Optimize to increase rebuild speed (#48)

sei-jbooz · web-flow · commit 8f81e2b24606 · 2026-02-16T12:41:21.000-05:00
- Adds dockerignore to prevent accidental data leakage
- Combine unminimize and apt install layers -- unminimize does an `apt update` in the background already. Combining apt steps increases docker's ability to reuse context within the same layer and removes an extra `apt update` step
- Use a Docker cache mount for apt layer. Allows the build to reuse apt artifacts across rebuild
- Remove temp files from tool installs to reduce image size
- Postcreate installs a few tools in parallel instead of serially
- Poststart checks for claude code updates.  Since the Claude install is in the docker file, the installed version of claude is cached by docker on image build and may not update unless you ask for an update
diff --git a/.devcontainer/.dockerignore b/.devcontainer/.dockerignore
@@ -0,0 +1,4 @@
+# Prevent sensitive files from entering build context
+.aws/
+dev-certs/
+msbuild/
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM mcr.microsoft.com/devcontainers/dotnet:2.0.5-10.0-noble
 
 ARG TARGETARCH
@@ -12,9 +13,6 @@ RUN mkdir -p /etc/apt/keyrings && \
     curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarn.gpg && \
     echo "deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
 
-# Install man pages
-RUN yes | unminimize
-
 # Custom Cert Support
 COPY ./certs /usr/local/share/ca-certificates/custom/
 RUN find /usr/local/share/ca-certificates/custom -type f ! -name '*.crt' -delete \
@@ -27,13 +25,15 @@ ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt \
     REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
     PIP_CERT=/etc/ssl/certs/ca-certificates.crt
 
-# required for those running ARM builds, possibly confined only to Angular 16. Try back later.
-RUN apt update && apt install -y python3-dev
-
-RUN apt install -y \
+# Install man pages and additional packages
+# unminimize runs apt-get update internally, so the index is fresh for the install that follows
+# Use a docker cache mount to increase rebuild speed
+RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+    --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    yes | unminimize && \
+    apt-get install -y --no-install-recommends \
     php \
     php-cli
-
 # Install Vale
 ARG VALE_VERSION=3.12.0
 RUN set -eux; \
@@ -51,7 +51,8 @@ RUN set -eux; \
 
 # Install k-alias
 RUN git clone https://github.com/jaggedmountain/k-alias.git /tmp/k-alias && \
-    cp /tmp/k-alias/[h,k]* /usr/local/bin
+    cp /tmp/k-alias/[h,k]* /usr/local/bin && \
+    rm -rf /tmp/k-alias
 
 # Install AWS CLI with Session Manager Plugin
 RUN case "${TARGETARCH}" in \
@@ -65,7 +66,8 @@ RUN case "${TARGETARCH}" in \
     unzip -q /tmp/awscliv2.zip -d /tmp && \
     /tmp/aws/install --update && \
     curl "${SSM_URL}" -o /tmp/session-manager-plugin.deb && \
-    dpkg -i /tmp/session-manager-plugin.deb
+    dpkg -i /tmp/session-manager-plugin.deb && \
+    rm -rf /tmp/awscliv2.zip /tmp/aws /tmp/session-manager-plugin.deb
 
 # Configure AWS CLI bash completion
 RUN echo '' >> /home/vscode/.bashrc && \
diff --git a/.devcontainer/postcreate.sh b/.devcontainer/postcreate.sh
@@ -12,8 +12,20 @@ sudo chown -R $(whoami): /home/vscode/.claude
 scripts/clone-repos.sh
 scripts/add-moodle-mounts.sh
 
-curl -sSL https://aspire.dev/install.sh | bash
-dotnet tool install --global dotnet-ef --version 10
+echo "Installing tools..."
+
+(curl -sSL https://aspire.dev/install.sh | bash) &
+ASPIRE_PID=$!
+
+(dotnet tool install --global dotnet-ef --version 10) &
+DOTNET_EF_PID=$!
+
+(npm config -g set fund false && npm install -g @angular/cli@latest) &
+ANGULAR_PID=$!
+
+wait $ASPIRE_PID $DOTNET_EF_PID $ANGULAR_PID
+echo "Tool installs complete."
+
 dotnet dev-certs https --trust
 
 # Generate crucible-dev certificates
@@ -53,9 +65,6 @@ sudo update-ca-certificates
 
 echo "Crucible-dev certificates generated and trusted."
 
-npm config -g set fund false
-npm install -g @angular/cli@latest
-
 # Stage custom CA certs so Minikube trusts them
 CUSTOM_CERT_SOURCE="/usr/local/share/ca-certificates/custom"
 MINIKUBE_CERT_DEST="${HOME}/.minikube/files/etc/ssl/certs/custom"
diff --git a/.devcontainer/poststart.sh b/.devcontainer/poststart.sh
@@ -2,6 +2,8 @@
 # Copyright 2025 Carnegie Mellon University. All Rights Reserved.
 # Released under a MIT (SEI)-style license. See LICENSE.md in the project root for license information.
 
+claude update &
+
 scripts/sync-repos.sh --pull
 
 # Welcome message
