Dive action is a GitHub Action that helps you optimize your container images. It runs an analysis on your Docker or OCI images to identify inefficiencies, such as unnecessary files or wasted space, and then provides clear feedback (for example, via pull request comments) so you can reduce the image size and boost performance.
Under the hood, the dive tool inspects image layers to pinpoint areas for improvement. By integrating dive action into your CI pipeline, you can catch inefficiencies early and maintain lean, efficient container images.
Want to contribute? Check open issues and contributing notes.
name: Dive CI
on:
pull_request:
jobs:
dive:
permissions:
# for MaxymVlasov/dive-action to write comments to PRs
pull-requests: write
runs-on: ubuntu-latest
name: Analyze image efficiency
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build image
run: docker build -t sample:latest .
- name: Dive
uses: MaxymVlasov/[email protected]
with:
image: sample:latest
github-token: ${{ secrets.GITHUB_TOKEN }}For security reasons, I recommend pinning GitHub Action SHAs. You can use Renovate for this. The simplest way to start is by using this preset that I created.
All in alphabetical order
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| image | String | true | Image to analyze | |
| always-comment | Boolean | false | false |
Post dive analysis results as PR comment regardless of whether any inefficiencies were found. By default, comments are only posted when issues are detected. Requires github-token |
| config-file | String | false | ${{ github.workspace }}/.dive.yaml |
Path to dive config file. If not provided, default Dive settings will be used. Individual parameters min-image-efficiency, max-wasted-ratio, and max-wasted-bytes can override settings specified in config-file |
| github-token | String | false | GitHub token to post PR comment with dive analysis | |
| dive-image-registry | String | false | ghcr.io/joschi/dive |
Docker registry to pull the Dive image from |
| dive-image-version | String | false | 0.13.1@sha256:f016a4bd2837 130545e391acee7876aa5f7258 ccdb12640ab4afaffa1c597d17 |
Version of the Dive docker image to use. While latest is supported, using a specific version with SHA is recommended for security and reproducibility |
| highest-wasted-bytes | String | false | Threshold for the maximum allowed bytes wasted expressed in B, KB, MB and GB | |
| highest-user-wasted-ratio | Float | false | Threshold for the maximum allowed ratio wasted bytes as a function of total image size expressed as a ratio between 0-1. Note: the base image layer is NOT included in the total image size | |
| lowest-efficiency-ratio | Float | false | Threshold for the lowest allowed image efficiency ratio between 0-1 |
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| image | String | true | Image to analyze |
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| always-comment | Boolean | false | false |
Post dive analysis results as PR comment regardless of whether any inefficiencies were found. By default, comments are only posted when issues are detected. Requires github-token |
| github-token | String | false | GitHub token to post PR comment with dive analysis |
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| dive-image-registry | String | false | ghcr.io/joschi/dive |
Docker registry to pull the Dive image from |
| dive-image-version | String | false | 0.13.1@sha256:f016a4bd2837 130545e391acee7876aa5f7258 ccdb12640ab4afaffa1c597d17 |
Version of the Dive docker image to use. While latest is supported, using a specific version with SHA is recommended for security and reproducibility |
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| config-file | String | false | ${{ github.workspace }}/.dive.yaml |
Path to dive config file. If not provided, default Dive settings will be used. Individual parameters min-image-efficiency, max-wasted-ratio, and max-wasted-bytes can override settings specified in config-file |
| highest-wasted-bytes | String | false | Threshold for the maximum allowed bytes wasted expressed in B, KB, MB and GB | |
| highest-user-wasted-ratio | Float | false | Threshold for the maximum allowed ratio wasted bytes as a function of total image size expressed as a ratio between 0-1. Note: the base image layer is NOT included in the total image size | |
| lowest-efficiency-ratio | Float | false | Threshold for the lowest allowed image efficiency ratio between 0-1 |
Dive configs priority:
highest-wasted-bytes,highest-user-wasted-ratio,lowest-efficiency-ratioconfig-file- Default dive settings:
- highestUserWastedPercent: 0.1
- highestWastedBytes: disabled
- lowestEfficiency: 0.9
There are three metrics supported by the dive config file. See here for details.
rules:
# If the efficiency is measured below X%, mark as failed.
# Expressed as a ratio between 0-1.
lowestEfficiency: 0.95
# If the amount of wasted space is at least X or larger than X, mark as failed.
# Expressed in B, KB, MB, and GB.
highestWastedBytes: 20MB
# If the amount of wasted space makes up for X% or more of the image, mark as failed.
# Note: the base image layer is NOT included in the total image size.
# Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
highestUserWastedPercent: 0.20ghcr.io/joschi/dive@sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17: Pulling from joschi/dive
54c3c928c034: Pulling fs layer
54c3c928c034: Verifying Checksum
54c3c928c034: Download complete
54c3c928c034: Pull complete
Digest: sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17
Status: Downloaded newer image for ghcr.io/joschi/dive@sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17
ghcr.io/joschi/dive:0.13.1@sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17
Using CI config: /.dive-ci
Image Source: docker://sample:latest
Fetching image... (this can take a while for large images)
Analyzing image...
efficiency: 98.8091 %
wastedBytes: 11697960 bytes (12 MB)
userWastedPercent: 1.6116 %
Inefficient Files:
Count Wasted Space File Path
6 4.9 MB /var/cache/debconf/templates.dat
4 3.2 MB /var/cache/debconf/templates.dat-old
6 1.2 MB /var/lib/dpkg/status
6 1.2 MB /var/lib/dpkg/status-old
5 400 kB /var/log/dpkg.log
5 211 kB /var/log/apt/term.log
6 107 kB /etc/ld.so.cache
6 83 kB /var/cache/debconf/config.dat
6 71 kB /var/lib/apt/extended_states
6 67 kB /var/log/apt/eipp.log.xz
5 54 kB /var/cache/ldconfig/aux-cache
4 40 kB /var/cache/debconf/config.dat-old
5 39 kB /var/log/apt/history.log
4 26 kB /var/log/alternatives.log
2 9.1 kB /etc/mailcap
2 903 B /etc/group
2 892 B /etc/group-
2 756 B /etc/gshadow
2 727 B /var/lib/dpkg/triggers/File
2 0 B /usr/src
6 0 B /var/lib/dpkg/lock-frontend
6 0 B /var/lib/dpkg/lock
5 0 B /var/lib/apt/lists
3 0 B /var/lib/dpkg/triggers/Unincorp
6 0 B /var/lib/dpkg/updates
Results:
PASS: highestUserWastedPercent
PASS: highestWastedBytes
FAIL: lowestEfficiency: image efficiency is too low (efficiency=0.988091457351898 < threshold=0.99)
Result:FAIL [Total:3] [Passed:2] [Failed:1] [Warn:0] [Skipped:0]
##[error]Process completed with exit code 1.This action was originally created by Yuichi Tanaka, but upstream not maintained since 2020.
Now it supported by Maksym Vlasov with help from these awesome contributors:
MIT licensed. See LICENSE for full details.
- Russia has illegally annexed Crimea in 2014 and brought the war in Donbas followed by full-scale invasion of Ukraine in 2022.
- Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee.
- Putin khuylo!