Skip to content

improvement(build): migrate to blacksmith sticky disks for faster builds, other build improvements #2611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
waleedlatif1 merged 1 commit into from
Dec 28, 2025
+27 −30
Merged

improvement(build): migrate to blacksmith sticky disks for faster builds, other build improvements #2611

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 10 additions & 9 deletions .github/workflows/test-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,16 +23,17 @@ jobs:
with:
node-version: latest

- name: Cache Bun dependencies
uses: actions/cache@v4
- name: Mount Bun cache (Sticky Disk)
uses: useblacksmith/stickydisk@v1
with:
path: |
~/.bun/install/cache
node_modules
**/node_modules
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-
key: ${{ github.repository }}-bun-cache
path: ~/.bun/install/cache

- name: Mount node_modules (Sticky Disk)
uses: useblacksmith/stickydisk@v1
with:
key: ${{ github.repository }}-node-modules
path: ./node_modules

- name: Install dependencies
run: bun install --frozen-lockfile
Expand Down
38 changes: 17 additions & 21 deletions docker/app.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
# ========================================
# Base Stage: Debian-based Bun
# Base Stage: Debian-based Bun with Node.js 22
# ========================================
FROM oven/bun:1.3.3-slim AS base

# Install Node.js 22 and common dependencies once in base stage
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && apt-get install -y --no-install-recommends \
python3 python3-pip python3-venv make g++ curl ca-certificates bash ffmpeg \
&& curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y nodejs

# ========================================
# Dependencies Stage: Install Dependencies
# ========================================
FROM base AS deps
WORKDIR /app

# Install Node.js 22 for isolated-vm compilation (requires node-gyp and V8)
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 make g++ curl ca-certificates \
&& curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y nodejs \
&& rm -rf /var/lib/apt/lists/*

COPY package.json bun.lock turbo.json ./
RUN mkdir -p apps packages/db packages/testing packages/logger
COPY apps/sim/package.json ./apps/sim/package.json
Expand All @@ -25,6 +26,7 @@ COPY packages/logger/package.json ./packages/logger/package.json

# Install turbo globally, then dependencies, then rebuild isolated-vm for Node.js
RUN --mount=type=cache,id=bun-cache,target=/root/.bun/install/cache \
--mount=type=cache,id=npm-cache,target=/root/.npm \
bun install -g turbo && \
HUSKY=0 bun install --omit=dev --ignore-scripts && \
cd $(readlink -f node_modules/isolated-vm) && npx node-gyp rebuild --release && cd /app
Expand Down Expand Up @@ -89,13 +91,7 @@ RUN bun run build
FROM base AS runner
WORKDIR /app

# Install Node.js 22 (for isolated-vm worker), Python, and other runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 python3-pip python3-venv bash ffmpeg curl ca-certificates \
&& curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y nodejs \
&& rm -rf /var/lib/apt/lists/*

# Node.js 22, Python, ffmpeg, etc. are already installed in base stage
ENV NODE_ENV=production

# Create non-root user and group
Expand All @@ -113,15 +109,15 @@ COPY --from=deps --chown=nextjs:nodejs /app/node_modules/isolated-vm ./node_modu
# Copy the isolated-vm worker script
COPY --from=builder --chown=nextjs:nodejs /app/apps/sim/lib/execution/isolated-vm-worker.cjs ./apps/sim/lib/execution/isolated-vm-worker.cjs

# Guardrails setup (files need to be owned by nextjs for runtime)
COPY --from=builder --chown=nextjs:nodejs /app/apps/sim/lib/guardrails/setup.sh ./apps/sim/lib/guardrails/setup.sh
# Guardrails setup with pip caching
COPY --from=builder --chown=nextjs:nodejs /app/apps/sim/lib/guardrails/requirements.txt ./apps/sim/lib/guardrails/requirements.txt
COPY --from=builder --chown=nextjs:nodejs /app/apps/sim/lib/guardrails/validate_pii.py ./apps/sim/lib/guardrails/validate_pii.py

# Run guardrails setup as root, then fix ownership of generated venv files
RUN chmod +x ./apps/sim/lib/guardrails/setup.sh && \
cd ./apps/sim/lib/guardrails && \
./setup.sh && \
# Install Python dependencies with pip cache mount for faster rebuilds
RUN --mount=type=cache,target=/root/.cache/pip \
python3 -m venv ./apps/sim/lib/guardrails/venv && \
./apps/sim/lib/guardrails/venv/bin/pip install --upgrade pip && \
./apps/sim/lib/guardrails/venv/bin/pip install -r ./apps/sim/lib/guardrails/requirements.txt && \
chown -R nextjs:nodejs /app/apps/sim/lib/guardrails

# Create .next/cache directory with correct ownership
Expand Down