From da4ae88c7f00c371f214850aaf184156f34a0b33 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 15:02:08 +1100 Subject: [PATCH 01/11] ci: test docker build with caching --- .github/workflows/docker.yaml | 36 ++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index fce9f576..64c11c64 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -66,9 +66,35 @@ jobs: run: | gcloud auth configure-docker australia-southeast1-docker.pkg.dev + - name: Pull cache images + if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} + run: | + # Try to pull cache from main registry first + docker pull $DOCKER_MAIN/$IMAGE_NAME:$VERSION || true + + # Also try to pull branch-specific cache + # Sanitize branch name for use in Docker tags (replace / with -) + BRANCH_TAG=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') + docker pull $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG || true + - name: build run: | - docker build . -f Dockerfile --tag $IMAGE_NAME:${{ github.sha }} + # For non-main/alpha branches, use cache to speed up builds + if [ "${{ github.ref_name }}" != "main" ] && [ "${{ github.ref_name }}" != "alpha" ]; then + # Build cache-from arguments with multiple sources + # First, use the production image as a base cache + CACHE_ARGS="--cache-from $DOCKER_MAIN/$IMAGE_NAME:$VERSION" + + # Then append the branch-specific cache (note: we're concatenating, not replacing) + # This gives Docker two cache sources to pull layers from + BRANCH_TAG=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') + CACHE_ARGS="$CACHE_ARGS --cache-from $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG" + + docker build . -f Dockerfile $CACHE_ARGS --tag $IMAGE_NAME:${{ github.sha }} + else + # Production builds (main/alpha) - build from scratch for reproducibility + docker build . -f Dockerfile --tag $IMAGE_NAME:${{ github.sha }} + fi - name: push commit sha tag if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} @@ -79,6 +105,14 @@ jobs: echo "DOCKER_IMAGE=$DOCKER_DEV/$IMAGE_NAME:${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV echo "DOCKER_DIGEST=$DIGEST" >> $GITHUB_ENV + - name: push branch cache + if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} + run: | + # Sanitize branch name for use in Docker tags (replace / with -) + BRANCH_TAG=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') + docker tag $IMAGE_NAME:${{ github.sha }} $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG + docker push $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG + - name: push production on version bump if: ${{ github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'alpha') && startsWith(github.event.head_commit.message, 'bump:') }} run: | From 69d368161c68827f9046fa0c045c216c100d2545 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 15:19:31 +1100 Subject: [PATCH 02/11] ci: move out ref_name to env --- .github/workflows/docker.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 64c11c64..00e73791 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -68,26 +68,30 @@ jobs: - name: Pull cache images if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} + env: + REF_NAME: ${{ github.ref_name }} run: | # Try to pull cache from main registry first docker pull $DOCKER_MAIN/$IMAGE_NAME:$VERSION || true # Also try to pull branch-specific cache # Sanitize branch name for use in Docker tags (replace / with -) - BRANCH_TAG=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') + BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') docker pull $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG || true - name: build + env: + REF_NAME: ${{ github.ref_name }} run: | # For non-main/alpha branches, use cache to speed up builds - if [ "${{ github.ref_name }}" != "main" ] && [ "${{ github.ref_name }}" != "alpha" ]; then + if [ "$REF_NAME" != "main" ] && [ "$REF_NAME" != "alpha" ]; then # Build cache-from arguments with multiple sources # First, use the production image as a base cache CACHE_ARGS="--cache-from $DOCKER_MAIN/$IMAGE_NAME:$VERSION" # Then append the branch-specific cache (note: we're concatenating, not replacing) # This gives Docker two cache sources to pull layers from - BRANCH_TAG=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') + BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') CACHE_ARGS="$CACHE_ARGS --cache-from $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG" docker build . -f Dockerfile $CACHE_ARGS --tag $IMAGE_NAME:${{ github.sha }} @@ -107,9 +111,11 @@ jobs: - name: push branch cache if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} + env: + REF_NAME: ${{ github.ref_name }} run: | # Sanitize branch name for use in Docker tags (replace / with -) - BRANCH_TAG=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') + BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') docker tag $IMAGE_NAME:${{ github.sha }} $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG docker push $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG From 9cbac60200fe4767f48940f916ece3ee5b29124d Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 15:40:27 +1100 Subject: [PATCH 03/11] docs: add temp space to trigger build --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 56e4568b..552b9070 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # 🐙 CPG Flow + CPG Flow logo ![Python](https://img.shields.io/badge/-Python-black?style=for-the-badge&logoColor=white&logo=python&color=2F73BF) From 163daf711c71312c560dc99a77c3b543de9ef3a4 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 15:51:12 +1100 Subject: [PATCH 04/11] build: clean up dockerfile and build action --- .github/workflows/docker.yaml | 33 +++++++++++++++++++++------------ Dockerfile | 15 ++++++++------- 2 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 00e73791..9ab8996a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -71,13 +71,17 @@ jobs: env: REF_NAME: ${{ github.ref_name }} run: | - # Try to pull cache from main registry first - docker pull $DOCKER_MAIN/$IMAGE_NAME:$VERSION || true - - # Also try to pull branch-specific cache # Sanitize branch name for use in Docker tags (replace / with -) BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') - docker pull $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG || true + + # Try to pull branch-specific cache first + if docker pull $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG; then + echo "Successfully pulled branch cache: cache-$BRANCH_TAG" + else + echo "Branch cache not found, falling back to production cache" + # Only pull from main registry if branch cache doesn't exist + docker pull $DOCKER_MAIN/$IMAGE_NAME:$VERSION || true + fi - name: build env: @@ -85,14 +89,19 @@ jobs: run: | # For non-main/alpha branches, use cache to speed up builds if [ "$REF_NAME" != "main" ] && [ "$REF_NAME" != "alpha" ]; then - # Build cache-from arguments with multiple sources - # First, use the production image as a base cache - CACHE_ARGS="--cache-from $DOCKER_MAIN/$IMAGE_NAME:$VERSION" - - # Then append the branch-specific cache (note: we're concatenating, not replacing) - # This gives Docker two cache sources to pull layers from BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') - CACHE_ARGS="$CACHE_ARGS --cache-from $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG" + + # Check if branch cache exists locally (was pulled successfully) + if docker image inspect $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG >/dev/null 2>&1; then + echo "Using branch-specific cache" + CACHE_ARGS="--cache-from $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG" + elif docker image inspect $DOCKER_MAIN/$IMAGE_NAME:$VERSION >/dev/null 2>&1; then + echo "Using production cache as fallback" + CACHE_ARGS="--cache-from $DOCKER_MAIN/$IMAGE_NAME:$VERSION" + else + echo "No cache available, building from scratch" + CACHE_ARGS="" + fi docker build . -f Dockerfile $CACHE_ARGS --tag $IMAGE_NAME:${{ github.sha }} else diff --git a/Dockerfile b/Dockerfile index 41a659d4..249ba4d5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,19 +11,20 @@ ENV UV_COMPILE_BYTECODE=1 ENV UV_LINK_MODE=copy # Install the project's dependencies using the lockfile and settings -# Copy `pyproject.toml` and `uv.lock` into `/cpg-flow` explicitly -COPY pyproject.toml uv.lock /cpg-flow/ - -# Install the project's dependencies using the lockfile and settings +# Use bind mounts to avoid copying files into the layer (better cache invalidation) RUN --mount=type=cache,target=/root/.cache/uv \ --mount=type=bind,source=uv.lock,target=uv.lock \ --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ uv sync --frozen --no-install-project -# Add the project source code from src/cpg-flow -ADD . /cpg-flow +# Copy only the source code (dependencies are already installed above) +# This layer only invalidates when source code changes, not when dependencies change +COPY src /cpg-flow/src +COPY pyproject.toml uv.lock /cpg-flow/ + +# Install the project itself (fast since dependencies are already installed) RUN --mount=type=cache,target=/root/.cache/uv \ - uv sync --frozen + uv sync --frozen --no-deps # Place executables in the environment at the front of the path ENV PATH="/cpg-flow/.venv/bin:$PATH" From 2379a52ebbd27a26bd5920d1e69c0c4719610495 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:01:33 +1100 Subject: [PATCH 05/11] build: fix uv option in dockerfile --- Dockerfile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 249ba4d5..5c34e0ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,20 +11,17 @@ ENV UV_COMPILE_BYTECODE=1 ENV UV_LINK_MODE=copy # Install the project's dependencies using the lockfile and settings -# Use bind mounts to avoid copying files into the layer (better cache invalidation) +# Use bind mounts - files are available during RUN but not persisted in layer RUN --mount=type=cache,target=/root/.cache/uv \ --mount=type=bind,source=uv.lock,target=uv.lock \ --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ - uv sync --frozen --no-install-project + uv sync --locked --no-install-project --no-dev -# Copy only the source code (dependencies are already installed above) -# This layer only invalidates when source code changes, not when dependencies change -COPY src /cpg-flow/src -COPY pyproject.toml uv.lock /cpg-flow/ - -# Install the project itself (fast since dependencies are already installed) +# Then, add the rest of the project source code and install it +# Installing separately from its dependencies allows optimal layer caching +COPY . /cpg-flow RUN --mount=type=cache,target=/root/.cache/uv \ - uv sync --frozen --no-deps + uv sync --locked --no-dev # Place executables in the environment at the front of the path ENV PATH="/cpg-flow/.venv/bin:$PATH" From 53a5b7c87477c581f3e6d6412710e3ba0f9b3761 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:08:13 +1100 Subject: [PATCH 06/11] build: remove uv cache mount --- Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5c34e0ee..7f5b69e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,16 +12,15 @@ ENV UV_LINK_MODE=copy # Install the project's dependencies using the lockfile and settings # Use bind mounts - files are available during RUN but not persisted in layer -RUN --mount=type=cache,target=/root/.cache/uv \ - --mount=type=bind,source=uv.lock,target=uv.lock \ +# Note: Removed uv cache mount to ensure consistent layer caching with --cache-from +RUN --mount=type=bind,source=uv.lock,target=uv.lock \ --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ uv sync --locked --no-install-project --no-dev # Then, add the rest of the project source code and install it # Installing separately from its dependencies allows optimal layer caching COPY . /cpg-flow -RUN --mount=type=cache,target=/root/.cache/uv \ - uv sync --locked --no-dev +RUN uv sync --locked --no-dev # Place executables in the environment at the front of the path ENV PATH="/cpg-flow/.venv/bin:$PATH" From cd227e14f73b75c0a37de4ec127211251c8e3e33 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:14:12 +1100 Subject: [PATCH 07/11] ci: use github cache for pulling image --- .github/workflows/docker.yaml | 115 +++++++++++++--------------------- 1 file changed, 44 insertions(+), 71 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 9ab8996a..fe95f16c 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -66,90 +66,63 @@ jobs: run: | gcloud auth configure-docker australia-southeast1-docker.pkg.dev - - name: Pull cache images - if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} - env: - REF_NAME: ${{ github.ref_name }} - run: | - # Sanitize branch name for use in Docker tags (replace / with -) - BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - # Try to pull branch-specific cache first - if docker pull $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG; then - echo "Successfully pulled branch cache: cache-$BRANCH_TAG" - else - echo "Branch cache not found, falling back to production cache" - # Only pull from main registry if branch cache doesn't exist - docker pull $DOCKER_MAIN/$IMAGE_NAME:$VERSION || true - fi - - - name: build - env: - REF_NAME: ${{ github.ref_name }} - run: | - # For non-main/alpha branches, use cache to speed up builds - if [ "$REF_NAME" != "main" ] && [ "$REF_NAME" != "alpha" ]; then - BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') - - # Check if branch cache exists locally (was pulled successfully) - if docker image inspect $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG >/dev/null 2>&1; then - echo "Using branch-specific cache" - CACHE_ARGS="--cache-from $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG" - elif docker image inspect $DOCKER_MAIN/$IMAGE_NAME:$VERSION >/dev/null 2>&1; then - echo "Using production cache as fallback" - CACHE_ARGS="--cache-from $DOCKER_MAIN/$IMAGE_NAME:$VERSION" - else - echo "No cache available, building from scratch" - CACHE_ARGS="" - fi - - docker build . -f Dockerfile $CACHE_ARGS --tag $IMAGE_NAME:${{ github.sha }} - else - # Production builds (main/alpha) - build from scratch for reproducibility - docker build . -f Dockerfile --tag $IMAGE_NAME:${{ github.sha }} - fi - - - name: push commit sha tag + - name: Build and push development image + if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: | + ${{ env.DOCKER_DEV }}/${{ env.IMAGE_NAME }}:${{ github.event.pull_request.head.sha }} + cache-from: type=gha + cache-to: type=gha,mode=max + outputs: type=image,name=${{ env.DOCKER_DEV }}/${{ env.IMAGE_NAME }},push-by-digest=false + + - name: Set development image env vars if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} run: | - docker tag $IMAGE_NAME:${{ github.sha }} $DOCKER_DEV/$IMAGE_NAME:${{ github.event.pull_request.head.sha }} - docker push $DOCKER_DEV/$IMAGE_NAME:${{ github.event.pull_request.head.sha }} - DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $DOCKER_DEV/$IMAGE_NAME:${{ github.event.pull_request.head.sha }} | cut -d'@' -f2) + DIGEST=$(docker buildx imagetools inspect $DOCKER_DEV/$IMAGE_NAME:${{ github.event.pull_request.head.sha }} --format '{{json .}}' | jq -r '.manifest.digest') echo "DOCKER_IMAGE=$DOCKER_DEV/$IMAGE_NAME:${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV echo "DOCKER_DIGEST=$DIGEST" >> $GITHUB_ENV - - name: push branch cache - if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} - env: - REF_NAME: ${{ github.ref_name }} - run: | - # Sanitize branch name for use in Docker tags (replace / with -) - BRANCH_TAG=$(echo "$REF_NAME" | sed 's/\//-/g') - docker tag $IMAGE_NAME:${{ github.sha }} $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG - docker push $DOCKER_DEV/$IMAGE_NAME:cache-$BRANCH_TAG - - - name: push production on version bump + - name: Build and push production image + if: ${{ github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'alpha') && startsWith(github.event.head_commit.message, 'bump:') }} + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ env.DOCKER_MAIN }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} + # Production builds don't use cache for reproducibility + no-cache: true + + - name: Set production image env vars if: ${{ github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'alpha') && startsWith(github.event.head_commit.message, 'bump:') }} run: | - docker tag $IMAGE_NAME:${{ github.sha }} $DOCKER_MAIN/$IMAGE_NAME:$VERSION - docker push $DOCKER_MAIN/$IMAGE_NAME:$VERSION - DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $DOCKER_MAIN/$IMAGE_NAME:$VERSION | cut -d'@' -f2) + DIGEST=$(docker buildx imagetools inspect $DOCKER_MAIN/$IMAGE_NAME:$VERSION --format '{{json .}}' | jq -r '.manifest.digest') echo "DOCKER_IMAGE=$DOCKER_MAIN/$IMAGE_NAME:$VERSION" >> $GITHUB_ENV echo "DOCKER_DIGEST=$DIGEST" >> $GITHUB_ENV - - name: manually triggered build + - name: Build and push manually triggered image + if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name != 'main' }} + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ env.DOCKER_DEV }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.tag }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Set manually triggered image env vars if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name != 'main' }} - env: - IMAGE_NAME: $IMAGE_NAME - DOCKER_DEV: $DOCKER_DEV - TAG: ${{ github.event.inputs.tag }} - SHA: ${{ github.sha }} run: | - set -euo pipefail - docker tag "$IMAGE_NAME:$SHA" "$DOCKER_DEV/$IMAGE_NAME:$TAG" - docker push "$DOCKER_DEV/$IMAGE_NAME:$TAG" - DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$DOCKER_DEV/$IMAGE_NAME:$TAG" | cut -d'@' -f2) - echo "DOCKER_IMAGE=$DOCKER_DEV/$IMAGE_NAME:$TAG" >> "$GITHUB_ENV" + DIGEST=$(docker buildx imagetools inspect $DOCKER_DEV/$IMAGE_NAME:${{ github.event.inputs.tag }} --format '{{json .}}' | jq -r '.manifest.digest') + echo "DOCKER_IMAGE=$DOCKER_DEV/$IMAGE_NAME:${{ github.event.inputs.tag }}" >> "$GITHUB_ENV" echo "DOCKER_DIGEST=$DIGEST" >> "$GITHUB_ENV" - name: Add image link to GitHub Summary From 991d0a5cd5d41e16e247a289d5f4d22b48017316 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:23:55 +1100 Subject: [PATCH 08/11] ci: pin actions --- .github/workflows/docker.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index fe95f16c..fc3f0a9e 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -67,11 +67,11 @@ jobs: gcloud auth configure-docker australia-southeast1-docker.pkg.dev - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 - name: Build and push development image if: ${{ github.ref_name != 'main' && github.ref_name != 'alpha' }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: context: . file: ./Dockerfile @@ -91,7 +91,7 @@ jobs: - name: Build and push production image if: ${{ github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'alpha') && startsWith(github.event.head_commit.message, 'bump:') }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: context: . file: ./Dockerfile @@ -109,7 +109,7 @@ jobs: - name: Build and push manually triggered image if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name != 'main' }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 #v6.9.0 with: context: . file: ./Dockerfile From fdf90c7d0cafaeda8332d7f73dca9fdf773c2b6c Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:33:06 +1100 Subject: [PATCH 09/11] build: add uv mount cache --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7f5b69e6..5c34e0ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,15 +12,16 @@ ENV UV_LINK_MODE=copy # Install the project's dependencies using the lockfile and settings # Use bind mounts - files are available during RUN but not persisted in layer -# Note: Removed uv cache mount to ensure consistent layer caching with --cache-from -RUN --mount=type=bind,source=uv.lock,target=uv.lock \ +RUN --mount=type=cache,target=/root/.cache/uv \ + --mount=type=bind,source=uv.lock,target=uv.lock \ --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ uv sync --locked --no-install-project --no-dev # Then, add the rest of the project source code and install it # Installing separately from its dependencies allows optimal layer caching COPY . /cpg-flow -RUN uv sync --locked --no-dev +RUN --mount=type=cache,target=/root/.cache/uv \ + uv sync --locked --no-dev # Place executables in the environment at the front of the path ENV PATH="/cpg-flow/.venv/bin:$PATH" From a89e0e06e07beb81209a9384d1f43bfb0df0bcd3 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:40:59 +1100 Subject: [PATCH 10/11] docs: remove temp whitespace --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 552b9070..56e4568b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # 🐙 CPG Flow - CPG Flow logo ![Python](https://img.shields.io/badge/-Python-black?style=for-the-badge&logoColor=white&logo=python&color=2F73BF) From 5a9a021727776b58f3781c6128a0d2efb95a54a5 Mon Sep 17 00:00:00 2001 From: Yash Pankhania Date: Thu, 20 Nov 2025 16:48:17 +1100 Subject: [PATCH 11/11] ci: put input tag in env --- .github/workflows/docker.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index fc3f0a9e..bcfcaaaa 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -109,7 +109,7 @@ jobs: - name: Build and push manually triggered image if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name != 'main' }} - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 #v6.9.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: context: . file: ./Dockerfile @@ -120,9 +120,11 @@ jobs: - name: Set manually triggered image env vars if: ${{ github.event_name == 'workflow_dispatch' && github.ref_name != 'main' }} + env: + TAG: ${{ github.event.inputs.tag }} run: | - DIGEST=$(docker buildx imagetools inspect $DOCKER_DEV/$IMAGE_NAME:${{ github.event.inputs.tag }} --format '{{json .}}' | jq -r '.manifest.digest') - echo "DOCKER_IMAGE=$DOCKER_DEV/$IMAGE_NAME:${{ github.event.inputs.tag }}" >> "$GITHUB_ENV" + DIGEST=$(docker buildx imagetools inspect $DOCKER_DEV/$IMAGE_NAME:$TAG --format '{{json .}}' | jq -r '.manifest.digest') + echo "DOCKER_IMAGE=$DOCKER_DEV/$IMAGE_NAME:$TAG" >> "$GITHUB_ENV" echo "DOCKER_DIGEST=$DIGEST" >> "$GITHUB_ENV" - name: Add image link to GitHub Summary