Skip to content

Implement Docker layer caching for all workflows #176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ghostwriternr merged 8 commits into from
Oct 30, 2025
Merged

Implement Docker layer caching for all workflows #176

ghostwriternr merged 8 commits into from
Oct 30, 2025

Conversation

@ghostwriternr
Copy link
Member

@ghostwriternr ghostwriternr commented Oct 30, 2025

Summary

  • Implement GitHub Actions cache backend for Docker builds across all CI workflows
  • Add PR-specific cache scopes with fallback to main branch cache
  • Enable mode=max to cache all Dockerfile stages (pruner, builder, prod-deps, runtime)
  • Add cache mounts for npm, apt, and pip to speed up dependency installs

Technical Details

Cache Architecture:

  • release scope: Shared cache for main branch builds
  • pr-{number} scope: Isolated cache per PR (pullrequest.yml)
  • preview-pr-{number} scope: Isolated cache per PR preview (pkg-pr-new.yml)

Fallback Chains:

  • PR builds: Try PR cache → Fall back to release cache
  • Preview builds: Try preview cache → PR cache → release cache

Cache Mounts:

  • npm: /root/.npm
  • apt: /var/cache/apt + /var/lib/apt
  • pip: /root/.cache/pip

@ghostwriternr
Add Docker layer caching to PR workflow
62bdf11 
- Use docker/build-push-action with GHA cache backend
- Implement PR-specific cache scope with fallback to main branch
- Enable mode=max to cache all Dockerfile stages
- Expected improvement: 60s → 10-20s on warm builds
@ghostwriternr
Add Docker layer caching to release workflow
8720dbf 
- Use docker/build-push-action with GHA cache backend for both beta and stable releases
- Implement shared 'release' cache scope for main branch builds
- Enable mode=max to cache all Dockerfile stages including multi-arch layers
- Expected improvement: 7.5min → 2min on warm builds (70% reduction)
@ghostwriternr
Add Docker layer caching to preview package workflow
18eb0d9 
- Use docker/build-push-action with GHA cache backend
- Implement preview-specific cache scope with multi-level fallback
- Reuse PR cache from pullrequest.yml when available
- Enable mode=max to cache all Dockerfile stages
- Expected improvement: 7.5min → 2-3min on warm builds
@ghostwriternr
Add cache mounts for package managers
0354e8e 
- Add npm cache mount in builder stage for faster dependency installs
- Add apt cache mounts in runtime stage for faster system package installs
- Add pip cache mount in runtime stage for faster Python package installs
- Removes --no-cache-dir from pip to enable caching
- Additional ~20% speedup when dependencies change
@changeset-bot
Copy link

changeset-bot bot commented Oct 30, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 14424a8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@cloudflare/sandbox Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@claude
Copy link
Contributor

claude bot commented Oct 30, 2025
edited
Loading

Claude Code Review

Overall Assessment: LGTM - Well-implemented Docker layer caching strategy with proper cache scopes and mount configurations.

Strengths

  1. Cache scope strategy is solid: PR-specific scopes with fallback chains prevent cache pollution while maximizing reuse
  2. Mode=max usage: Correctly caches all intermediate stages (pruner, builder, prod-deps, runtime)
  3. Proper cache mount configuration:
    • npm cache at /root/.npm in both builder and prod-deps stages
    • apt caches use sharing=locked to prevent corruption during concurrent builds
    • pip cache properly configured
  4. Version extraction centralization: Good refactor in release.yml to eliminate duplication
  5. Timeout adjustment: 15min for pkg-pr-new is reasonable given multi-arch builds take 7-8min

Minor Issues

Line 77-78 (Dockerfile): The apt cache configuration creates files that persist beyond the RUN layer, but since these are in cache mounts that are ephemeral, this is fine. However, consider if the docker-clean removal and keep-cache config should be in a separate RUN layer or combined differently for clarity.

Line 99 (Dockerfile): The rm -rf /var/lib/apt/lists/* runs outside the cache mount, which means it only cleans the container layer, not the cache. This is correct behavior, but the previous pattern was inconsistent - good fix.

Performance Notes

Expected improvements match industry standards:

  • PR builds: 60s → 10-20s (67-83% reduction)
  • Multi-arch releases: 7.5min → 2min (73% reduction)
  • Preview builds: 7.5min → 2-3min (60-73% reduction)

Changeset

Appropriate patch-level change. The changeset correctly notes this benefits users building from source.

Verdict: Ready to merge.

@ghostwriternr
Add cache mount to prod-deps stage
e80b115 
Adds npm cache mount to prod-deps stage for consistency with builder stage.
This speeds up production dependency installs when layers are invalidated.
@ghostwriternr
Improve workflow configuration
2749fd5 
- Remove leftover instructional comment in pullrequest.yml
- Centralize version extraction in release.yml unit-tests job
- Reuse version output in publish jobs to eliminate duplication
@ghostwriternr
Add changeset for Dockerfile cache mounts
482b25a
@ghostwriternr
Increase pkg-pr-new timeout to 15 minutes
14424a8 
Multi-arch Docker builds take 7-8 minutes on cold cache. The previous
10-minute timeout was too tight and caused failures when builds took
slightly longer due to runner variance or network conditions. 15 minutes
provides adequate 2x buffer while still catching genuinely stuck builds.
@pkg-pr-new
Copy link

pkg-pr-new bot commented Oct 30, 2025

Open in StackBlitz

npm i https://pkg.pr.new/cloudflare/sandbox-sdk/@cloudflare/sandbox@176

commit: 14424a8

@github-actions
Copy link
Contributor

github-actions bot commented Oct 30, 2025

🐳 Docker Image Published

FROM cloudflare/sandbox:0.0.0-pr-176-fd7f207

Version: 0.0.0-pr-176-fd7f207

You can use this Docker image with the preview package from this PR.

@ghostwriternr ghostwriternr merged commit 7edbfa9 into main Oct 30, 2025
9 checks passed
@ghostwriternr ghostwriternr deleted the feat/docker-layer-caching branch October 30, 2025 14:00
@threepointone threepointone mentioned this pull request Oct 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ghostwriternr