[PR #167] Optimized Docker Image with Multi-Stage Build #169

Open
opened 2026-02-26 21:34:50 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/eduardolat/pgbackweb/pull/167
Author: @xbreaker
Created: 1/16/2026
Status: 🔄 Open

Base: developHead: feature/docker-multistage


📝 Commits (2)

  • f487c3a feat: Add multistage builds to Dockerfile
  • cf2da3e fix: add wget & unzip to runtime stage

📊 Changes

1 file changed (+76 additions, -64 deletions)

View changed files

📝 docker/Dockerfile (+76 -64)

📄 Description

Summary

This PR significantly reduces the Docker image size from 2.7GB to ~250MB (over 90% reduction) by implementing a multi-stage build approach and removing unnecessary build dependencies from the final image.

Changes Made

1. Multi-Stage Build Architecture

  • Builder Stage: Contains all build tools (Go, Node.js, Task, Goose, SQLC, golangci-lint)
  • Runtime Stage: Uses debian:trixie-slim with only essential runtime dependencies

2. Dependency Optimization

Removed from final image:

  • Go compiler and toolchain
  • Node.js and npm
  • Task runner (except Goose for migrations)
  • SQLC and golangci-lint
  • Wget, unzip, git, and other build tools

Retained in final image:

  • PostgreSQL clients (13-18) for backup operations
  • Goose binary for database migrations
  • Application binaries (app and change-password)
  • Static files

3. Security Improvements

  • Created non-root user pgbackweb for application execution
  • Removed build tools that could be exploited
  • Minimal attack surface with only required packages

4. Migration Handling

  • Migration files are copied to the final image for runtime use

5. Build Process

  • All compilation happens in the builder stage
  • Only compiled binaries and runtime dependencies are copied to final image

Benefits

  • 10x smaller image (2.7GB → ~250MB)
  • Faster deployments and reduced storage costs
  • Improved security with fewer packages and non-root user
  • Same functionality with optimized resource usage

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/eduardolat/pgbackweb/pull/167 **Author:** [@xbreaker](https://github.com/xbreaker) **Created:** 1/16/2026 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `feature/docker-multistage` --- ### 📝 Commits (2) - [`f487c3a`](https://github.com/eduardolat/pgbackweb/commit/f487c3acb214e34b90dae88b38776431cee7c043) feat: Add multistage builds to Dockerfile - [`cf2da3e`](https://github.com/eduardolat/pgbackweb/commit/cf2da3ea45b6004a48dda6ab2991a25f38c6d0a4) fix: add wget & unzip to runtime stage ### 📊 Changes **1 file changed** (+76 additions, -64 deletions) <details> <summary>View changed files</summary> 📝 `docker/Dockerfile` (+76 -64) </details> ### 📄 Description ### Summary This PR significantly reduces the Docker image size from **2.7GB to ~250MB** (over 90% reduction) by implementing a multi-stage build approach and removing unnecessary build dependencies from the final image. ### Changes Made #### 1. **Multi-Stage Build Architecture** - **Builder Stage**: Contains all build tools (Go, Node.js, Task, Goose, SQLC, golangci-lint) - **Runtime Stage**: Uses `debian:trixie-slim` with only essential runtime dependencies #### 2. **Dependency Optimization** **Removed from final image:** - Go compiler and toolchain - Node.js and npm - Task runner (except Goose for migrations) - SQLC and golangci-lint - Wget, unzip, git, and other build tools **Retained in final image:** - PostgreSQL clients (13-18) for backup operations - Goose binary for database migrations - Application binaries (`app` and `change-password`) - Static files #### 3. **Security Improvements** - Created non-root user `pgbackweb` for application execution - Removed build tools that could be exploited - Minimal attack surface with only required packages #### 4. **Migration Handling** - Migration files are copied to the final image for runtime use #### 5. **Build Process** - All compilation happens in the builder stage - Only compiled binaries and runtime dependencies are copied to final image ### Benefits - **10x smaller image** (2.7GB → ~250MB) - **Faster deployments** and reduced storage costs - **Improved security** with fewer packages and non-root user - **Same functionality** with optimized resource usage --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/pgbackweb#169
No description provided.