From 7b324196e76005f90cbcb656fcd517f7e4d423ec Mon Sep 17 00:00:00 2001
From: Jeff Wong <awole20@gmail.com>
Date: Mon, 14 Oct 2024 23:47:09 -0700
Subject: [PATCH 1/5] DEV: slim image, drop unused packages and use cache
 mounts

apt using caches for /var/cache/apt, /var/cache/debconf, and var/lib/apt.

Ensure /usr/share/doc and /usr/share/man do not get saved to the image by
mounting temporary folders to paths.

Drop autoconf and build-essential from installs, in favor of selective cmake,
g++, pkg-config, and patch packages.

drop apt-get -y upgrade in dockerfile. We should inherit upgrades from base
images. No need to apt-mark hold initscripts now that we're not running `upgrade`

Remove calls to vim as we no longer install vim here. Remove comment for
slimming locales as we have now done so.
---
 image/base/Dockerfile | 85 +++++++++++++++++++++++++++++++++----------
 1 file changed, 65 insertions(+), 20 deletions(-)

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index 2624f0aeb..c4d925e6d 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -23,13 +23,27 @@ RUN groupadd --gid 104 postgres &&\
 
 RUN echo 2.0.`date +%Y%m%d` > /VERSION
 RUN echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"
-RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping
+RUN --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  echo "debconf debconf/frontend select Teletype" | debconf-set-selections
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  --mount=type=tmpfs,target=/var/log \
+  apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping
+
 RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true"
-RUN apt-mark hold initscripts
-RUN apt-get -y upgrade
 
-RUN DEBIAN_FRONTEND=noninteractive apt-get install -y locales
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  --mount=type=tmpfs,target=/var/log \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y locales
+
 ENV LC_ALL en_US.UTF-8
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US.UTF-8
@@ -40,14 +54,35 @@ RUN install -d /usr/share/postgresql-common/pgdg &&\
     curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc &&\
     echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list
 
-RUN curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/var/log \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
 RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
-RUN apt-get -y update
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  apt-get -y update
+
 # install these without recommends to avoid pulling in e.g.
 # X11 libraries, mailutils
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y install autoconf build-essential ca-certificates rsync \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  DEBIAN_FRONTEND=noninteractive apt-get -y install ca-certificates rsync \
+    cmake g++ pkg-config patch \
     libxslt-dev libcurl4-openssl-dev \
     libssl-dev libyaml-dev libtool \
     libpcre3 libpcre3-dev zlib1g zlib1g-dev \
@@ -63,7 +98,13 @@ RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
 RUN sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf
 RUN dpkg-divert --local --rename --add /sbin/initctl
 RUN sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"
-RUN cd / &&\
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  --mount=type=tmpfs,target=/root/.npm \
+  cd / &&\
     DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat &&\
     mkdir -p /etc/runit/1.d &&\
     apt-get clean &&\
@@ -72,7 +113,12 @@ RUN cd / &&\
     npm install -g terser uglify-js pnpm
 
 ADD install-imagemagick /tmp/install-imagemagick
-RUN /tmp/install-imagemagick
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  --mount=type=tmpfs,target=/usr/share/doc \
+  --mount=type=tmpfs,target=/usr/share/man \
+  /tmp/install-imagemagick
 
 ADD install-jemalloc /tmp/install-jemalloc
 RUN /tmp/install-jemalloc
@@ -81,7 +127,10 @@ RUN /tmp/install-jemalloc
 ADD nginx_public_keys.key /tmp/nginx_public_keys.key
 ADD install-nginx /tmp/install-nginx
 
-RUN gpg --import /tmp/nginx_public_keys.key &&\
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    gpg --import /tmp/nginx_public_keys.key &&\
     rm /tmp/nginx_public_keys.key &&\
     /tmp/install-nginx
 
@@ -89,7 +138,10 @@ ADD install-redis /tmp/install-redis
 RUN /tmp/install-redis
 
 ADD install-oxipng /tmp/install-oxipng
-RUN /tmp/install-oxipng
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/cache/debconf,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    /tmp/install-oxipng
 
 RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
     gem update --system
@@ -107,10 +159,6 @@ RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c
 # clean up for docker squash
 RUN rm -fr /usr/share/man &&\
     rm -fr /usr/share/doc &&\
-    rm -fr /usr/share/vim/vim74/doc &&\
-    rm -fr /usr/share/vim/vim74/lang &&\
-    rm -fr /usr/share/vim/vim74/spell/en* &&\
-    rm -fr /usr/share/vim/vim74/tutor &&\
     rm -fr /usr/local/share/doc &&\
     rm -fr /usr/local/share/ri &&\
     rm -fr /var/lib/apt/lists/* &&\
@@ -118,9 +166,6 @@ RUN rm -fr /usr/share/man &&\
     rm -fr /root/.npm &&\
     rm -fr /tmp/*
 
-# this can probably be done, but I worry that people changing PG locales will have issues
-# cd /usr/share/locale && rm -fr `ls -d */ | grep -v en`
-
 # this is required for aarch64 which uses buildx
 # see https://github.com/docker/buildx/issues/150
 RUN rm -f /etc/service

From 5b0cd2712f0486c47825e195de3614f53472f73c Mon Sep 17 00:00:00 2001
From: Jeff Wong <awole20@gmail.com>
Date: Tue, 15 Oct 2024 23:22:47 -0700
Subject: [PATCH 2/5] DEV: merge apt installs

remove tmpfs in favor of nodoc which already is in slim
---
 image/base/Dockerfile | 84 ++++++++++++++-----------------------------
 1 file changed, 27 insertions(+), 57 deletions(-)

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index c4d925e6d..7ae537337 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -29,70 +29,47 @@ RUN --mount=type=cache,target=/var/cache/debconf,sharing=locked \
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/cache/debconf,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
   --mount=type=tmpfs,target=/var/log \
-  apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping
-
-RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true"
+  apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping locales \
+    ca-certificates rsync \
+    cmake g++ pkg-config patch \
+    libxslt-dev libcurl4-openssl-dev \
+    libssl-dev libyaml-dev libtool \
+    libpcre3 libpcre3-dev zlib1g zlib1g-dev \
+    libxml2-dev gawk parallel \
+    libpq-dev postgresql-client \
+    libreadline-dev anacron wget \
+    psmisc whois brotli libunwind-dev \
+    libtcmalloc-minimal4 cmake \
+    pngcrush pngquant ripgrep poppler-utils
 
+# install these without recommends to avoid pulling in e.g.
+# X11 libraries, mailutils
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/cache/debconf,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
   --mount=type=tmpfs,target=/var/log \
-  DEBIAN_FRONTEND=noninteractive apt-get install -y locales
-
-ENV LC_ALL en_US.UTF-8
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US.UTF-8
-RUN sed -i "s/^# $LANG/$LANG/" /etc/locale.gen; \
-    locale-gen
+  DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
 
 RUN install -d /usr/share/postgresql-common/pgdg &&\
     curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc &&\
     echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list
 
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/var/log \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
-  curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
 RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  apt-get -y update
 
-# install these without recommends to avoid pulling in e.g.
-# X11 libraries, mailutils
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
-  DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
+ENV LC_ALL=en_US.UTF-8
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US.UTF-8
+RUN sed -i "s/^# $LANG/$LANG/" /etc/locale.gen; \
+    locale-gen
+
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/cache/debconf,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
-  DEBIAN_FRONTEND=noninteractive apt-get -y install ca-certificates rsync \
-    cmake g++ pkg-config patch \
-    libxslt-dev libcurl4-openssl-dev \
-    libssl-dev libyaml-dev libtool \
-    libpcre3 libpcre3-dev zlib1g zlib1g-dev \
-    libxml2-dev gawk parallel \
-    postgresql-${PG_MAJOR} postgresql-client \
-    postgresql-contrib-${PG_MAJOR} libpq-dev postgresql-${PG_MAJOR}-pgvector \
-    libreadline-dev anacron wget \
-    psmisc whois brotli libunwind-dev \
-    libtcmalloc-minimal4 cmake \
-    pngcrush pngquant ripgrep poppler-utils
+  --mount=type=tmpfs,target=/var/log \
+  curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
+
 RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron
 RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
 RUN sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf
@@ -101,14 +78,11 @@ RUN sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/cache/debconf,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
   --mount=type=tmpfs,target=/root/.npm \
   cd / &&\
-    DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat &&\
+    apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat \
+    postgresql-${PG_MAJOR} postgresql-contrib-${PG_MAJOR} postgresql-${PG_MAJOR}-pgvector &&\
     mkdir -p /etc/runit/1.d &&\
-    apt-get clean &&\
-    rm -f /etc/apt/apt.conf.d/40proxy &&\
     DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs yarn &&\
     npm install -g terser uglify-js pnpm
 
@@ -116,8 +90,6 @@ ADD install-imagemagick /tmp/install-imagemagick
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/cache/debconf,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/usr/share/doc \
-  --mount=type=tmpfs,target=/usr/share/man \
   /tmp/install-imagemagick
 
 ADD install-jemalloc /tmp/install-jemalloc
@@ -157,9 +129,7 @@ ADD thpoff.c /src/thpoff.c
 RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c
 
 # clean up for docker squash
-RUN rm -fr /usr/share/man &&\
-    rm -fr /usr/share/doc &&\
-    rm -fr /usr/local/share/doc &&\
+RUN rm -fr /usr/local/share/doc &&\
     rm -fr /usr/local/share/ri &&\
     rm -fr /var/lib/apt/lists/* &&\
     rm -fr /root/.gem &&\

From 8b8124bb5530a55b5543ddee7d087a96af91a586 Mon Sep 17 00:00:00 2001
From: Jeff Wong <awole20@gmail.com>
Date: Wed, 16 Oct 2024 10:06:59 -0700
Subject: [PATCH 3/5] DEV: merge all apt layers

minimize amount of --mount arguments in dockerfile
---
 image/base/Dockerfile | 52 +++++++++++++++++--------------------------
 1 file changed, 20 insertions(+), 32 deletions(-)

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index 7ae537337..f86447392 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -23,13 +23,12 @@ RUN groupadd --gid 104 postgres &&\
 
 RUN echo 2.0.`date +%Y%m%d` > /VERSION
 RUN echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"
-RUN --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  echo "debconf debconf/frontend select Teletype" | debconf-set-selections
 
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,target=/var/cache/debconf,sharing=locked \
   --mount=type=cache,target=/var/lib/apt,sharing=locked \
   --mount=type=tmpfs,target=/var/log \
+  echo "debconf debconf/frontend select Teletype" | debconf-set-selections; \
   apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping locales \
     ca-certificates rsync \
     cmake g++ pkg-config patch \
@@ -41,22 +40,30 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     libreadline-dev anacron wget \
     psmisc whois brotli libunwind-dev \
     libtcmalloc-minimal4 cmake \
-    pngcrush pngquant ripgrep poppler-utils
+    pngcrush pngquant ripgrep poppler-utils; \
 
 # install these without recommends to avoid pulling in e.g.
 # X11 libraries, mailutils
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/var/log \
-  DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
+    DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less; \
 
-RUN install -d /usr/share/postgresql-common/pgdg &&\
+    install -d /usr/share/postgresql-common/pgdg &&\
     curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc &&\
-    echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list
+    echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \
 
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
+    curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -; \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list; \
+
+    curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -; \
+
+    sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron; \
+    sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf; \
+    sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf; \
+    dpkg-divert --local --rename --add /sbin/initctl; \
+    sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"; \
+    apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat \
+    postgresql-${PG_MAJOR} postgresql-contrib-${PG_MAJOR} postgresql-${PG_MAJOR}-pgvector \
+    nodejs yarn &&\
+    mkdir -p /etc/runit/1.d
 
 ENV LC_ALL=en_US.UTF-8
 ENV LANG=en_US.UTF-8
@@ -64,26 +71,7 @@ ENV LANGUAGE=en_US.UTF-8
 RUN sed -i "s/^# $LANG/$LANG/" /etc/locale.gen; \
     locale-gen
 
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/var/log \
-  curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
-
-RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron
-RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
-RUN sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf
-RUN dpkg-divert --local --rename --add /sbin/initctl
-RUN sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,target=/var/cache/debconf,sharing=locked \
-  --mount=type=cache,target=/var/lib/apt,sharing=locked \
-  --mount=type=tmpfs,target=/root/.npm \
-  cd / &&\
-    apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat \
-    postgresql-${PG_MAJOR} postgresql-contrib-${PG_MAJOR} postgresql-${PG_MAJOR}-pgvector &&\
-    mkdir -p /etc/runit/1.d &&\
-    DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs yarn &&\
+RUN --mount=type=tmpfs,target=/root/.npm \
     npm install -g terser uglify-js pnpm
 
 ADD install-imagemagick /tmp/install-imagemagick

From 62d83644c713aec3df8437597f33c40b3efdd283 Mon Sep 17 00:00:00 2001
From: Jeff Wong <awole20@gmail.com>
Date: Wed, 16 Oct 2024 10:11:24 -0700
Subject: [PATCH 4/5] DEV: bundle libpq and postgres-client with postgres
 install

---
 image/base/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index f86447392..145e6a875 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -36,7 +36,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     libssl-dev libyaml-dev libtool \
     libpcre3 libpcre3-dev zlib1g zlib1g-dev \
     libxml2-dev gawk parallel \
-    libpq-dev postgresql-client \
     libreadline-dev anacron wget \
     psmisc whois brotli libunwind-dev \
     libtcmalloc-minimal4 cmake \
@@ -61,6 +60,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     dpkg-divert --local --rename --add /sbin/initctl; \
     sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"; \
     apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat \
+    libpq-dev postgresql-client \
     postgresql-${PG_MAJOR} postgresql-contrib-${PG_MAJOR} postgresql-${PG_MAJOR}-pgvector \
     nodejs yarn &&\
     mkdir -p /etc/runit/1.d

From 9c70f086b4144ae17da05c6f9cbb6e923332e8d9 Mon Sep 17 00:00:00 2001
From: Jeff Wong <awole20@gmail.com>
Date: Wed, 16 Oct 2024 10:21:56 -0700
Subject: [PATCH 5/5] FIX: no blank lines allowed - add comments to separate
 multiline run blocks

---
 image/base/Dockerfile | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index 145e6a875..631ddb8c1 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -40,20 +40,19 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     psmisc whois brotli libunwind-dev \
     libtcmalloc-minimal4 cmake \
     pngcrush pngquant ripgrep poppler-utils; \
-
 # install these without recommends to avoid pulling in e.g.
 # X11 libraries, mailutils
     DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less; \
-
+# postgres packages
     install -d /usr/share/postgresql-common/pgdg &&\
     curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc &&\
     echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \
-
+# yarn packages
     curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -; \
     echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list; \
-
+# node packages
     curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -; \
-
+# setup anacron, rsyslog, initctl
     sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron; \
     sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf; \
     sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf; \