CI: BuildKit registry cache + SBOM/provenance attestations for Docker builds

.circleci/config.yml

@@ -6,18 +6,21 @@ jobs:
       - image: cimg/base:current
 
     environment:
-      DOCKER_BUILDKIT: 1
+      CACHE_REF: enduire/happo-docs:buildcache
 
     steps:
       - checkout
       - setup_remote_docker:
-          docker_layer_caching: true
+          docker_layer_caching: false
 
       - run:
           name: Build Docker image
           command: |
-            docker build \
+            docker buildx create --use --name happo-builder --driver docker-container
+            docker buildx build \
               --progress=plain \
+              --cache-from "type=registry,ref=${CACHE_REF}" \
+              --load \
               --tag happo-test-docs \
               -f Dockerfile .
 
@@ -115,10 +118,14 @@ jobs:
   publish-docker:
     docker:
       - image: cimg/base:current
+
+    environment:
+      CACHE_REF: enduire/happo-docs:buildcache
+
     steps:
       - checkout
       - setup_remote_docker:
-          docker_layer_caching: true
+          docker_layer_caching: false
 
       - run:
           name: Publish Docker image
@@ -128,6 +135,8 @@ jobs:
             docker buildx create --use --name happo-builder --driver docker-container
             docker buildx build \
               --progress=plain \
+              --cache-from "type=registry,ref=${CACHE_REF}" \
+              --cache-to "type=registry,ref=${CACHE_REF},mode=max" \
               -t enduire/happo-docs:$IMAGE_TAG \
               --attest type=sbom \
               --attest type=provenance,mode=max \