Skip to content

perf: speed up container tests ~20x by eliminating redundant build#20

Merged
tyvsmith merged 2 commits intomainfrom
perf/container-test-speedup
Mar 28, 2026
Merged

perf: speed up container tests ~20x by eliminating redundant build#20
tyvsmith merged 2 commits intomainfrom
perf/container-test-speedup

Conversation

@tyvsmith
Copy link
Copy Markdown
Owner

@tyvsmith tyvsmith commented Mar 28, 2026
edited
Loading

Summary

  • Add .dockerignore to exclude 43GB target/ dir and .git/ from build context
  • Remove Stage 1 builder from all Containerfiles — use host-built release binaries directly instead of redundantly rebuilding inside the container with LTO
  • Add TSS2 runtime deps to Fedora/Ubuntu containers (needed for host-built binaries)
  • Extract shared _build-test-container justfile recipe to deduplicate podman build across 4 test recipes

Container build drops from ~21 minutes to ~52 seconds.

Closes #19

Test plan

  • podman build succeeds for all 3 Containerfiles (Arch, Fedora, Ubuntu)
  • podman run facelock-pam-test — 13/13 PAM smoke tests pass
  • podman run facelock-fedora-test — 16/16 package validation tests pass
  • podman run facelock-ubuntu-test — 16/16 package validation tests pass
  • Verified facelock --version, PAM module, and ONNX models all present in container
  • just test-integration with camera (requires hardware)

🤖 Generated with Claude Code

@tyvsmith @claude
perf: speed up container tests ~20x by removing redundant in-containe…
a10a988 
…r build

Container integration tests took 21+ minutes because:
- No .dockerignore: 43GB target/ dir sent as build context every time
- Containerfile Stage 1 rebuilt all Rust crates from scratch with LTO,
  despite host already building the same binaries via `just build-release`
- No cargo cache persistence between container builds

Fix by:
- Adding .dockerignore to exclude target/ (except release binaries) and .git/
- Removing Stage 1 builder from all Containerfiles — copy host-built binaries
  directly into test images
- Adding TSS2 runtime deps to Fedora/Ubuntu containers (needed for host-built
  binaries that link against libtss2)
- Extracting shared _build-test-container recipe in justfile to deduplicate
  podman build across test-pam, test-integration, test-oneshot, test-shell

Container build time drops from ~21 minutes to ~52 seconds.

Closes #19

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 28, 2026 17:13
Copilot AI reviewed Mar 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Speeds up container-based integration/package tests by shrinking the build context and avoiding redundant in-container Rust builds, relying on host-built release artifacts instead.

Changes:

  • Add .dockerignore to exclude target/ and .git/ (while re-including needed release binaries).
  • Convert Arch/Fedora/Ubuntu test Containerfiles to single-stage images that copy host-built release binaries.
  • Deduplicate PAM container build logic in justfile via a shared _build-test-container recipe.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.dockerignore Reduces container build context size by excluding target/ and .git/ while allowing required binaries through.
test/Containerfile Switches Arch PAM/integration test image to single-stage and copies host-built binaries + needed project files.
test/Containerfile.fedora Switches Fedora package-validation test image to single-stage and adds TPM/TSS runtime dependency.
test/Containerfile.ubuntu Switches Ubuntu package-validation test image to single-stage and adds TPM/TSS runtime dependencies.
justfile Adds _build-test-container and updates PAM/integration/oneshot/shell recipes to reuse it.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@tyvsmith @claude
ci: build release binaries in CI and pass as artifacts to container job
e5483c5 
The container-pam-test job now uses host-built binaries (matching the
local `just test-pam` flow) instead of building from scratch in the
container. The build-and-test job uploads release binaries as artifacts,
which container-pam-test downloads before running `podman build`.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tyvsmith tyvsmith merged commit 055827f into main Mar 28, 2026
3 checks passed
@tyvsmith tyvsmith deleted the perf/container-test-speedup branch March 28, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Container integration tests take 21+ minutes due to redundant in-container Rust build

2 participants

@tyvsmith