Skip to content

docker: optimize env and syzbot images using multi-stage builds#7474

Draft
tarasmadan wants to merge 1 commit into
google:masterfrom
tarasmadan:optimize-docker-images
Draft

docker: optimize env and syzbot images using multi-stage builds#7474
tarasmadan wants to merge 1 commit into
google:masterfrom
tarasmadan:optimize-docker-images

Conversation

@tarasmadan

@tarasmadan tarasmadan commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Combine tools/docker/env/Dockerfile and tools/docker/syzbot/Dockerfile
into a single multi-stage Dockerfile. This allows the images to share
common base layers (like LLVM and Go) and reduces the maintenance burden.

Additionally, split the syz-env image into variants (base, arch, dashboard)
so that CI jobs only download the components they need, significantly
reducing CI download times.

Measurable Impact (Size Savings):

Image Variant Target Job Download Size On-Disk Size Reduction vs Original
env:base aux, build, race 636 MB 2.81 GB ~80% smaller (from 3.2GB / 14.7GB)
env:dashboard dashboard 1.01 GB 4.64 GB ~68% smaller
env:arch arch 2.08 GB 9.07 GB ~38% smaller
env:latest (Full) Local Dev 2.80 GB 12.80 GB ~13% smaller
syzbot:latest syzbot 2.27 GB 10.50 GB ~20% smaller (from 2.75GB / 13.2GB)

For CI, the core build/test jobs will now download a 636MB image instead of 3.2GB, saving ~2.5GB of network transfer per workflow run and significantly reducing startup latency.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 10, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request consolidates the Docker build process for syzkaller by replacing individual Dockerfiles with a single multi-stage Dockerfile and introducing a build.sh helper script. Feedback on these changes includes addressing a hardcoded amd64 architecture during the Go toolchain download to support multi-platform builds, setting the LIBCLANG_PATH environment variable so that bindgen can locate libclang.so at runtime, and refactoring BUILD_ARGS in build.sh to use a bash array to prevent word-splitting issues.

Comment thread tools/docker/Dockerfile Outdated
Comment thread tools/docker/Dockerfile
Comment thread tools/docker/build.sh Outdated
@tarasmadan tarasmadan force-pushed the optimize-docker-images branch from 4fea5f7 to 80e73d8 Compare June 11, 2026 00:11
@tarasmadan tarasmadan marked this pull request as ready for review June 11, 2026 00:24
@tarasmadan

tarasmadan commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator Author

The tests are failing because the actual containers were not yet uploaded.
If the overall approach looks sane to you I'll give it a shot next week from the office.

@ramosian-glider

ramosian-glider commented Jun 11, 2026

Copy link
Copy Markdown
Member

Note that this patch won't apply because we switched to clang-22 today
But don't rush with rebasing, because our tools don't build with clang-22: https://github.com/google/syzkaller/actions/runs/27360220081/job/80846394542?pr=7464

@tarasmadan tarasmadan force-pushed the optimize-docker-images branch from 80e73d8 to 285cc4d Compare June 15, 2026 12:56
@tarasmadan
docker: optimize env and syzbot images using multi-stage builds
4a96976 
Combine tools/docker/env/Dockerfile and tools/docker/syzbot/Dockerfile
into a single multi-stage Dockerfile. This allows the images to share
common base layers (like LLVM and Go) and reduces the maintenance burden.

Additionally, split the syz-env image into variants (base, arch, dashboard)
so that CI jobs only download the components they need, significantly
reducing CI download times.

Also:
- Fixed Go toolchain download to use dynamic architecture (fixing arm64 support).
- Set LIBCLANG_PATH in env-base for bindgen runtime compatibility.
- Refactored build.sh to use a bash array for build arguments.
- Added tools/docker/test.sh sanity test script to verify all target images.

Measurable Impact (Size Savings):

| Image Variant | Target Job | Download Size | On-Disk Size | Reduction vs Original |
| :--- | :--- | :--- | :--- | :--- |
| env:base | aux, build, race | 636 MB | 2.81 GB | ~80% smaller (from 3.2GB / 14.7GB) |
| env:dashboard | dashboard | 1.01 GB | 4.64 GB | ~68% smaller |
| env:arch | arch | 2.08 GB | 9.07 GB | ~38% smaller |
| env:latest (Full) | Local Dev | 2.80 GB | 12.80 GB | ~13% smaller |
| syzbot:latest | syzbot | 2.27 GB | 10.50 GB | ~20% smaller (from 2.75GB / 13.2GB) |

For CI, the core build/test jobs will now download a 636MB image instead of 3.2GB, saving ~2.5GB of network transfer per workflow run and significantly reducing startup latency.
@tarasmadan tarasmadan force-pushed the optimize-docker-images branch from 285cc4d to 4a96976 Compare June 15, 2026 17:28
@tarasmadan tarasmadan marked this pull request as draft June 15, 2026 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a-nogikh a-nogikh Awaiting requested review from a-nogikh

@ramosian-glider ramosian-glider Awaiting requested review from ramosian-glider

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tarasmadan @ramosian-glider