The GitHub Actions Base Image is a Whopping 47 GiB

GitHub Actions got a lot of things right and provided a nice improvement in developer experience relative to CI/CD platforms that existed before them. The decision to bundle a plethora of tools into the base image is baffling though. Their base image is a whopping 47 GiB.

It includes:

• 10+ programming language runtimes
• 4 different versions of Java
• 3 different versions of Go
• 3 different versions of Node
• 5 different versions of Python
• 2 different versions of Ruby
• a bunch of Android SDKs
• 11 package managers
• 4 build tools
• CLIs for every cloud platform
• 8 different web browsers or drivers

The full list of notes on installed software:

https://github.com/actions/runner-images/blob/1ed26a6d42b1c856759a31823c9d99b9775cb5fa/images/ubuntu/Ubuntu2404-Readme.md

All of that, and most people install their own dependencies anyway to control the exact version that they want to have installed. I wonder if GitHub anticipated how prevalent actions would become and how easy they'd be to use when they made this decision about base images.

#Big Base Images are a Bad Decision

The reason to include so much software in the base image is to support a wide variety of things out of the box, without additional configuration or installation necessary. However, this is the wrong thing to optimize for.

A bloated base image affects performance. It also creates backwards compatibility problems when updates are made, resulting in builds spontaneously breaking for people when updates are rolled out.

But the biggest problem with this approach is that it makes any build scripting unable to be ported. The amount of logic inside a CI/CD pipeline that is proprietary to the CI/CD platform should be as minimal as possible. Using big platform-specific base images means the implementation will only run on that platform.

The amount of logic inside a CI/CD pipeline that is proprietary to the CI/CD platform should be as minimal as possible.

#RWX Runs on Generic Base Images

In contrast, RWX runs on generic base images, with a minimal set of configuration.

The code that engineering teams run on RWX can easily run in other environments because it executes on top of a basic ubuntu container. Debugging, understanding, and reuse are all drastically improved with this approach.

1
FROM ubuntu:24.04
2

3
# install commonly needed packages
4
RUN apt-get update && \
5
    apt-get install -y \
6
    build-essential \
7
    ca-certificates \
8
    curl \
9
    dtach \
10
    git \
11
    gnupg \
12
    jq \
13
    sudo \
14
    tzdata \
15
    unzip \
16
    wget \
17
    xz-utils && \
18
    apt-get upgrade -y && \
19
    apt-get clean && \
20
    rm -rf /var/lib/apt/lists/*
21

22
# install docker CLI and optional plugins
23
ENV DOCKER_VERSION=5:28.0.4-1~ubuntu.24.04~noble
24
RUN install -m 0755 -d /etc/apt/keyrings && \
25
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
26
    echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" > \
27
    /etc/apt/sources.list.d/docker.list && \
28
    apt-get update && \
29
    apt-get install -y \
30
      docker-ce=$DOCKER_VERSION \
31
      docker-ce-cli=$DOCKER_VERSION \
32
      docker-ce-rootless-extras=5:28.0.4-1~ubuntu.24.04~noble \
33
      containerd.io=1.7.26-1 \
34
      docker-buildx-plugin=0.22.0-1~ubuntu.24.04~noble \
35
      docker-compose-plugin=2.34.0-1~ubuntu.24.04~noble && \
36
    apt-get clean && \
37
    rm -rf /var/lib/apt/lists/*