Skip to content

Optimize Docker image size with lean and Python variants #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
Nov 28, 2025
Merged

Optimize Docker image size with lean and Python variants #259

merged 20 commits into from
Nov 28, 2025

Conversation

@ghostwriternr
Copy link
Member

@ghostwriternr ghostwriternr commented Nov 27, 2025
edited
Loading

Summary

  • Reduce Docker image size by bundling the container runtime and removing node_modules from the image
  • Add two image variants: cloudflare/sandbox:<version> (lean, 617 MB) and cloudflare/sandbox:<version>-python (full, 1.22 GB)
  • Return helpful error message when Python code execution is attempted on the lean image

Size comparison with current 0.5.6 release (1.64 GB):

Image Variant Size Reduction
Base (no Python) 617 MB 62% smaller
Python 1.22 GB 26% smaller

Closes #14
Closes #169

Changes

Image Size Optimization

  • Bundle sandbox-container server with Bun.build() (~185KB bundled)
  • Remove node_modules from Docker image (saves ~670MB)
  • Remove esbuild dependency
  • Consolidate TypeScript executor into JavaScript executor using Bun.Transpiler

Image Variants

  • Refactor Dockerfile with multi-target build (runtime-base, default, python)
  • default target: Lean image without Python for shell/JS workloads
  • python target: Full image with Python 3.11 + data science packages

Developer Experience

  • Check Python availability at context creation time with actionable error message
  • Update CI workflows to build both image variants
  • Add E2E test for Python-not-available error flow

Test Plan

  • Unit tests pass
  • E2E tests pass locally (including new base image test)
  • CI E2E tests pass with both image variants deployed

@ghostwriternr
fix: exclude src and tsconfig from npm package
9312b66 
Add files field to package.json to explicitly list published files.
Fixes linting errors for users whose IDEs try to resolve the
workspace-only @repo/typescript-config reference in tsconfig.json.
@ghostwriternr
build: bundle sandbox-container with Bun
e2b3d4f 
Replace tsc compilation with Bun.build() bundling. This inlines all
dependencies (@repo/shared, zod, async-mutex) into single files,
eliminating the need for node_modules in the container image.
@ghostwriternr
feat: transpile TypeScript in process-pool using Bun.Transpiler
fad8737 
Move TypeScript transpilation from the executor to process-pool.ts.
This allows us to use Bun's built-in transpiler (since process-pool
runs on Bun) and send plain JavaScript to the Node-based executor.
@ghostwriternr
refactor: consolidate JS and TS to single executor
6dd8522 
TypeScript is now transpiled in process-pool.ts before execution,
so both JS and TS can use the same node_executor. This simplifies
the codebase and removes the need for the separate ts_executor.
@ghostwriternr
chore: remove esbuild dependency
872fb14 
esbuild is no longer needed since TypeScript transpilation now uses
Bun's built-in Bun.Transpiler instead.
@ghostwriternr
build: remove node_modules from Docker image
55fde58 
Use bundled output instead of copying node_modules. The container
server and JS executor are now self-contained bundles with all
dependencies inlined. Reduces image size by ~670MB.
@ghostwriternr
feat: add Python-not-available error for lean image
c641d82 
When PYTHON_POOL_MIN_SIZE=0, return a helpful error message directing
users to the -python image variant instead of failing cryptically.
@ghostwriternr
feat: add multi-target Dockerfile for image variants
20438f9 
- default: lean image without Python (~600-800MB)
- python: full image with Python + data science packages (~1.3GB)

Users can choose the appropriate variant based on their needs.
The default image is suitable for most use cases (shell commands,
file operations, JS/TS code interpreter). The python variant adds
Python code interpreter with matplotlib, numpy, pandas, ipython.
@ghostwriternr
build: update docker scripts to build both variants
80b1f65 
docker:local, docker:publish, and docker:publish:beta now build
both the default and -python image variants.
@ghostwriternr
fix: proper Python detection and CI updates for image variants
b100ced 
- Python check now invokes python3 binary instead of checking env var
- E2E test-worker and integration Dockerfiles use -python variant
- CI workflows build python target for E2E tests
- Release workflow pushes both default and -python variants
- Remove unused docker:publish scripts (CI handles publishing)
@ghostwriternr
chore: add changeset for image optimization
b0c7a05
@ghostwriternr
build: update pkg-pr-new workflow for image variants
22a20c5 
Build and push both default and -python Docker image variants.
Update PR comment to show both image options.
@ghostwriternr
fix: check Python availability before reserving executor
d021ef9 
Move Python availability check earlier in the flow so context creation
fails with a helpful error message before trying to spawn python3.
@ghostwriternr
test: add E2E test for base image Python error
48dcc92 
Add E2E test validating the Python-not-available error message when
using the base image variant. Updates CI to build both image variants
and auto-regenerates wrangler.jsonc from template before E2E tests.
@changeset-bot
Copy link

changeset-bot bot commented Nov 27, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 4b1d4ac

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@cloudflare/sandbox Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@agents-git-bot agents-git-bot bot mentioned this pull request Nov 27, 2025
Open
@pkg-pr-new
Copy link

pkg-pr-new bot commented Nov 27, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/cloudflare/sandbox-sdk/@cloudflare/sandbox@259

commit: 4b1d4ac

@github-actions
Copy link
Contributor

github-actions bot commented Nov 27, 2025
edited
Loading

🐳 Docker Images Published

Default (no Python):

FROM cloudflare/sandbox:0.0.0-pr-259-461d29b

With Python:

FROM cloudflare/sandbox:0.0.0-pr-259-461d29b-python

Version: 0.0.0-pr-259-461d29b

Use the -python variant if you need Python code execution.

claude[bot]

This comment was marked as outdated.

Sign in to view

@ghostwriternr
Add PYTHON_NOT_AVAILABLE error code with proper HTTP 501 status
f9bea1a 
When Python is unavailable in the base image, the error now returns
HTTP 501 with the PYTHON_NOT_AVAILABLE error code instead of a generic
500 INTERNAL_ERROR. The interpreter service detects this specific error
and propagates the correct code through the error handling chain.

Also fixes an untyped array in ensureMinimumPool and strengthens the
changeset breaking change warning for Python users.
claude[bot]

This comment was marked as outdated.

Sign in to view

agents-git-bot bot pushed a commit to cloudflare/cloudflare-docs that referenced this pull request Nov 27, 2025
@github-actions @claude
Document Docker image variants for sandbox-sdk
12357ec 
Add documentation for lean and Python image variants introduced in
cloudflare/sandbox-sdk#259. This breaking change splits the base image
into two variants optimized for different workloads.

- Document default (lean) image without Python (~600-800MB)
- Document Python image with data science packages (~1.3GB)
- Add migration guide for users upgrading from 0.5.5 to 0.5.6+
- Document PYTHON_NOT_AVAILABLE error and how to resolve it
- Update all Dockerfile examples to use 0.5.6 versions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@whoiskatrin whoiskatrin self-requested a review November 27, 2025 18:11
@ghostwriternr
Run JS tests on base image and use dynamic version in error message
ff7138a 
JavaScript-only E2E tests now run against the base image to validate
the lean image works correctly for non-Python workloads. This provides
coverage for the bundled JS executor without requiring Python.

The Python unavailable error message now uses SANDBOX_VERSION env var
when available, falling back to <version> placeholder. This gives users
the exact version to use in production while keeping the placeholder
for development.
claude[bot]

This comment was marked as outdated.

Sign in to view

@ghostwriternr
Refactor container naming: base image default, Python explicit
8545ea8 
- Rename SandboxBase → SandboxPython in test worker
- Flip header logic: X-Sandbox-Type: python selects Python image
- Default (no header) now uses base image (smaller, no Python)
- Update cleanup script for -python suffix
- Remove per-run CI cleanup (resources persist until PR closes)
@ghostwriternr
Fix Docker comment update to match plural 'Images'
78c8a37
@cloudflare cloudflare deleted a comment from github-actions bot Nov 27, 2025
@cloudflare cloudflare deleted a comment from github-actions bot Nov 27, 2025
@cloudflare cloudflare deleted a comment from github-actions bot Nov 27, 2025
claude[bot]

This comment was marked as resolved.

Sign in to view

agents-git-bot bot pushed a commit to cloudflare/cloudflare-docs that referenced this pull request Nov 27, 2025
@github-actions @claude
Document Docker image variants and Python migration
8a94617 
Sync documentation for sandbox-sdk PR #259: Optimize Docker image size
with lean and Python variants.

Changes:
- Update Dockerfile reference with two image variants (lean and python)
- Add Python requirement warning to Code Interpreter documentation
- Create migration guide for upgrading to 0.5.6+ with image variants
- Include size comparison table and use case recommendations

Breaking change: Default image no longer includes Python. Users running
Python code must update to use the -python image variant.

Related: cloudflare/sandbox-sdk#259

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
@ghostwriternr ghostwriternr enabled auto-merge (squash) November 28, 2025 10:37
claude[bot]
claude bot reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

Strong PR - achieves the 62% size reduction goal with sound bundling architecture. However, three critical issues must be fixed before merge.

Critical Issues

1. HTTP status code mismatch

PYTHON_NOT_AVAILABLE is mapped to 501 (Not Implemented) in status-map.ts:51, but the test worker returns 500 for all errors. The test at line 909 expects 500, masking the proper semantic status.

Impact: Clients can't distinguish feature unavailability (501) from server errors (500).

Fix: Update test worker error handling to use proper HTTP status codes from error mappings.

2. No startup validation for bundled executors

Container spawns executors at hardcoded paths (/container-server/dist/runtime/executors/...) without verifying files exist. If bundling fails, container starts successfully but crashes cryptically at runtime.

Fix: Add existence checks during startup for all bundled executors (fail-fast with clear error).

3. E2E test coverage gap for lean image

CI builds both variants but release.yml:112 only tests Python image (target: python). The lean image's bundled JavaScript executor is never validated in E2E.

Fix: Add E2E test job that deploys and tests the lean image variant.

Architecture Observations

Python detection (process-pool.ts:12): 5-second timeout for python3 --version is excessive. Consider reducing to 1000ms - version checks should be near-instantaneous.

Multi-stage Dockerfile: Excellent architecture. Proper layer caching, shared runtime-base, and clean separation of variants.

Bundling strategy: Correct use of Bun.build() with appropriate targets (bun for server, node for executor).

Overall Verdict

Needs fixes - address the three critical issues above. Once resolved, this is ready to merge.

Strengths: Image size goals achieved, breaking change properly documented for beta, version sync maintained, error messages helpful.

agents-git-bot bot pushed a commit to cloudflare/cloudflare-docs that referenced this pull request Nov 28, 2025
@github-actions
Document Docker image variants and Python migration
7d1976f 
Sync documentation for PR #259: Optimize Docker image size with lean and Python variants

Changes:
- Add documentation for two image variants (default and -python)
- Include breaking change notice for Python users
- Add migration guide from v0.5.x to v0.6.0+
- Document PYTHON_NOT_AVAILABLE error behavior
- Update all examples to show appropriate image selection
- Clarify Python availability requirements in Code Interpreter API

Related upstream PR: cloudflare/sandbox-sdk#259
@ghostwriternr ghostwriternr merged commit 0a2cb93 into main Nov 28, 2025
18 checks passed
@ghostwriternr ghostwriternr deleted the split-images branch November 28, 2025 10:51
@github-actions github-actions bot mentioned this pull request Nov 28, 2025
Merged
@jinjiaKarl jinjiaKarl mentioned this pull request Dec 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@whoiskatrin whoiskatrin whoiskatrin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

replace esbuild with bun Proposal: Multiple standardized enviroments / Dockerfile's

2 participants

@ghostwriternr @whoiskatrin