chore(gastown): Expand container Dockerfile with build tools, ripgrep, and common dev dependencies #1976
Description
Summary
The gastown container Dockerfile is too minimal for real-world development tasks. Agents frequently need tools that aren't installed:
- ripgrep (
rg) — agents attempt to use it constantly for code search. It's not installed, so they fall back to slowergrep -ror use the CLI's built-in search (which is less flexible). - build-essential — customer request. Many repos need
gcc/make/g++for native module compilation (node-gyp, Python C extensions, Rust FFI). - Common dev libraries —
libssl-dev,libffi-dev,zlib1g-dev, etc. are needed to build projects that have native dependencies.
Current State
The Dockerfile (container/Dockerfile) installs only:
git,git-lfscurl,ca-certificates- Node.js 24
ghCLI@kilocode/cli,@kilocode/plugin,pnpm
Proposed Dockerfile Change
Replace the current apt-get install block with a comprehensive dev toolchain:
FROM oven/bun:1-slim
RUN apt-get update && \
apt-get install -y --no-install-recommends \
# Version control
git \
git-lfs \
# Network / download
curl \
wget \
ca-certificates \
gnupg \
unzip \
# Build toolchain
build-essential \
autoconf \
# Search tools
ripgrep \
jq \
# Compression
bzip2 \
zstd \
# SSL / crypto
libssl-dev \
libffi-dev \
# Database client libs
libdb-dev \
libgdbm-dev \
libgdbm6 \
# Python build deps (for repos with Python)
libbz2-dev \
liblzma-dev \
libncurses5-dev \
libreadline-dev \
zlib1g-dev \
# Ruby build deps (for repos with Ruby)
libyaml-dev \
# Image processing (for repos with image pipelines)
libvips-dev \
# Browser/rendering (for repos with Puppeteer, Playwright)
libgbm1 \
# C++ stdlib (for native addons)
libc++1 \
# Math (for native crypto/ML deps)
libgmp-dev \
# Timezone data (for TZ-aware test suites)
tzdata \
&& curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-o /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends gh \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*Image Size Impact
The current image is ~350MB. Adding these packages will increase it to ~600-800MB. This is acceptable because:
- Cloudflare Containers cache layers — the base layer is pulled once per region
- Cold start is dominated by process startup, not image pull (after first pull)
- The alternative is agents failing on
rg,make,gcc, etc. and wasting LLM tokens on workarounds
If size becomes a concern, we could split into a "slim" and "full" image and let users choose via town settings. But for now, one comprehensive image is simpler.
Also Consider (future)
These are NOT in scope for this issue but worth noting:
- Python (
python3,python3-pip,python3-venv) — many repos need Python for scripts, tests, or tooling - Rust (
rustup) — growing number of repos have Rust components - Docker CLI — for repos that build/test with Docker
- .NET SDK (
dotnet-sdk-8.0) — customer request in [Gastown] Polecat containers missing libicu dependency for .NET tests #1654 forlibicu
These should be separate issues since they're large installs with their own configuration needs.
Dockerfile.dev
The dev Dockerfile (container/Dockerfile.dev) should receive the same changes for local development parity.
Files
cloudflare-gastown/container/Dockerfilecloudflare-gastown/container/Dockerfile.dev
Acceptance Criteria
-
ripgrep(rg) available in the container -
build-essential(gcc,g++,make) available -
jqavailable - All listed dev libraries installed
- Existing functionality unaffected (git, gh, node, bun, kilo, pnpm all still work)
-
Dockerfile.devupdated to match - Image builds successfully
- Agents can
rgfor code search without fallback