Skip to content

perf(combos): move gettext-base+curl to the benchmark base (drop per-combo standalone apt)#236

Merged
elronbandel merged 1 commit into
mainfrom
elron/standalone-apt-to-base
Jun 28, 2026
Merged

perf(combos): move gettext-base+curl to the benchmark base (drop per-combo standalone apt)#236
elronbandel merged 1 commit into
mainfrom
elron/standalone-apt-to-base

Conversation

@elronbandel

@elronbandel elronbandel commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

What

Move gettext-base (+curl where missing) into the 6 benchmark bases, and delete the per-combo apt-get from standalone.Dockerfile.

Why

The -standalone build ran apt-get install gettext-base curl on top of each per-combo eval-base. That single RUN:

  • can't cache — it sits above a per-combo FROM eval-base, so it's invalidated for every one of the ~6,400 standalones;
  • runs emulated under QEMU on the arm64 leg (combos build via buildx --platform on one runner, not native-per-arch).

It was the combo-build bottleneck — ~37 min/shard, while the lean combo itself is pure COPY. Moving the deps into the base (built once, natively, cached) makes the standalone layer pure COPY too.

Rollout (important)

The first release after this must set rebuild_bases=true so the bases are rebuilt with gettext-base before the no-apt standalones build — otherwise a standalone would lack envsubst at runtime. Subsequent releases reuse the frozen bases.

Verified

  • hadolint + conftest dockerfile policy + trivy config + detect-secrets: green.
  • Runtime confirmation (standalone builds with no apt + envsubst present from the base) is the next step — a targeted rebuild_bases=true build.

This is step 1 of "make every build a cheap cache hit"; the staleness gate (#233) is the complementary guarantee.

@elronbandel
perf(combos): move gettext-base+curl to benchmark bases; drop per-com…
d732bfb 
…bo standalone apt

The -standalone build ran apt-get install gettext-base curl on top of each
per-combo eval-base — uncacheable (per-combo base) and emulated under QEMU on
the arm64 leg. That single RUN was the combo-build bottleneck (~37min/shard;
the lean combo itself is pure COPY). Moving the deps into the 6 benchmark bases
(built once, natively, cached) makes the standalone layer pure COPY.

ROLLOUT: the first release after this MUST set rebuild_bases=true so the bases
carry gettext-base before the no-apt standalones build (else standalone lacks
envsubst). Later releases reuse the frozen bases.

Signed-off-by: Elron Bandel <elron.bandel@ibm.com>
@elronbandel

elronbandel commented Jun 28, 2026

Copy link
Copy Markdown
Contributor Author

Verified at runtime (was static-only — lint+grep — before):

  • Built the exact edited apt line (jq ca-certificates curl gettext-base) on debian:12-slim → builds clean; envsubst=/usr/bin/envsubst jq=/usr/bin/jq curl=/usr/bin/curl present, and envsubst renders (X=$HOMEX=/works).
  • A layer FROM that base with no apt → its RUN command -v envsubst && command -v jq && command -v curl passed (INHERITED-OK), confirming the standalone inherits the binaries — the point of this PR.

Scope: proves the apt-line change + inheritance on a debian-slim base (all 6 bases are debian-based). The full repo base build (test-exact-match stage + COPYs, unchanged here) is confirmed by the rebuild_bases=true rollout.

@elronbandel elronbandel merged commit 323df55 into main Jun 28, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elronbandel