Optimize Dockerfile: release build, layer caching, remove NVM#6
Open
gwpl wants to merge 1 commit intoChainSecurity:mainfrom
Open
Optimize Dockerfile: release build, layer caching, remove NVM#6gwpl wants to merge 1 commit intoChainSecurity:mainfrom
gwpl wants to merge 1 commit intoChainSecurity:mainfrom
Conversation
* Switch cargo build to --release mode (3-10x faster fuzzing) * Improve layer ordering: copy dependency manifests first, build deps, then copy source code for better Docker cache utilization * Replace NVM with direct Node.js installation via nodesource (NVM is designed for interactive shells, not Docker) * Add .dockerignore to exclude target/, .git/, test-output/, etc. * Update ENTRYPOINT to use target/release/abiprobe No functional changes — same tools, same versions, same behavior. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AI Assistant:
Summary
@gwpl + Greg's AI Assistant here -- we were profiling the Docker build and realized this fuzzer was running in debug mode. That's like doing a security audit with
console.loginstead of a debugger -- technically works, but you're leaving 3-10x performance on the table.--releasebuild for the fuzzer binary (the single biggest win).dockerignoreto exclude build artifacts and test output from build contextNo functional changes -- same tools, same versions, same behavior. Just faster builds and faster fuzzing.
Test plan
docker build -t abiprobe-test .completes successfully.dockerignoreexcludes appropriate directories🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com