perf(docker): improve all images build cache efficiency#3025
Conversation
dosubot
Bot
added
size:L
Codecov Report✅ All modified and coverable lines are covered by tests.
Additional details and impacted files@@ Coverage Diff @@
## master #3025 +/- ##
============================================
- Coverage 35.85% 1.56% -34.30%
+ Complexity 338 43 -295
============================================
Files 802 781 -21
Lines 67995 65524 -2471
Branches 8902 8457 -445
============================================
- Hits 24381 1026 -23355
- Misses 41008 64412 +23404
+ Partials 2606 86 -2520 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR aims to improve Docker build cache efficiency for HugeGraph PD, Store, and Server images by adding Docker context filtering and BuildKit/Maven cache-related Dockerfile changes.
Changes:
- Adds a new root
.dockerignore. - Updates four Dockerfiles to use a pom-only copy layer and Maven cache mounts.
- Removes some runtime packages and cleanup/startup commands from image build stages.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
.dockerignore |
Adds Docker build-context exclusions. |
hugegraph-pd/Dockerfile |
Refactors PD image build layers and runtime dependency install. |
hugegraph-store/Dockerfile |
Refactors Store image build layers and runtime dependency install. |
hugegraph-server/Dockerfile |
Refactors Server image build layers and runtime dependency install. |
hugegraph-server/Dockerfile-hstore |
Refactors hstore Server image build layers and runtime dependency install. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add .dockerignore to reduce build context noise (defer to .gitignore, add **/target/ and Docker-specific extras explicitly) - Refactor all 4 Dockerfiles: pom-first COPY layer + BuildKit .m2 cache mount - Add # syntax=docker/dockerfile:1 for compatibility with older Docker versions - Restore cron in runtime stage to preserve optional monitor support - Remove dead code: vim, service cron start, rm libc-bin hack, set -x, pwd&&cd - Update server-ci.yml ubuntu-22.04 -> ubuntu-latest (resolves existing TODO)
imbajin
left a comment
imbajin
left a comment
There was a problem hiding this comment.
Direction is right but a few blockers remain. See inline for net-new findings; +1'd Copilot's threads on the labs syntax / pom-only layer / root-pom glob (those are correct). Body-level: README/BUILDING should also note the new BuildKit ≥ 0.20 requirement, and removing vim is a behavioral change worth calling out in the commit body for ops folks who exec into containers.
| # NOTE: This file intentionally stays minimal. | ||
| **/target/ | ||
| # Most patterns (IDE files, build artifacts, logs, OS files) are already | ||
| # covered by .gitignore. Only Docker-specific extras are listed here. |
There was a problem hiding this comment.
.gitignore. As a result, locally-extracted release dirs (apache-hugegraph-*/, measured at ~790 MB on a normal dev checkout), .idea/, node_modules/, logs/, *.iml, *.class, gen-java/, upload-files/, .vscode/, *.tar.gz, dist/, build/ all leak into every build's context, defeating the cache work in this PR (and risking IDE / secret leakage into image layers).
| # covered by .gitignore. Only Docker-specific extras are listed here. | |
| **/target/ | |
| # IMPORTANT: .dockerignore does NOT inherit .gitignore — patterns must be restated. | |
| # Pre-extracted release dirs / archives | |
| apache-hugegraph-*/ | |
| **/*.tar | |
| **/*.tar.gz* | |
| **/*.zip | |
| **/*.war | |
| # IDE / OS | |
| .idea/ | |
| .vscode/ | |
| **/*.iml | |
| **/*.iws | |
| **/.DS_Store | |
| # Build / runtime artifacts | |
| **/logs/ | |
| **/*.log | |
| **/*.class | |
| **/gen-java/ | |
| **/upload-files/ | |
| **/dist/ | |
| **/build/ | |
| **/node_modules/ | |
| # Env files | |
| .env.local | |
| .env.*.local | |
| # Git internals | |
| .git | |
| .gitignore | |
| .gitattributes | |
| .github | |
| # Compose / docs not needed in build context | |
| **/docker-compose*.yml | |
| **/docker-compose*.yaml | |
| **/*.md | |
| docs/ |
| build-server: | ||
| # TODO: we need test & replace it to ubuntu-24.04 or ubuntu-latest | ||
| runs-on: ubuntu-22.04 | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
- Scope creep: bumping
ubuntu-22.04 → ubuntu-latestis unrelated to the Docker cache work in this PR. The original# TODOwas a deliberate guard (Ubuntu 24.04 changed default Java, removed legacy packages). Suggest reverting in this PR and splitting into a focused follow-up. ubuntu-latestdrifts when GitHub flips the alias — pin explicitly:
| runs-on: ubuntu-latest | |
| runs-on: ubuntu-24.04 |
Flagging here since it's the only CI file touched: there is no CI workflow that exercises any Dockerfile (verified — zero docker build references under .github/workflows/). PR's verification is "run docker build locally". Future regressions will ship silently. Consider adding a build-only smoke job:
docker-build:
runs-on: ubuntu-24.04
strategy:
matrix:
dockerfile:
- hugegraph-pd/Dockerfile
- hugegraph-store/Dockerfile
- hugegraph-server/Dockerfile
- hugegraph-server/Dockerfile-hstore
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- run: docker buildx build -f ${{ matrix.dockerfile }} --load .There was a problem hiding this comment.
Reverted it back , I was mainly testing what would break with ubuntu-latest. Also added smoke test 🫡
| dumb-init \ | ||
| procps \ | ||
| curl \ | ||
| lsof \ |
There was a problem hiding this comment.
🧹 Pre-existing issue (not a regression from this PR, but worth fixing while in the area): the cron package stays installed in the runtime image (~3 MB), but no cron daemon is ever started — dumb-init only execs docker-entrypoint.sh. This means start-hugegraph.sh -m true silently fails to fire its scheduled monitor job, even though crontab_append returns success. Either:
- Drop
cronentirely (saves ~3 MB and removes the false impression that monitor mode works), or - Start cron in
docker-entrypoint.sh(cron &before the server start) so the feature actually works.
Same applies to Dockerfile-hstore and the PD / Store Dockerfiles.
There was a problem hiding this comment.
removed cron from the runtime images for now since properly enabling it would expand the scope of this PR. happy to work on enabling this feature later in a follow up pr if u want
- remove ineffective pom-only COPY optimization - remove unused cron package from runtime images - keep vim for container debugging workflows - add Maven cache mounts for faster rebuilds - expand .dockerignore to exclude IDE files, archives, logs, generated artifacts, and local build outputs - simplify Docker build flow and reduce unnecessary build context size
|
The full path that gets excluded is: The last path component is dist, so |
|
Thanks for iterating on the Docker cache changes. The cache direction looks good, and besides the monitor/runtime compatibility point below plus the small I think we should keep the runtime behavior unchanged in this PR. Today the image still exposes the legacy monitor path: After removing I agree that the crontab-based monitor is not the ideal long-term model for Docker. For container users, the better direction is probably a Docker-native lifecycle model: That can then be paired with: But this is a runtime behavior/design change, not just a build-cache optimization. It also needs documentation, because standalone Docker healthcheck only marks the container as unhealthy and does not restart it by itself; users still need a restart policy, or an entrypoint watchdog that exits the container after repeated failures. So for this PR, I suggest the lowest-risk path:
In short: |
Thanks for the review !!
Makess. sensee
should i also remove
ill make a follow up pr as soon as my end sems exams are overrr 🫡 |
- Fix .gitattribut -> .gitattributes typo in .dockerignore - Fix **/*.tar.gz* -> **/*.tar.gz (remove unintended trailing wildcard) - Remove **/target/dist/ (redundant, already covered by **/target/) - Restore cron to apt-get install in all 4 Dockerfiles to keep the existing start-hugegraph.sh -m true monitor path working
|
Yes, For the archive patterns, I think it is fine to exclude local The only thing I would like to confirm is validation: please make sure all four Docker images still build successfully and the new images can start normally after these ignore rules are applied. If that is verified, excluding these archive files sounds good to me. |
validated all 4 images locally ,all build successfully and the runtime contents look correct (artifacts in place, cron installed). The .dockerignore archive patterns don't exclude anything the build actually needs since everything gets rebuilt from source inside the build stage anyway.
|
imbajin
left a comment
imbajin
left a comment
There was a problem hiding this comment.
Thanks for the follow-up validation. The Docker build CI is green, the four images were validated locally, and the compose runtime check confirms the containers come up healthy. I also updated the PR description to match the current implementation: vim / cron are kept, while the ineffective build-time service cron start and dead cleanup/debug commands are removed.
Looks good to me now.
imbajin
changed the title
Purpose of the PR
close #2977
Main Changes
.dockerignore(new file).dockerignoredoes not inherit.gitignoreAll 4 Dockerfiles
--mount=type=cache,target=/root/.m2onmvn package— deps cached across repeated buildsvimandcronin the runtime images to preserve existing container debugging workflows and the currentstart-hugegraph.sh -m truemonitor pathservice cron start,rm /var/lib/dpkg/info/libc-bin.*, and other dead cleanup/debug commands from runtime stagesVerifying these changes
Does this PR potentially affect the following parts?
Documentation Status
Doc - No Need