Python site-packages and binaries from the builder
  • Minimizes runtime dependencies

Issue Fixed / Enhancement
This results in a smaller, cleaner final image suitable for deployment and CI/CD

Type of change

  • New feature (non-breaking change which adds functionality)

Ensure Docker is installed on your machine. No external dependencies are required beyond Docker itself.

Checklist:

  • I have tested the Docker build and run locally
  • I have performed a self-review of my own code

Minimized final image size (From ~2 GB to ~350 MB)
Pinned a stable NetExec version

Signed-off-by: Professor Bossetti <emanuelebosimini@gmail.com>
@NeffIsBack

Copy link
Copy Markdown
Member

Thanks for the PR!
Wondering if it wouldn't be best to just use the latest version of the repo instead of checking out the v1.4.0 build. What's the reason for that change?

@kaisersource

Copy link
Copy Markdown
Contributor Author

I always prefer using the latest release tag to ensure traceability and reproducibility, especially because it triggers my CI/CD pipelines. Moreover, relying on main which evolves continuously, might lead to potential breakages or unexpected changes

@Marshall-Hallenbeck

Copy link
Copy Markdown
Collaborator

I always prefer using the latest release tag to ensure traceability and reproducibility, especially because it triggers my CI/CD pipelines. Moreover, relying on main which evolves continuously, might lead to potential breakages or unexpected changes

We only do tagged releases once every few months, but each commit updates the hash that is displayed when running --version, so you can know exactly which commit you are on from the main branch. If you solely rely on the latest tagged version, you are going to be running an older version and missing out on lots of features and more importantly bug fixes that we push very often.

@kaisersource

Copy link
Copy Markdown
Contributor Author

Got it, thanks. I've switched to cloning from main branch

@kaisersource kaisersource changed the title Enhancement - Image size improvements and pinned Netexec version Image size improvements and pinned Netexec version Jun 14, 2025
@NeffIsBack

NeffIsBack commented Jun 16, 2025

Copy link
Copy Markdown
Member

@kaisersource while we are at it, could you add entry points for "NetExec" and the "nxcdb" as well?

@NeffIsBack NeffIsBack left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM:
image

@NeffIsBack

Copy link
Copy Markdown
Member

For others in the future, old build had 2.21GB (see in the screenshot), new build has 351MB 🚀

@NeffIsBack NeffIsBack merged commit 1b620c0 into Pennyw0rth:main Jul 3, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants