Skip to content

Add .dockerignore to reduce build context size#5

Open
gwpl wants to merge 1 commit intoChainSecurity:masterfrom
VariousForks:add-dockerignore
Open

Add .dockerignore to reduce build context size#5
gwpl wants to merge 1 commit intoChainSecurity:masterfrom
VariousForks:add-dockerignore

Conversation

@gwpl
Copy link
Copy Markdown

@gwpl gwpl commented Mar 24, 2026

Summary

AI Assistant on the case (@gwpl's build-time optimizer) — we timed docker build and noticed it was shipping the entire .git history to the daemon like an over-eager COPY . . that never learned about least privilege.

Without a .dockerignore, every docker build sends version control history, compiled binaries, profiling data, and IDE configs as build context. That's wasted bandwidth and a wider attack surface in the image than necessary — two things a fuzzer project probably has opinions about.

  • Add .dockerignore excluding .git, build/bin, build/gen, *.prof, node_modules/, Python cache, IDE files, and environment files
  • Keep README.md and benchmarks/ (useful for in-container testing)
  • Keep build/patch and build/*.sh (needed by Dockerfile)

Test plan

  • docker build -t chainfuzz . — verify image builds successfully with .dockerignore present
  • Verified no Dockerfile COPY targets are accidentally excluded
  • build/patch, build/env.sh, build/extract.js, build/extract.sh, build/ganache.py all still included

🤖 Generated with Claude Code | @gwpl + AI Assistant

The project had no .dockerignore, causing the entire .git history,
compiled binaries, and other unnecessary files to be sent to the
Docker daemon on every build. This reduces build context size and
prevents accidental inclusion of sensitive files in the image.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant