build(docker): make memory-layer image self-contained#58
build(docker): make memory-layer image self-contained#58changhoon-sung wants to merge 4 commits intoix-infrastructure:mainfrom
Conversation
The stack was exposed too broadly by default. Bind published ports to localhost and name shared Docker resources explicitly to make the backend network and data volume clearer.
There is no good reason for the repo and standalone stacks to disagree on health checks here. Keep the checks container-local and use the same health-gated startup ordering in both compose variants.
There was a problem hiding this comment.
Pull request overview
This PR makes the memory-layer Docker image self-contained by building the Scala server JAR inside a multi-stage Docker build, removing the prior dependency on a locally pre-built artifact and aligning local scripts + release workflows to that contract.
Changes:
- Move
memory-layerJAR assembly intomemory-layer/Dockerfile(multi-stage) and build from repo root for sbt project visibility. - Update local wrapper scripts and GitHub release workflows to build/push the image using the new root build context contract.
- Add root
.dockerignoreand compose adjustments (localhost-only port bindings, internal backend network, mount-root variable).
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
memory-layer/Dockerfile |
Adds multi-stage build that installs sbt and runs memoryLayer/assembly inside the image build. |
docker-compose.yml |
Switches build context to repo root + adds internal network and adjusts ports/volume mount. |
docker-compose.standalone.yml |
Aligns standalone compose runtime wiring (network/ports/depends_on health) and adjusts volume mount. |
stack.sh |
Removes local sbt JAR build step; rebuild now forces a no-cache image rebuild for memory-layer. |
scripts/backend.sh |
Removes local sbt JAR build step; rebuild now forces a no-cache image rebuild for memory-layer. |
.github/workflows/release.yml |
Removes standalone sbt build; builds/pushes Docker image using repo-root context + Dockerfile path. |
.github/workflows/release-please.yml |
Same as above for release-please driven releases. |
.dockerignore |
Adds root ignore rules to keep the new root-context Docker builds slim/cached. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RUN curl -fsSL "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" \ | ||
| | tar -xz -C /opt \ | ||
| && ln -s /opt/sbt/bin/sbt /usr/local/bin/sbt |
There was a problem hiding this comment.
The builder stage downloads and installs sbt via curl from GitHub without verifying integrity (checksum/signature). This is a supply-chain risk for the release image build. Consider pinning the download to a known SHA256 (and verifying it), or switching to a base image / package source that provides sbt with verifiable artifacts.
| ensure_docker | ||
| build_jar true | ||
| echo "Rebuilding and starting backend..." | ||
| docker compose up -d --build | ||
| docker compose build --no-cache memory-layer | ||
| docker compose up -d | ||
| wait_for_health |
There was a problem hiding this comment.
The header usage comment still says rebuild will "Force rebuild JAR + restart", but the command now rebuilds the memory-layer Docker image (and no longer builds the JAR locally). Update the usage comment so it matches the new behavior.
The Docker build was only packaging a jar built somewhere else. Have the image build the server itself and stop depending on a local sbt assembly step for the compose and release server path.
changhoon-sung
force-pushed
the
docker-self-contained-build
branch
from
d2233a9 to
10c3381
Compare
|
memory-layer has been removed from public repo and placed in private repo. The docker compose now pulls straight from the docker image of memory-layer |
Summary
The Docker build was not actually building the server. It was packaging a
JAR that had to be assembled somewhere else first and depended on a
locally existing build artifact.
What changed
memory-layerbuild into a multi-stage Dockerfile.dockerignoreserver build contract
builder stage so repeated builds can reuse cached dependency layers
Validation
docker compose -f docker-compose.yml configdocker compose -f docker-compose.yml build memory-layerbash -n stack.sh scripts/backend.sh