Skip to content

Optimized Docker Image with Multi-Stage Build #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xbreaker wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Optimized Docker Image with Multi-Stage Build #167

xbreaker wants to merge 1 commit into from
+76 −64

Conversation

@xbreaker
Copy link

@xbreaker xbreaker commented Jan 16, 2026

Summary

This PR significantly reduces the Docker image size from 2.7GB to ~250MB (over 90% reduction) by implementing a multi-stage build approach and removing unnecessary build dependencies from the final image.

Changes Made

1. Multi-Stage Build Architecture

  • Builder Stage: Contains all build tools (Go, Node.js, Task, Goose, SQLC, golangci-lint)
  • Runtime Stage: Uses debian:trixie-slim with only essential runtime dependencies

2. Dependency Optimization

Removed from final image:

  • Go compiler and toolchain
  • Node.js and npm
  • Task runner (except Goose for migrations)
  • SQLC and golangci-lint
  • Wget, unzip, git, and other build tools

Retained in final image:

  • PostgreSQL clients (13-18) for backup operations
  • Goose binary for database migrations
  • Application binaries (app and change-password)
  • Static files

3. Security Improvements

  • Created non-root user pgbackweb for application execution
  • Removed build tools that could be exploited
  • Minimal attack surface with only required packages

4. Migration Handling

  • Migration files are copied to the final image for runtime use

5. Build Process

  • All compilation happens in the builder stage
  • Only compiled binaries and runtime dependencies are copied to final image

Benefits

  • 10x smaller image (2.7GB → ~250MB)
  • Faster deployments and reduced storage costs
  • Improved security with fewer packages and non-root user
  • Same functionality with optimized resource usage

@coderabbitai
Copy link

coderabbitai bot commented Jan 16, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@xbreaker xbreaker mentioned this pull request Jan 17, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xbreaker