feat: Docker BuildKit registry cache for CI container builds (interim fix) #67
Description
BuildKit Registry Cache for Container Builds
Status: Implemented (pending MR !55 merge on tinyland.dev)
Category: Interim fix — stopgap using existing GitLab Container Registry while Pulp (#66) is planned
Context
This is a tactical intermediate fix to speed up container builds using infrastructure we already have (GitLab Container Registry). It does NOT introduce any new caching infrastructure.
The strategic long-term solution is Pulp (#66), which would provide unified pull-through caching for containers, npm, PyPI, and Nix across all CI runners. Once Pulp is deployed, the BuildKit registry cache would point at Pulp instead of GitLab CR.
Summary
Use Docker BuildKit's type=registry cache backend to persist container build layer cache across CI runs. Instead of rebuilding from scratch each time, layers are cached in the GitLab Container Registry and reused on subsequent builds.
Implementation
The container-build CI job now uses:
docker buildx build \
--cache-from "type=registry,ref=${CI_REGISTRY_IMAGE}/cache:buildcache" \
--cache-to "type=registry,ref=${CI_REGISTRY_IMAGE}/cache:buildcache,mode=max" \
--push \
...Key changes:
docker build→docker buildx buildwithdocker-containerdriver (required fortype=registrycache)--cache-from type=registry: Pull cached layers from registry before build--cache-to type=registry,mode=max: Push all layers (not just final) to registry after build--push: Atomic build+push (replaces separatedocker pushcommands)- Removed
BUILDKIT_INLINE_CACHE=1: Not needed with explicit registry cache
Requirements
- GloriousFlywheel DinD runners with Docker BuildKit support
docker buildxavailable in runner image- Registry write access for cache image (
${CI_REGISTRY_IMAGE}/cache:buildcache)
Expected Impact
- First build: ~30min (full build + cache population)
- Subsequent builds: significantly faster (layer cache hits from registry)
- Cache persists across CI runs (stored in GitLab Container Registry)
Superseded by
- Pulp (RFC: Pulp Content Management for GloriousFlywheel CI #66) — once deployed, BuildKit
--cache-fromwould point at Pulp's container cache instead of GitLab CR