Refactored Dockerfile to reduce size. xDebug now a separate build stage

[davidjeddy]

What does this PR do?

• Reduce container image size from ~900MB to ~350MB.
• xDebug now an optional build variant

Test Plan

trivy image --format json --pkg-types  os,library --severity  CRITICAL,HIGH --output trivy-image-results.json appwrite/base:latest
container-structure-test test --config tests.yaml --image appwrite/base:latest
CI=true dive --config .dive-ci.yml appwrite/base:latest

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: dd422695-0143-49d3-b62e-dde865cd2fb7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch clo-4094-image-size-reduction-part-02

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR significantly refactors the Dockerfile to reduce the final image size (~900 MB → ~350 MB) by separating build tooling from the runtime image, compiling all PHP extensions (including the previously inline gd, intl, pdo_mysql, pdo_pgsql, sockets) in isolated build stages, stripping debug symbols from every .so file, and moving xdebug into an optional --target xdebug build variant that layers on top of final.

Key changes:

• All build-time -dev packages, compilers, and tools are now confined to the compile stage and its children — the final stage installs only runtime libraries.
• A new core-extensions build stage compiles and strips gd, intl, pdo_mysql, pdo_pgsql, and sockets; their .so files are then COPY-ed into final.
• Every extension .so is run through strip to remove ELF debug symbols, contributing to the size reduction.
• xdebug is no longer included in the default image; it is now a separate xdebug stage (FROM final AS xdebug) built with --target xdebug.
• Runtime library mappings look correct: icu-libs, libpq, lz4-libs, zstd-libs, brotli, yaml, libmaxminddb, libjpeg-turbo, libpng, libjxl, and icu-libs are all present in final.
• One real concern: docker-php-ext-install gd runs without a preceding docker-php-ext-configure gd --with-jpeg --with-freetype --with-webp, which may produce a GD build lacking JPEG/FreeType/WebP support — and the test suite does not validate those capabilities.
• The new xdebug build variant has no test coverage in tests.yaml, and there is no negative assertion verifying xdebug is absent from the base image.

Confidence Score: 3/5

• Merge with caution — the GD extension may silently lack JPEG/FreeType/WebP support, and the xdebug variant is untested.
• The overall architecture is sound and the runtime-library mapping is thorough. However, the missing docker-php-ext-configure gd step is a real functional risk (GD without JPEG/FreeType is a known silent failure mode in PHP Docker images), and neither the xdebug variant nor the GD format capabilities are covered by the test suite. These gaps lower confidence enough to warrant verification before merging.
• Dockerfile (lines 161-168: GD configure step) and tests.yaml (missing xdebug variant tests and GD capability assertions)

Important Files Changed

Filename	Overview
Dockerfile	Major refactor: build tools removed from final stage, all extensions stripped of debug symbols, new core-extensions build stage, and xdebug moved to an optional --target xdebug variant. The gd extension is installed without an explicit docker-php-ext-configure step, which may omit JPEG/FreeType/WebP support. Runtime library mappings (dev→runtime) look correct and complete.
tests.yaml	PHP version bump from 8.5.3 to 8.5.4. No test coverage added for the xdebug build variant, and no negative assertion that xdebug is absent from the base image.
CHANGES.md	Changelog updated to document the new xdebug optional variant, runtime-only final image, stripped .so files, and the new core-extensions build stage. Accurate and complete.
README.md	One-character typo fix: --confog corrected to --config in the dive command example.

Comments Outside Diff (1)

1. tests.yaml, line 1-10 (link)

   No test coverage for the xdebug build variant

   tests.yaml only covers the final stage. The new xdebug build variant (built with --target xdebug) has no corresponding test that verifies:

   1. xdebug appears in php -m output for the xdebug image.
   2. xdebug is absent from php -m output for the base final image (regression guard).

   Consider adding a separate tests-xdebug.yaml (or a conditional test block) and wiring it into the CI pipeline for --target xdebug builds.

_{Last reviewed commit: "Update CHANGES.md 1...."}

[greptile-apps]

GD extension missing explicit format configuration

docker-php-ext-install gd is called without a prior docker-php-ext-configure gd step. Without explicitly configuring JPEG, FreeType, and WebP support, PHP may build GD without those format backends, depending on how the configure script auto-detects headers.

The recommended pattern (same approach used in the official Docker PHP images) is:

RUN docker-php-ext-configure gd \
      --with-jpeg \
      --with-freetype \
      --with-webp && \
    docker-php-ext-install gd intl pdo_mysql pdo_pgsql sockets && \
    strip \
      $(php-config --extension-dir)/gd.so \
      ...

The dev headers (libjpeg-turbo-dev, libpng-dev, zlib-dev) are present in the compile stage, so the configure step would succeed. The current tests.yaml only verifies that the gd module appears in php -m — it does not validate that JPEG, FreeType, or WebP are available within GD, so a silently feature-reduced build could pass CI undetected.

[greptile-apps]

Stripping debug symbols from a debug extension

strip is applied to xdebug.so immediately after building it. Xdebug is a debugging and profiling tool; stripping its own ELF symbols does not affect its ability to debug PHP code (xdebug works at the PHP-opcode level, not via native stack unwinding of itself), so this won't break functionality.

However, if xdebug itself ever crashes, stripped symbols will make post-mortem analysis of xdebug's own C-level crash much harder. This is a minor trade-off worth being aware of, especially since the xdebug image variant is primarily intended for development/debugging use.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}