fix: resolve Docker build timeouts on Modal runner with tmpfs, pre-pulled images, and BuildKit

manascb1344 · manascb1344 · commit a8e28feea80c · 2026-04-26T15:04:45.000+05:30
Three infrastructure fixes to address slow Docker builds inside Modal
Sandboxes caused by gVisor networking and filesystem overhead:

- Add tmpfs mount for /var/lib/docker in start-dockerd.sh (gVisor requires
  tmpfs for overlay2 storage driver; without it Docker falls back to vfs
  which is 10-50x slower)
- Pre-pull common base images (node:22-alpine, python:3.12-alpine,
  alpine:3.19) into runner image using Modal's optimized image system,
  eliminating 140s+ runtime pulls through gVisor netstack
- Export DOCKER_BUILDKIT=1 in sandbox startup to ensure BuildKit is always
  enabled for Docker builds
diff --git a/app.py b/app.py
@@ -173,6 +173,11 @@ def _get_gpu_config(gpu_key: str):
 update-alternatives --set iptables /usr/sbin/iptables-legacy 2>/dev/null || true
 update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2>/dev/null || true
 
+# gVisor requires tmpfs for Docker overlay2 storage driver.
+# Without this, Docker falls back to the vfs driver (10-50x slower).
+mkdir -p /var/lib/docker
+mount -t tmpfs -o size=4G tmpfs /var/lib/docker
+
 exec /usr/bin/dockerd --iptables=false --ip6tables=false > /var/log/dockerd.log 2>&1
 """
 
@@ -214,6 +219,17 @@ def _get_gpu_config(gpu_key: str):
         "update-alternatives --set iptables /usr/sbin/iptables-legacy",
         "update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy",
     )
+    # Layer 1b: Pre-pull common base images using Modal's optimized image system
+    # This avoids 140s+ Docker pulls through gVisor's slow netstack at runtime.
+    .add_local_file(_TEMP_DOCKERD_PATH, "/start-dockerd.sh", copy=True)
+    .run_commands("chmod +x /start-dockerd.sh")
+    .run_commands(
+        "bash /start-dockerd.sh & sleep 5 && until docker info >/dev/null 2>&1; do sleep 1; done",
+        "docker pull node:22-alpine",
+        "docker pull python:3.12-alpine",
+        "docker pull alpine:3.19",
+        "kill %1 2>/dev/null || true",
+    )
     # Layer 2: Python deps (semi-stable)
     .apt_install("python3", "python3-pip", "python-is-python3")
     .pip_install("fastapi==0.115.0", "httpx==0.27.0")
@@ -223,9 +239,6 @@ def _get_gpu_config(gpu_key: str):
         f"curl -L https://github.com/actions/runner/releases/download/v{RUNNER_VERSION}/actions-runner-linux-x64-{RUNNER_VERSION}.tar.gz | tar -xz -C /actions-runner",  # noqa: E501
         "/actions-runner/bin/installdependencies.sh",
     )
-    # Layer 4: Local files (most volatile)
-    .add_local_file(_TEMP_DOCKERD_PATH, "/start-dockerd.sh", copy=True)
-    .run_commands("chmod +x /start-dockerd.sh")
 )
 
 app = modal.App("modal-github-runner")
@@ -733,6 +746,7 @@ async def github_webhook(request: Request):
             " && until docker info > /dev/null 2>&1; do sleep 1; done"
             " && cd /actions-runner"
             " && export RUNNER_ALLOW_RUNASROOT=1"
+            " && export DOCKER_BUILDKIT=1"
             " && exec ./run.sh --jitconfig $GHA_JIT_CONFIG"
         )
 
