Alright did some further digging, I actually counted in the add nightly into the 700 MB, so the rust libraries stand for 90 MB.
(top one without and bottom one with).
The reason why I suspected why it used more was that it took around 5 minutes to compile, but that is actually the library that installed the other libraries. No idea why it has so many dependencies. Any way continuing… that tool had similar dependencies to that file. And I seem to have removed that nightly line under testing somewhere.
It is the nightly part which is 600 MB.
An easy win would be switching to slim version which reduces the image by 600, if nightly could go away that is another 600 MB.
Nightly cannot go away, but stable probably can, which is the same win in size reduction.
I tried doing rustup toolchain uninstall stable but that did nothing but that may be the wrong way?
Turns out if the version is pinned, it is not called stable. The correct command would’ve been rustup toolchain uninstall 1.71.0 (or whatever the pinned version is).
However, images don’t shrink with later layers, they only grow. FROM rust:1.70.0 AS test is a layer that already contains the stable toolchain, later layers cannot reduce the image size by removing it.
The only way to not bloat the image with two toolchains is therefore to only install nightly in the first place. There are base images for nightly out there. But they don’t allow to pin the exact version, since that would create a new base image every day.
An approach I’ve tried and which worked is to copy the source of the official rust images and replace the (stable) version with a nightly version pinned to a specific date. It seems a little barbaric… but I think the official sources should be trustworthy from a security perspective, since we have been depending on them anyway with FROM rust:1.70.0 AS test. And the maintenance burden isn’t any higher either, there is still only one place to update the rust version (well marked with a comment). That being said, I’d like some feedback if there is something bad about this approach I haven’t considered.
Combined with switching to alpine, that reduces the image size to 947 MB. I believe there’s not much more to gain here, it’s almost only stuff we need:
| size |
thing |
| 664 MB |
nightly toolchain |
| 93 MB |
local registry of preselected dependencies |
| 85 MB |
gcc stuff |
| ~100 MB |
rest, including misc. binaries we mostly need |
PR is here, but CI is not yet passing…
