The BuildKit Cache Dance

Save RUN --mount=type=cache caches on GitHub Actions or other CI platforms

The BuildKit Cache Dance allows saving RUN --mount=type=cache caches on GitHub Actions or other CI platforms by extracting the cache from the previous build and injecting it into the current build.

Use cases:

• apt-get (/var/cache/apt, /var/lib/apt)
• Go (/root/.cache/go-build)
• etc.

This reproducible-containers/buildkit-cache-dance action was forked from overmindtech/buildkit-cache-dance (archived on September 2023). This action be used for "non-reproducible" containers too.

Examples

apt-get GitHub Actions

Dockerfile:

FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive
RUN \
  --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  rm -f /etc/apt/apt.conf.d/docker-clean && \
  echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache && \
  apt-get update && \
  apt-get install -y gcc

Action:

---
name: Build
on:
  push:

jobs:
  Build:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
        id: setup-buildx
      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: Build

      - name: Cache
        uses: actions/cache@v4
        id: cache
        with:
          path: cache-mount
          key: cache-mount-${{ hashFiles('Dockerfile') }}

      - name: Restore Docker cache mounts
        uses: reproducible-containers/buildkit-cache-dance@v3
        with:
          builder: ${{ steps.setup-buildx.outputs.name }}
          cache-dir: cache-mount
          dockerfile: Dockerfile
          skip-extraction: ${{ steps.cache.outputs.cache-hit }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          cache-from: type=gha
          cache-to: type=gha,mode=max
          file: Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

Real-world examples:

• https://github.com/rootless-containers/slirp4netns/blob/v1.2.2/.github/workflows/release.yaml#L18-L36
• https://github.com/containers/fuse-overlayfs/blob/40e0f3c/.github/workflows/release.yaml#L17-L36

CacheMap Options

If you require more fine grained control you can manually specify a JSON formatted cache-map. The keys specify the paths on the Docker builder host to use as the bind source and the string value provides the cache mount target within the Docker build:

      - name: Restore Docker cache mounts
        uses: reproducible-containers/buildkit-cache-dance@v3
        with:
          builder: ${{ steps.setup-buildx.outputs.name }}
          cache-map: |
            {
              "var-cache-apt": "/var/cache/apt",
              "var-lib-apt": "/var/lib/apt"
            }
          skip-extraction: ${{ steps.cache.outputs.cache-hit }}

Alternatively, you can provide a JSON object with additional options that should be passed to --mount=type=cache in the values cache-map JSON. The target path must be present in the object as a property.

      - name: Restore Docker cache mounts
        uses: reproducible-containers/buildkit-cache-dance@v3
        with:
          builder: ${{ steps.setup-buildx.outputs.name }}
          cache-map: |
            {
              "var-cache-apt": {
                "target": "/var/cache/apt",
                "id": "1"
              },
              "var-lib-apt": "/var/lib/apt"
            }
          skip-extraction: ${{ steps.cache.outputs.cache-hit }}

Action Inputs

The following inputs are available when using this action in a GitHub workflow:

• cache-map: JSON formatted map of source paths to container destination paths or mount arguments. If not provided, auto-discovery from Dockerfile is used.
• dockerfile: The Dockerfile to use for auto-discovery of cache-map. Default: Dockerfile
• cache-dir: Root directory where cache content is injected from/extracted to when using auto-discovery. If not provided, each cache mount target will be used as source path.
• scratch-dir: Where the action stores temporary files for processing. Default: scratch
• skip-extraction: Skip the extraction of the cache from the docker container. Default: false
• save-always: Run the post step to save the cache even if another step before fails. Default: false
• utility-image: Container image to use for injecting and extracting the cache. Default: ghcr.io/containerd/busybox:latest
• builder: The name of the buildx builder. Default: default
• extract: Extract the cache from the docker container (post step). When false, inject the cache (main step). Default: false

Example using the extract input:

      - name: Extract Docker cache mounts manually
        uses: reproducible-containers/buildkit-cache-dance@v3
        with:
          builder: ${{ steps.setup-buildx.outputs.name }}
          cache-dir: cache-mount
          extract: true

CLI Usage

In other CI systems, you can run the script directly via node:

curl -LJO https://github.com/reproducible-containers/buildkit-cache-dance/archive/refs/tags/v3.1.0.tar.gz
tar xvf buildkit-cache-dance-3.1.0.tar.gz

During injection:

node  ./buildkit-cache-dance-3.1.0/dist/index.js --cache-map '{"var-cache-apt": "/var/cache/apt", "var-lib-apt": "/var/lib/apt"}'

After build during extraction:

node  ./buildkit-cache-dance-3.1.0/dist/index.js --extract --cache-map '{"var-cache-apt": "/var/cache/apt", "var-lib-apt": "/var/lib/apt"}'

Here are the available options:

build-cache-dance [options]
Save 'RUN --mount=type=cache' caches on GitHub Actions or other CI platforms

Options:
  --extract      Extract the cache from the docker container (extract step). Otherwise, inject the cache (main step)
  --cache-map    The map of actions source to container destination paths for the cache paths
  --dockerfile   The Dockerfile to use for the auto-discovery of cache-map. Default: 'Dockerfile'
  --cache-dir    The root directory where cache content is injected from/extracted to when using auto-discovery of the cache-map.
  --scratch-dir  Where the action is stores some temporary files for its processing. Default: 'scratch'
  --skip-extraction  Skip the extraction of the cache from the docker container
  --builder     The name of the buildx builder. Default: 'default'
  --help         Show this help

Releases

v1

v1 follows the original design of overmindtech/buildkit-cache-dance.

v1 is composed of two actions:

• reproducible-containers/buildkit-cache-dance/[email protected]
• reproducible-containers/buildkit-cache-dance/[email protected]

See the releases/v1 branch.

v2

v2 is composed of the single reproducible-containers/buildkit-cache-dance action.

v3

Rewrote the action in TypeScript and adds support for cache-map that gets a string of files that need to be injected as a JSON string. This makes it possible to inject multiple directories in one call and simplifies the usage.

This release also makes it possible to run the script outside GitHub Actions in other CI platforms or locally using command line arguments.

Acknowledgement

• Thanks to Alexander Pravdin for the basic idea in this comment.
• Thanks to the authors of the original overmindtech/buildkit-cache-dance.