Leverage caching to reduce build times

One paragraph explainer

Docker images are a combination of layers, each instruction in your Dockerfile creates a layer. The docker daemon can reuse those layers between builds if the instructions are identical or in the case of a COPY or ADD files used are identical. If the cache can’t be used for a particular layer all the subsequent layers will be invalidated too. That’s why order is important. It is crucial to layout your Dockerfile correctly to reduce the number of moving parts in your build; the less updated instructions should be at the top and the ones constantly changing (like app code) should be at the bottom. It’s also important to think that instructions that trigger long operation should be close to the top to ensure they happen only when really necessary (unless it changes every time you build your docker image). Rebuilding a whole docker image from cache can be nearly instantaneous if done correctly.

Docker layers

Rules

Avoid LABEL that change all the time

If you have a label containing the build number at the top of your Dockerfile, the cache will be invalidated at every build

  1. #Beginning of the file
  2. FROM node:10.22.0-alpine3.11 as builder
  4. # Don't do that here!
  5. LABEL build_number="483"
  7. #... Rest of the Dockerfile

Have a good .dockerignore file

See: On the importance of docker ignore

The docker ignore avoids copying files that could bust our cache logic, like tests results reports, logs or temporary files.

Install “system” packages first

It is recommended to create a base docker image that has all the system packages you use. If you really need to install packages using apt,yum,apk or the likes, this should be one of the first instructions. You don’t want to reinstall make,gcc or g++ every time you build your node app. Do not install package only for convenience, this is a production app.

First, only ADD your package.json and your lockfile

  1. COPY "package.json" "package-lock.json" "./"
  2. RUN npm ci

The lockfile and the package.json change less often. Copying them first will keep the npm install step in the cache, this saves precious time.

Then copy your files and run build step (if needed)

  1. COPY . .
  2. RUN npm run build

Examples

Basic Example with node_modules needing OS dependencies

  1. #Create node image version alias
  2. FROM node:10.22.0-alpine3.11 as builder
  4. RUN apk add --no-cache \
  5.     build-base \
  6.     gcc \
  7.     g++ \
  8.     make
  10. USER node
  11. WORKDIR /app
  12. COPY "package.json" "package-lock.json" "./"
  13. RUN npm ci --production
  14. COPY . "./"
  16. FROM node as app
  17. USER node
  18. WORKDIR /app
  19. COPY --from=builder /app/ "./"
  20. RUN npm prune --production
  22. CMD ["node", "dist/server.js"]

Example with a build step (when using typescript for example)

  1. #Create node image version alias
  2. FROM node:10.22.0-alpine3.11 as builder
  4. RUN apk add --no-cache \
  5.     build-base \
  6.     gcc \
  7.     g++ \
  8.     make
  10. USER node
  11. WORKDIR /app
  12. COPY "package.json" "package-lock.json" "./"
  13. RUN npm ci
  14. COPY . .
  15. RUN npm run build
  17. FROM node as app
  18. USER node
  19. WORKDIR /app
  20. # Only copying the files that we need
  21. COPY --from=builder /app/node_modules node_modules
  22. COPY --from=builder /app/package.json .
  23. COPY --from=builder /app/dist dist
  24. RUN npm prune --production
  26. CMD ["node", "dist/server.js"]

Useful links

Docker docks: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache