Skip to content

chore: optimize docker image to alpine, add job-level ci conditions, and add deployment docs#9

Merged
kenneth-loto merged 2 commits into
developfrom
chore/docker-alpine-optimization-and-ci-job-conditions
Jul 1, 2026
Merged

chore: optimize docker image to alpine, add job-level ci conditions, and add deployment docs#9
kenneth-loto merged 2 commits into
developfrom
chore/docker-alpine-optimization-and-ci-job-conditions

Conversation

@kenneth-loto

Copy link
Copy Markdown
Owner

Summary

Cuts the Docker image size by 55% with an Alpine base and dependency pruning, reduces CI runner cost by moving change detection conditions to job level, and adds deployment documentation.

What's Changed

  • Switched Dockerfile base image from node:22-slim to node:22-alpine, reducing the production image from 907 MB to 406 MB
  • Added --omit=peer to the install step preventing @prisma/client from pulling the Prisma CLI and TypeScript compiler into the production layer
  • Added WASM query compiler pruning to keep only the PostgreSQL engine and drop the four unused database engine files
  • Moved 14 step-level if: needs.changes.outputs.code == 'true' conditions in ci.yml to job level so skipped jobs don't provision runners, saving runner minutes on non-code pushes
  • Created DEPLOYMENT.md with a full deploy guide
  • Added a Deployment section to README.md
  • Created .env.example listing all required environment variable names with empty values

Why

The 907 MB image was primarily bloated by peer dependencies pulled in transitively by @prisma/client and by four WASM query compiler files for database engines the app never uses. Alpine and --omit=peer are low-risk changes for a NestJS app with no native module dependencies. Moving change detection to job level rather than step level means the runner is never provisioned at all for non-code changes, not just skipped partway through, which is a meaningful cost reduction on a busy branch.

kenneth-loto and others added 2 commits June 30, 2026 23:53
Merges the completed User module with create, update, and delete endpoints and test coverage, improved Prisma error messages for P2002, P2025, and P2003, enableShutdownHooks for graceful termination, onPoolError logging in PrismaService, the corrected e2e test, readme fixes, and the rootDir tsconfig.build.json fix resolving the start:prod build path bug from develop into main.
…and add deployment docs

- switch Dockerfile base from node:22-slim to node:22-alpine reducing image size from 907mb to
406mb
- add --omit=peer to npm install preventing @prisma/client from pulling prisma cli and typescript
into the production image
- prune wasm query compiler files keeping only postgresql and dropping the other four database
engines
- move 14 step-level if conditions in ci.yml to job-level so skipped jobs do not provision runners
at all
- create DEPLOYMENT.md with full deploy guide
- add deployment section to README.md
- create .env.example with all env var names and empty values
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Base branch auto-updated: This PR has been redirected from main to develop. Please ensure feature, fix, or chore branches are integrated into develop before production releases.

@github-actions github-actions Bot changed the base branch from main to develop July 1, 2026 03:47
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/ci.yml

PackageVersionLicenseIssue Type
docker/build-push-action6.*.*NullUnknown License
docker/login-action3.*.*NullUnknown License
docker/setup-buildx-action3.*.*NullUnknown License
Allowed Licenses: MIT, Apache-2.0, ISC, BSD-2-Clause, BSD-3-Clause

OpenSSF Scorecard

PackageVersionScoreDetails
actions/docker/build-push-action 6.*.* 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/login-action 3.*.* 🟢 8.5
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/setup-buildx-action 3.*.* 🟢 8.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • .github/workflows/ci.yml

@kenneth-loto kenneth-loto merged commit e6aabb5 into develop Jul 1, 2026
11 checks passed
@kenneth-loto kenneth-loto deleted the chore/docker-alpine-optimization-and-ci-job-conditions branch July 1, 2026 03:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant