Skip to content

build: add alpine-based dockerfile #5732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
outlook84 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build: add alpine-based dockerfile #5732

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions Dockerfile.alpine
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# ======== Stage 1: Builder ========
FROM python:3.12-alpine AS builder
WORKDIR /AstrBot

# Install build-time dependencies only
RUN apk add --no-cache \
gcc \
git \
musl-dev \
libffi-dev \
openssl-dev \
make

# Install uv and generate + install Python deps
COPY . .
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To optimize Docker layer caching, it's recommended to copy only the files required for dependency installation first (e.g., pyproject.toml), install the dependencies, and then copy the rest of the source code. The current COPY . . command invalidates the cache for the dependency installation layer whenever any file in the project changes, leading to longer build times.

RUN python -m pip install --no-cache-dir uv \
&& echo "3.12" > .python-version \
&& uv lock \
&& uv export --format requirements.txt --output-file requirements.txt --frozen \
&& uv pip install -r requirements.txt --no-cache-dir --system \
&& uv pip install socksio pilk --no-cache-dir --system
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The dependencies socksio and pilk are installed in a separate step. For better maintainability and to have a single source of truth for all Python dependencies, consider adding them to your pyproject.toml file. This would allow uv to manage them along with all other project dependencies.


# ======== Stage 2: Runtime ========
FROM python:3.12-alpine
WORKDIR /AstrBot

ENV TZ=Asia/Shanghai

# Install runtime-only dependencies
RUN apk add --no-cache \
ca-certificates \
bash \
ffmpeg \
git \
nodejs \
Comment on lines +34 to +35
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The runtime image includes git and nodejs, which contribute significantly to the image size. Please verify if they are both strictly necessary at runtime. If they are only needed during the build process (e.g., git for fetching dependencies, nodejs for building assets), they should be confined to the builder stage to keep the final image as lean as possible.

tzdata

# Copy installed Python packages from builder
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin

# Copy application source
COPY . /AstrBot/
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This command copies the application source from the build context, not from the builder stage. This can lead to inconsistencies if the code changes between stages and may inadvertently include local files (like .git or .env) in the final image. It's safer and more consistent to copy the source code from the builder stage, which is where dependencies were installed against.

COPY --from=builder /AstrBot/ /AstrBot/


EXPOSE 6185

CMD ["python", "main.py"]