Alpine build
Status: Planned · Priority: 3
Produce a Brume binary and container image built on Alpine Linux (musl libc) — smaller, leaner, with a reduced attack surface compared to the current glibc-based artifacts.
Why it matters
Section titled “Why it matters”- Smaller images make CI pipelines faster and deployments cheaper.
- Reduced attack surface matters for a tool that handles production data. Fewer system libraries means fewer CVEs to track.
- Alpine is the de-facto standard for security-conscious container deployments.
What it’ll unlock
Section titled “What it’ll unlock”- Smaller Docker images for the official containerized build.
- A statically-linked binary for environments that don’t ship a JVM by default.
- Lower-friction CI usage — pull, run, throw away.
Open design questions
Section titled “Open design questions”- Native-image (GraalVM) vs. JLink-based runtime trimming.
- Whether
pg_dump(required for schema replication) stays a runtime dependency or gets bundled.