Skip to content

feat(ci): accelerate Docker builds with BuildKit cache mounts #877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(ci): accelerate Docker builds with BuildKit cache mounts #877

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
55af8a3
Initial plan
Copilot Dec 28, 2025
a16a5fa
feat(ci): add Docker build caching for pip, go, and cargo dependencies
Copilot Dec 28, 2025
5d6f56e
Merge branch 'main' into copilot/accelerate-builds-with-caching
ocervell Jan 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .docker/Dockerfile.alpine
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ RUN apk add --no-cache \
COPY . /code
WORKDIR /code

RUN pipx install --pip-args="--no-cache-dir" . && \
# Use cache mounts for pip to speed up dependency installation
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/pipx \
pipx install . && \
secator install addons worker && \
secator install addons gdrive && \
secator install addons gcs && \
Expand All @@ -33,5 +36,11 @@ RUN apk add --no-cache \
pipx \
sudo
RUN if [ "$build_from_source" = "true" ]; then secator config set security.force_source_install 1; fi
RUN if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
# Use cache mounts for tool installation directories to speed up builds
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
--mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/root/.cargo/git \
if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
ENTRYPOINT ["secator"]
13 changes: 11 additions & 2 deletions .docker/Dockerfile.arch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,22 @@ RUN pacman -Syu --noconfirm && \
wget
COPY . /code
WORKDIR /code
RUN pipx install . && \
# Use cache mounts for pip and pipx to speed up dependency installation
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/pipx \
pipx install . && \
secator install addons worker && \
secator install addons gdrive && \
secator install addons gcs && \
secator install addons mongodb && \
secator install addons redis && \
secator install addons dev
RUN if [ "$build_from_source" = "true" ]; then secator config set security.force_source_install 1; fi
RUN if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
# Use cache mounts for tool installation directories to speed up builds
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
--mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/root/.cargo/git \
if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
ENTRYPOINT ["secator"]
13 changes: 11 additions & 2 deletions .docker/Dockerfile.debian
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,10 @@ RUN apt update -y && \
wget
COPY . /code
WORKDIR /code
RUN pipx install . && \
# Use cache mounts for pip and pipx to speed up dependency installation
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/pipx \
pipx install . && \
secator install addons worker && \
secator install addons gdrive && \
secator install addons gcs && \
Expand All @@ -36,5 +39,11 @@ RUN pipx install . && \
secator install addons dev
RUN secator install langs go
RUN if [ "$build_from_source" = "true" ]; then secator config set security.force_source_install 1; fi
RUN if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
# Use cache mounts for tool installation directories to speed up builds
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
--mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/root/.cargo/git \
if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
ENTRYPOINT ["secator"]
13 changes: 11 additions & 2 deletions .docker/Dockerfile.kali
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,22 @@ RUN apt update -y && \
wget
COPY . /code
WORKDIR /code
RUN pipx install . && \
# Use cache mounts for pip and pipx to speed up dependency installation
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/pipx \
pipx install . && \
secator install addons worker && \
secator install addons gdrive && \
secator install addons gcs && \
secator install addons mongodb && \
secator install addons redis && \
secator install addons dev
RUN if [ "$build_from_source" = "true" ]; then secator config set security.force_source_install 1; fi
RUN if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
# Use cache mounts for tool installation directories to speed up builds
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
--mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/root/.cargo/git \
if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
ENTRYPOINT ["secator"]
13 changes: 11 additions & 2 deletions .docker/Dockerfile.osx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,22 @@ RUN sudo pacman -Syu --noconfirm && \
COPY . /code
WORKDIR /code
USER arch
RUN pipx install . && \
# Use cache mounts for pip and pipx to speed up dependency installation
RUN --mount=type=cache,target=/home/arch/.cache/pip \
--mount=type=cache,target=/home/arch/.cache/pipx \
pipx install . && \
secator install addons worker && \
secator install addons gdrive && \
secator install addons gcs && \
secator install addons mongodb && \
secator install addons redis && \
secator install addons dev
RUN if [ "$build_from_source" = "true" ]; then secator config set security.force_source_install 1; fi
RUN if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
# Use cache mounts for tool installation directories to speed up builds
RUN --mount=type=cache,target=/home/arch/.cache/pip \
--mount=type=cache,target=/home/arch/.cache/go-build \
--mount=type=cache,target=/home/arch/go/pkg/mod \
--mount=type=cache,target=/home/arch/.cargo/registry \
--mount=type=cache,target=/home/arch/.cargo/git \
if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
ENTRYPOINT ["secator"]
13 changes: 11 additions & 2 deletions .docker/Dockerfile.ubuntu
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,22 @@ RUN apt update -y && \
COPY . /code
WORKDIR /code
RUN . scripts/install_go.sh
RUN pipx install . && \
# Use cache mounts for pip and pipx to speed up dependency installation
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/pipx \
pipx install . && \
secator install addons worker && \
secator install addons gdrive && \
secator install addons gcs && \
secator install addons mongodb && \
secator install addons redis && \
secator install addons dev
RUN if [ "$build_from_source" = "true" ]; then secator config set security.force_source_install 1; fi
RUN if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
# Use cache mounts for tool installation directories to speed up builds
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
--mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/root/.cargo/git \
if [ "$flavor" != "lite" ]; then secator install tools --cleanup --fail-fast; fi
ENTRYPOINT ["secator"]
2 changes: 1 addition & 1 deletion .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
uses: docker/setup-buildx-action@v3

- name: Build Docker image
run: "docker build -t freelabz/secator:${{ matrix.distribution }} -f .docker/Dockerfile.${{ matrix.distribution }} ."
run: "DOCKER_BUILDKIT=1 docker build -t freelabz/secator:${{ matrix.distribution }} -f .docker/Dockerfile.${{ matrix.distribution }} ."

- name: Run secator health check (strict)
run: docker run --privileged freelabz/secator:${{ matrix.distribution }} health --strict
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,10 @@ jobs:
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV

- name: Build Docker image (full)
run: docker build -t freelabz/secator:${VERSION} .
run: DOCKER_BUILDKIT=1 docker build -t freelabz/secator:${VERSION} .

- name: Build Docker image (lite)
run: docker build -t freelabz/secator:${VERSION}-lite --build-arg flavor=lite .
run: DOCKER_BUILDKIT=1 docker build -t freelabz/secator:${VERSION}-lite --build-arg flavor=lite .

- name: Tag image with 'latest'
run: docker tag freelabz/secator:${VERSION} freelabz/secator:latest
Expand Down
2 changes: 2 additions & 0 deletions cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ steps:
entrypoint: 'bash'
args: ['-c', 'docker pull ${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION} || exit 0']
- name: 'gcr.io/cloud-builders/docker'
env:
- 'DOCKER_BUILDKIT=1'
args: ['build', '-t', '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}', '--build-arg', 'flavor=${_FLAVOR}', '--cache-from', '${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/secator:${_VERSION}', '.']

substitutions:
Expand Down
Loading