Description
All container images in this repository should use Alpine-based Docker images wherever feasible. Alpine variants are significantly smaller and reduce the attack surface compared to the Debian-based images we use today.
Currently Dockerfile is built on oven/bun:1.3.5 (Debian/glibc) and installs packages via apt-get. We should migrate to the Alpine variant and add CI guardrails so this convention is enforced and image performance is tracked.
Origin
Raised in PR #37 review (reviewer @Kravalg) on Dockerfile. Migration deferred to this issue because it requires a non-trivial apt-get → apk / glibc → musl port that must be validated separately from the tooling-foundation PR.
Tasks
Acceptance Criteria
Description
All container images in this repository should use Alpine-based Docker images wherever feasible. Alpine variants are significantly smaller and reduce the attack surface compared to the Debian-based images we use today.
Currently
Dockerfileis built onoven/bun:1.3.5(Debian/glibc) and installs packages viaapt-get. We should migrate to the Alpine variant and add CI guardrails so this convention is enforced and image performance is tracked.Origin
Raised in PR #37 review (reviewer @Kravalg) on
Dockerfile. Migration deferred to this issue because it requires a non-trivialapt-get→apk/ glibc → musl port that must be validated separately from the tooling-foundation PR.Tasks
Dockerfilefromoven/bun:1.3.5(Debian) to the Alpine variant (oven/bun:1.3.5-alpine), portingapt-getinstalls toapkand validating musl compatibility for the build toolchain (g++,make,python3,procps,bash, Node/npm).tests/load/Dockerfile) to Alpine where possible.bun install --frozen-lockfile, build, unit/e2e/visual/memory-leak suites) passes on the Alpine image.Acceptance Criteria