Skip to content

chore: image apk upgrade optimization #2826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
daanschipper wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: image apk upgrade optimization #2826

daanschipper wants to merge 1 commit into from

Conversation

@daanschipper
Copy link
Contributor

@daanschipper daanschipper commented Dec 1, 2025
edited
Loading

Fetching updates in memory to not leave anything on disk. Use one RUN command to avoid creating two separate layers.

See diff below, 4 instead of 5 layers, no apk cache in the image.

Description

Before

❯ docker inspect docker.io/aquasecurity/trivy-operator:dev-before                                                                                                                                                                                                                                                                                                                                                                        
[                                                                                                                                                                                                                                                                                                                                                                                                                                        
    {                                                                                                                                                                                                                                                                                                                                                                                                                                    
        ...                                                                                                                                                                                                                                                                                                                                                                                                                
        "RootFS": {                                                                                                                                                                                                                                                                                                                                                                                                                      
            "Type": "layers",                                                                                                                                                                                                                                                                                                                                                                                                            
            "Layers": [                                                                                                                                                                                                                                                                                                                                                                                                                  
                "sha256:256f393e029fa2063d8c93720da36a74a032bed3355a2bc3e313ad12f8bde9d1",                                                                                                                                                                                                                                                                                                                                               
                "sha256:5ce487bc8286974c83e1a26379f4a1facf68349abdab37a203efea4b0634afa6",                                                                                                                                                                                                                                                                                                                                               
                "sha256:9f0d01bd0aa501d7778e5b05cfddae2036c7156c0b6a313f01891de7b8191aa8",                                                                                                                                                                                                                                                                                                                                               
                "sha256:4021271c563cea6e7dcd28988e8eab1b42a549b8adc8d1f32b5b0187b71fef18",                                                                                                                                                                                                                                                                                                                                               
                "sha256:f01e3423333a509d7e33b6a6e9d28178c039733390d624fd8c978b520691de79"                                                                                                                                                                                                                                                                                                                                                
            ]                                                                                                                                                                                                                                                                                                                                                                                                                            
        },                                                                                                                                                                                                                                                                                                                                                                                                                               

❯ docker run -it --rm --entrypoint /bin/sh docker.io/aquasecurity/trivy-operator:dev-before
/ $ ls -la /var/cache/apk
total 2552
drwxr-xr-x    1 root     root          4096 Dec  1 11:46 .
drwxr-xr-x    1 root     root          4096 Oct  8 09:28 ..
-rw-r--r--    1 root     root        500031 Dec  1 11:46 APKINDEX.6c16d705.tar.gz
-rw-r--r--    1 root     root       2094055 Dec  1 11:46 APKINDEX.76ae5dea.tar.gz
/ $

After

❯ docker inspect docker.io/aquasecurity/trivy-operator:dev                                                                                                                                                                                                                                                                                                                                                                               
[                                                                                                                                                                                                                                                                                                                                                                                                                                        
    {                                                                                                                                                                                                                                                                                                                                                                                                                                    
        ...
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:256f393e029fa2063d8c93720da36a74a032bed3355a2bc3e313ad12f8bde9d1",
                "sha256:956bcb29dfac86b83223585559fa9f229d02bc00316628185988c5e2a425309c",
                "sha256:ef49bf7d1228d61d00e3de3b04934c55bd3c5370b9963a1056c8cfbd9067f8aa",
                "sha256:f68455b00b927699b3d3d0595f2152aff98ce639f63ae60ca51b8b6af801a280"
            ]
        },
]

❯ docker run -it --rm --entrypoint /bin/sh docker.io/aquasecurity/trivy-operator:dev       
/ $ ls -la /var/cache/apk
total 8
drwxr-xr-x    2 root     root          4096 Oct  8 09:28 .
drwxr-xr-x    4 root     root          4096 Oct  8 09:28 ..
/ $

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@daanschipper
chore: image apk upgrade optimization
00be068 
Fetching updates in memory to not leave anything on disk.
Use one RUN command to avoid creating two separate layers.
@daanschipper daanschipper requested a review from simar7 as a code owner December 1, 2025 14:01
@github-actions github-actions bot added the misc label Dec 1, 2025
@afdesk
Copy link
Contributor

afdesk commented Dec 3, 2025

@daanschipper thanks for the contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@afdesk afdesk afdesk approved these changes

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

misc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@daanschipper @afdesk