Skip to content

Separate builders for build tools, drop some unused library dependencies #994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
+46 −24
Open

Separate builders for build tools, drop some unused library dependencies #994

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9455516
DEV: add separate builders for thpoff, jemalloc, and oxipng
featheredtoast Aug 14, 2025
3477844
Drop parallel
featheredtoast Aug 15, 2025
2596854
mount tmpfs for apt caches
featheredtoast Aug 15, 2025
655a376
DEV: only install nginx runtime packages
featheredtoast Aug 19, 2025
c28395b
Remove libtcmalloc - this is unreferenced
featheredtoast Aug 19, 2025
7d9e6fe
DEV: organize apt installs
featheredtoast Aug 19, 2025
6f30992
correct copy libjemalloc.so
featheredtoast Aug 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 41 additions & 22 deletions image/base/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,23 @@ FROM builder AS nginx_builder
ADD nginx_public_keys.key /tmp/nginx_public_keys.key
ADD install-nginx /tmp/install-nginx
RUN gpg --import /tmp/nginx_public_keys.key &&\
rm /tmp/nginx_public_keys.key &&\
/tmp/install-nginx
rm /tmp/nginx_public_keys.key &&\
/tmp/install-nginx

FROM builder AS thpoff_builder
# This tool allows us to disable huge page support for our current process
# since the flag is preserved through forks and execs it can be used on any
# process
ADD thpoff.c /src/thpoff.c
RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c

FROM builder AS jemalloc_builder
ADD install-jemalloc /tmp/install-jemalloc
RUN /tmp/install-jemalloc

FROM builder AS oxipng_builder
ADD install-oxipng /tmp/install-oxipng
RUN /tmp/install-oxipng

FROM discourse/ruby:${RUBY_VERSION}-${DEBIAN_RELEASE}-slim AS discourse_dependencies

Expand All @@ -54,22 +69,33 @@ RUN echo 2.0.`date +%Y%m%d` > /VERSION
RUN echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"

RUN --mount=type=tmpfs,target=/var/log \
--mount=type=tmpfs,target=/var/cache/apt \
--mount=type=tmpfs,target=/var/lib/apt \
echo "debconf debconf/frontend select Teletype" | debconf-set-selections; \
apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping locales \
apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install \
gnupg sudo curl fping locales \
ca-certificates rsync \
cmake g++ pkg-config patch \
libxslt-dev libcurl4-openssl-dev \
libssl-dev libyaml-dev libtool \
libpcre3 libpcre3-dev zlib1g zlib1g-dev \
libxml2-dev gawk parallel \
libreadline-dev anacron wget \
psmisc whois brotli libunwind-dev \
libtcmalloc-minimal4 cmake \
gawk anacron wget \
psmisc whois brotli \
pngcrush pngquant ripgrep poppler-utils \
# gem build dependencies
cmake g++ pkg-config patch \
libtool \
libxslt-dev \
libcurl4-openssl-dev \
libssl-dev \
libyaml-dev \
libxml2-dev \
libreadline-dev \
libunwind-dev \
# nginx runtime dependencies
libpcre3 zlib1g \
# imagemagick runtime dependencies
ghostscript libjbig0 libtiff6 libpng16-16 libfontconfig1 \
libwebpdemux2 libwebpmux3 libxext6 librsvg2-2 libgomp1 \
fonts-urw-base35 libheif1/${DEBIAN_RELEASE}-backports \
# oxipng dependencies \
advancecomp jpegoptim libjpeg-turbo-progs \
# nginx runtime dependencies \
nginx-common && \
# install these without recommends to avoid pulling in e.g.
Expand Down Expand Up @@ -125,24 +151,17 @@ RUN ln -s /usr/local/bin/magick /usr/local/bin/animate &&\
ln -s /usr/local/bin/magick /usr/local/bin/stream &&\
test $(magick -version | grep -o -e png -e tiff -e jpeg -e freetype -e heic -e webp | wc -l) -eq 6

ADD install-jemalloc /tmp/install-jemalloc
RUN /tmp/install-jemalloc
COPY --from=thpoff_builder /usr/local/sbin/thpoff /usr/local/sbin
COPY --from=jemalloc_builder /usr/lib/libjemalloc.so /usr/lib
COPY --from=oxipng_builder /usr/local/bin/jhead /usr/local/bin
COPY --from=oxipng_builder /usr/local/bin/oxipng /usr/local/bin

ADD install-redis /tmp/install-redis

ADD install-oxipng /tmp/install-oxipng
RUN /tmp/install-oxipng

RUN gem install pups --force &&\
mkdir -p /pups/bin/ &&\
ln -s /usr/local/bin/pups /pups/bin/pups

# This tool allows us to disable huge page support for our current process
# since the flag is preserved through forks and execs it can be used on any
# process
ADD thpoff.c /src/thpoff.c
RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c

# this is required for aarch64 which uses buildx
# see https://github.com/docker/buildx/issues/150
RUN rm -f /etc/service
Expand Down
7 changes: 5 additions & 2 deletions image/base/sbin/boot
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,18 @@
shutdown() {
echo Shutting Down
/etc/runit/3
ls /etc/service | SHELL=/bin/sh parallel sv force-stop {}
ls /etc/service | xargs sv force-stop
kill -HUP $RUNSVDIR
wait $RUNSVDIR

# give stuff a bit of time to finish
sleep 0.1

ORPHANS=`ps -eo pid | grep -v PID | tr -d ' ' | grep -v '^1$'`
SHELL=/bin/bash parallel 'timeout 5 /bin/bash -c "kill {} && wait {}" || kill -9 {}' ::: $ORPHANS 2> /dev/null
for pid in $ORPHANS; do
(timeout 5 /bin/bash -c "kill $pid && wait $pid" 2>/dev/null || kill -9 $pid 2>/dev/null) &
done
wait
exit
}

Expand Down