improve gha docker builds

Signed-off-by: GitHub Actions Bot <>

.github/dependabot.yml

@@ -3,38 +3,20 @@ updates:
   - package-ecosystem: pip
     directory: /
     schedule:
-      interval: weekly
-    open-pull-requests-limit: 10
+      interval: monthly
     allow:
       - dependency-type: "all"
     groups:
-      dev-dependencies:
+      all-dependencies:
         patterns:
           - "*"
-        exclude-patterns:
-          - "croniter"
-          - "google-cloud-storage"
-          - "pydantic"
-          - "boto3"
-          - "pydantic-settings"
-          - "azure-storage-blob"
-          - "azure-identity"
-      main-dependencies:
-        patterns:
-          - "croniter"
-          - "google-cloud-storage"
-          - "pydantic"
-          - "boto3"
-          - "pydantic-settings"
-          - "azure-storage-blob"
-          - "azure-identity"
 
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: weekly
+      interval: monthly
 
   - package-ecosystem: docker
     directory: docker/
     schedule:
-      interval: weekly
+      interval: monthly

.github/workflows/dev_build.yml

@@ -28,12 +28,35 @@ jobs:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASS }}
 
+      - name: Cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: |
+            var-cache-pip
+            var-cache-apt
+            var-lib-apt
+          key: ${{ runner.os }}-cache-${{ hashFiles('docker/Dockerfile') }}
+
+      - name: Inject cache into docker
+        uses: reproducible-containers/[email protected]
+        with:
+          cache-map: |
+            {
+              "var-cache-pip": "/var/cache/pip",
+              "var-cache-apt": "/var/cache/apt",
+              "var-lib-apt": "/var/lib/apt"
+            }
+          skip-extraction: ${{ steps.cache.outputs.cache-hit }}
+
       - name: Build and push ogion image
         uses: docker/build-push-action@v6
         with:
           file: docker/Dockerfile
           context: .
           target: build
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
           push: true
           tags: rafsaf/ogion:dev
           platforms: linux/amd64,linux/arm64

.github/workflows/release_build.yml

@@ -26,12 +26,35 @@ jobs:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASS }}
 
+      - name: Cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: |
+            var-cache-pip
+            var-cache-apt
+            var-lib-apt
+          key: ${{ runner.os }}-cache-${{ hashFiles('docker/Dockerfile') }}
+
+      - name: Inject cache into docker
+        uses: reproducible-containers/[email protected]
+        with:
+          cache-map: |
+            {
+              "var-cache-pip": "/var/cache/pip",
+              "var-cache-apt": "/var/cache/apt",
+              "var-lib-apt": "/var/lib/apt"
+            }
+          skip-extraction: ${{ steps.cache.outputs.cache-hit }}
+
       - name: Build and push ogion image
         uses: docker/build-push-action@v6
         with:
           file: docker/Dockerfile
           context: .
           target: build
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
           push: true
           tags: rafsaf/ogion:${{ github.ref_name }},rafsaf/ogion:latest
           platforms: linux/amd64,linux/arm64

.github/workflows/tests.yml

@@ -31,6 +31,39 @@ jobs:
       - name: Download and start db containers
         run: make docker_dbs_setup_up
 
+      - name: Cache
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: |
+            var-cache-pip
+            var-cache-apt
+            var-lib-apt
+          key: ${{ runner.os }}-cache-${{ hashFiles('docker/Dockerfile') }}
+
+      - name: Inject cache into docker
+        uses: reproducible-containers/[email protected]
+        with:
+          cache-map: |
+            {
+              "var-cache-pip": "/var/cache/pip",
+              "var-cache-apt": "/var/cache/apt",
+              "var-lib-apt": "/var/lib/apt"
+            }
+          skip-extraction: ${{ steps.cache.outputs.cache-hit }}
+
+      - name: Build and cache images
+        uses: docker/build-push-action@v6
+        with:
+          file: docker/Dockerfile
+          context: .
+          target: tests
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: false
+          tags: rafsaf/ogion:dev
+          platforms: linux/amd64,linux/arm64
+
       - name: Build image and run tests in container
         env:
           OGION_ARCH: ${{ matrix.arch }}

.github/workflows/type_check.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.12.2"
+          python-version: "3.12.5"
 
       - name: Install Poetry
         uses: snok/install-poetry@v1
@@ -32,7 +32,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: .venv
-          key: venv-${{ runner.os }}-python3.12.2-${{ hashFiles('poetry.lock') }}
+          key: venv-${{ runner.os }}-python3.12.5-${{ hashFiles('poetry.lock') }}
 
       - name: Install dependencies and actiavte virtualenv
         if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'

.github/workflows/update_compose_dbs.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.12.2"
+          python-version: "3.12.5"
 
       - name: Install Poetry
         uses: snok/install-poetry@v1
@@ -29,7 +29,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: .venv
-          key: venv-${{ runner.os }}-python3.12.2-${{ hashFiles('poetry.lock') }}
+          key: venv-${{ runner.os }}-python3.12.5-${{ hashFiles('poetry.lock') }}
 
       - name: Install dependencies and actiavte virtualenv
         if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'

docker/Dockerfile

@@ -9,22 +9,29 @@ ENV LOG_FOLDER_PATH="/var/log/ogion"
 ENV OGION_CPU_ARCHITECTURE=${TARGETARCH}
 WORKDIR ${FOLDER_PATH}
 
-RUN apt-get -y update && apt-get -y install age wget tar gpg
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get -y update && apt-get -y install age wget tar gpg
+
 COPY scripts scripts
-RUN ./scripts/install_mariadb_client.sh
-RUN ./scripts/install_postgresql_client.sh
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    ./scripts/install_mariadb_client.sh
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    ./scripts/install_postgresql_client.sh
 RUN apt-get -y remove gpg
 
 FROM base AS poetry
-RUN pip install poetry==1.8.2
-RUN poetry self add poetry-plugin-export
+RUN --mount=type=cache,target=/root/.cache/pip pip install poetry==1.8.2
+RUN --mount=type=cache,target=/root/.cache/pip poetry self add poetry-plugin-export
 COPY poetry.lock pyproject.toml ./
 RUN poetry export -o /requirements.txt --without-hashes
 RUN poetry export -o /requirements-tests.txt --without-hashes --with tests
 
 FROM base AS common
 COPY --from=poetry /requirements.txt .
-RUN pip install -r requirements.txt
+RUN --mount=type=cache,target=/root/.cache/pip pip install -r requirements.txt
 RUN rm -f requirements.txt
 # reduce size of botocore lib, see https://github.com/boto/botocore/issues/1543
 RUN mkdir /tmp/data \
@@ -57,7 +64,7 @@ COPY LICENSE LICENSE
 
 FROM common AS tests
 COPY --from=poetry /requirements-tests.txt .
-RUN pip install -r requirements-tests.txt
+RUN --mount=type=cache,target=/root/.cache/pip pip install -r requirements-tests.txt
 COPY pyproject.toml .
 COPY tests tests
 CMD ["pytest"]