Optimize Docker builds with BuildKit cache mounts and registry caching#56
Closed
Optimize Docker builds with BuildKit cache mounts and registry caching#56
Conversation
Add persistent cache mounts for all package managers (dnf, Homebrew, Go, pip, npm) so downloads survive layer invalidation. The daily dnf update no longer triggers a full re-download of every package - only changed packages are fetched. Also adds registry-based build cache as a fallback for when the GHA cache is evicted, ensuring CI builds always have layer cache available.
The ai-dev container inherits from the published nvim-dev:latest where linuxbrew has a system-assigned UID (not 1001). The cache mount with uid=1001 created a directory the linuxbrew user couldn't write to. For a single package install the cache mount adds negligible benefit, so remove it entirely.
The type=registry cache-to requires push auth which isn't available on PR builds (login step is skipped). Unlike GHA cache, BuildKit's registry exporter fails the entire build rather than degrading gracefully. The GHA cache with mode=max already caches all intermediate layers and is sufficient for the current workflow.
BuildKit cache mounts create intermediate parent directories as root. This prevented go install from writing to $GOPATH/bin and npm from writing to ~/.npm (for locks/logs), since both ran as linuxbrew. Pre-create these directory trees before the cache-mounted layers so they're owned by linuxbrew (uid 1001).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR enhances Docker/Podman build performance by implementing BuildKit cache mounts for package managers and adding registry-based build cache persistence across CI/CD runs.
Key Changes
CI/CD Workflow Updates
type=registrycache source/destination for persistent build cache across runstype=ghafor faster local CI cachingContainerfile Optimizations
Both Dockerfiles (ai-dev & nvim)
# syntax=docker/dockerfile:1directive to enable BuildKit featuresnvim/Containerfile (comprehensive optimization)
--mount=type=cache,target=/var/cache/dnfto cache RPM downloadsHOMEBREW_CACHEenvironment variablednf clean all(cache mount handles cleanup)brew installandbrew updatecommandsBuild Script Updates
build: Added--layersflag for explicit layer cachingbuild-no-cache: Clarified that download caches persist even with--no-cacheImplementation Details
uid=1001,gid=1001to match the linuxbrew user, preventing permission issues:buildcachetag to avoid polluting the main image tags