Docker image bloat: chown command creates 1.4GB layer #344
Description
Summary
The chown -R rhesis-user /app command in the backend Dockerfile creates a Docker layer of 1.4GB, significantly increasing build time and image size.
Steps to Reproduce
- Build the backend Docker image:
docker build -t rhesis-backend -f apps/backend/Dockerfile . - Check image size:
docker images rhesis-backend - Analyze layers:
docker history rhesis-backend - Observe the chown layer size
Expected Behavior
The chown operation should not duplicate file data in Docker layers, keeping the image size reasonable.
Actual Behavior
The chown command creates a 1.4GB layer because it modifies file ownership, causing Docker to store the entire directory tree twice (once in the original layer, once in the chown layer).
Environment
- Docker version: Any
- Base image: python:3.10.17-slim
- Affected files: apps/backend/Dockerfile (line 61), apps/frontend/Dockerfile (line 105)
Impact
- Frequency: 100% reproduction on every build
- Impact:
- 1.4GB additional size in backend image
- Much longer build times
- Increased network bandwidth for image pulls
- Both frontend and backend images affected
Root Cause
As described in https://gabnotes.org/posts/chowning-files-can-take-a-lot-of-space-in-a-docker-image, when chown modifies file ownership, Docker creates a new layer containing the entire modified directory tree, effectively duplicating the data.
Proposed Solutions
- uv install after creating user (easier but may create unexpected problems)
- Two-stage build (more complex but proper Docker best practice)
Acceptance Criteria
- Backend image size reduced by ~1.4GB
- Frontend image size optimized
- Build time significantly improved
- No functionality regression
- Proper user permissions maintained
Additional Context
Reference: https://gabnotes.org/posts/chowning-files-can-take-a-lot-of-space-in-a-docker-image