Use lightweight base docker image

[yu-iskw]

User description

Overview

According to my research, it takes about 35 seconds to pull and build the docker image of pr-agent in GitHub Actions. I assume that we can speed up by using a base docker image which is lighter than python:3.10. My assumption is to speed up the GitHub Actions' step to prepare for pr-agent using python:3.10-slim. If that works as expected, the elapsed time to run a GitHub Actions with pr-agent gets shorter.

---

PR Type

enhancement

---

Description

• Changed the base Docker image from python:3.10 to python:3.10-slim to reduce the image size and potentially speed up the build process.
• Added comments to improve the readability of the Dockerfile.
• Replaced ADD with COPY for copying files, which is more efficient and clearer in this context.
• Ensured that the entrypoint script is executable, which is crucial for the script to run properly.

---

Changes walkthrough 📝

	Relevant files
Enhancement	Dockerfile.github_action Optimize Dockerfile with a lightweight base image and refactoring Dockerfile.github_action Changed base image from python:3.10 to python:3.10-slim for a lighter build. Added comments for environment variable and installation steps. Used COPY instead of ADD for better clarity and efficiency. Ensured the entrypoint script is executable. +15/-6

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-merge-pro]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🏅 Score: 95

🧪 No relevant tests

🔒 No security concerns identified

🔀 No multiple PR themes

⚡ Recommended focus areas for review Dependency Management Verify if all necessary dependencies are still available in the slim image. Some system libraries might be missing.

[qodo-merge-pro]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Enhance security by running the application as a non-root user Consider using a non-root user for running the application to enhance security. Create a new user and switch to it before running the entrypoint script. Dockerfile.github_action [16-20] +# Create a non-root user and switch to it +RUN useradd -m appuser +USER appuser + # Ensure the entrypoint script is executable RUN chmod +x /entrypoint.sh # Run the application ENTRYPOINT ["/entrypoint.sh"] Apply this suggestion Suggestion importance[1-10]: 9 Why: Running the application as a non-root user is a crucial security improvement. It reduces the risk of privilege escalation and aligns with best practices for container security.	9
Enhancement	Implement multi-stage builds to minimize the final image size by separating build and runtime environments Consider using multi-stage builds to further reduce the final image size. You can have a build stage for installing dependencies and compiling code, and a final stage that only copies the necessary artifacts. Dockerfile.github_action [1-13] -FROM python:3.10-slim as base +FROM python:3.10-slim as builder + +WORKDIR /app + +# Install dependencies +COPY pyproject.toml requirements.txt ./ +RUN pip install --no-cache-dir . && rm pyproject.toml requirements.txt + +# Copy and compile application code +COPY pr_agent pr_agent +RUN python -m compileall pr_agent + +FROM python:3.10-slim WORKDIR /app # Set environment variable ENV PYTHONPATH=/app -# Install dependencies -COPY pyproject.toml requirements.txt ./ -RUN pip install --no-cache-dir . && rm pyproject.toml requirements.txt - -# Copy application code -COPY pr_agent pr_agent +# Copy only necessary files from builder +COPY --from=builder /app/pr_agent /app/pr_agent COPY github_action/entrypoint.sh /entrypoint.sh Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion to use multi-stage builds is a significant enhancement that can reduce the final image size and improve efficiency by separating the build and runtime environments. This aligns well with the PR's goal of optimizing the Dockerfile.	8
Performance	Optimize Docker build caching by reordering COPY commands To improve build caching and reduce rebuild times, consider moving the COPY commands for application code after the dependency installation step. This way, changes to the application code won't invalidate the cached dependency layer. Dockerfile.github_action [8-14] -# Install dependencies +# Copy and install dependencies COPY pyproject.toml requirements.txt ./ RUN pip install --no-cache-dir . && rm pyproject.toml requirements.txt # Copy application code COPY pr_agent pr_agent COPY github_action/entrypoint.sh /entrypoint.sh Apply this suggestion Suggestion importance[1-10]: 7 Why: Reordering the COPY commands to improve build caching is a practical suggestion that can reduce rebuild times by ensuring that changes to application code do not invalidate the cached dependency layer. This enhances the Docker build process efficiency.	7

• Author self-review: I have reviewed the PR code suggestions, and addressed the relevant ones.

💡 Need additional feedback ? start a PR chat

[yu-iskw]

@mrT23 I don't want to bother you, but I would appreciate if you could give your thoughts on the change. Thanks!

[mrT23]

Hi @yu-iskw , thanks for the PR

Reducing the docker size is a worthy goal.
Note that this PR: #1306 should reduce 400MB from the docker.

We do get a meaningful reduction in size when moving from python:3.12 to python:3.12-slim (800 MB).
However, I am highly worried that this removes packages that are needed, and that problems will arise for different tools.

On my first test, the slim docker (current_docker_new) seems to remove some needed packages for Git.

So I tend not to switch to it. Chasing after missing packages, only in a GitHub action environment, is not a path I want to go to.

However, the other changes in this PR are good.
if you can revert:
FROM python:3.10-slim as base
to
FROM python:3.12 as base, it can be merged (the python version should also be upgraded, as done in other dockers https://github.com/Codium-ai/pr-agent/blob/main/docker/Dockerfile)

[yu-iskw]

@mrT23 Thank you for the feedback. I totally understand that it would be a bit hassle to purse missing dependencies, though we can automate to check if a built docker image works as expected in GitHub Action. I will close the PR. Again, thanks!

[mrT23]

i do like the other changes. The docker looks better and cleaner with them

If you want to merge them in this PR, cool, or I would re-open them in another PR