Add CI check for Dockerfile build performance

[RudoiDmytro]

Description

Add a CI check to ui-toolkit that measures and gates Dockerfile build performance — build time, final image size, and layer/cache efficiency — on every PR that modifies a Dockerfile.

This is one of three parallel issues (one per repo: ui-toolkit, crm, website). Implement the check once as a reusable workflow / composite action (hosted centrally, e.g. VilnaCRM-Org/.github) and consume it here, so the repos share one implementation instead of copy-pasting.

Context / lesson learned: Alpine/musl is not always viable — Playwright's bundled browsers are glibc builds, so this repo's Playwright runner uses mcr.microsoft.com/playwright:*-jammy. The check must reward smaller/faster images while allowing documented, justified exceptions (glibc-only toolchains) rather than hard-mandating Alpine.

Dockerfiles in this repo

• Dockerfile
• Dockerfile.playwright (added in PR [Stack 2/3] UI primitives and assets #38 — glibc-bound Playwright runner; expected performance exception)
• tests/load/Dockerfile (added in PR [Stack 2/3] UI primitives and assets #38)

Tasks

• Adopt the shared reusable workflow (workflow_call) / composite action for Dockerfile performance (or help author it in VilnaCRM-Org/.github if not yet created).
• Wire it into this repo's PR CI for the Dockerfiles listed above.
• Configure per-image size budget + tolerance; report build time and final image size; gate layer efficiency (dive --ci) and hadolint best-practice/perf rules.
• Emit a PR summary/comment with before/after image size and build time vs. the base branch.
• Support a documented exception mechanism (PR label or # perf-exception: <reason> marker) for images that legitimately can't be slimmed (e.g. the glibc-bound Playwright runner).
• Document the policy, thresholds, and exception process in CONTRIBUTING/docs.

Acceptance Criteria

• On a PR that modifies a Dockerfile, CI reports build time and final image size and the delta vs. the target branch.
• CI fails when an image exceeds its size budget (or the layer-efficiency / hadolint gate) beyond the configured tolerance, unless a documented exception applies.
• Documented exceptions (e.g. the glibc-bound Playwright image) pass without weakening the check for other images.
• The check is the shared reusable workflow consumed across ui-toolkit, crm, and website (no per-repo duplication).
• Policy and thresholds are documented in this repo.

Related

• Sibling issues (same check, other repos): Add CI check for Dockerfile build performance crm#94 · Add CI check for Dockerfile build performance website#308
• Migrate Docker images to Alpine base + CI enforcement and image performance checks #40 — Migrate Docker images to Alpine base + CI enforcement and image performance checks (Alpine migration for this repo; this issue owns the cross-repo performance-check portion).

[coderabbitai]

🔗 Related PRs

#36 - chore: bootstrap main CI workflows [merged]
#45 - test(#43): add Bats coverage for Makefile commands [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!