Add support for docker build caching, disabled by default

.github/actions/docker/action.yml

@@ -63,13 +63,9 @@ inputs:
     default: 'false'
     description: 'Generate tag only.'
     required: false
-  CACHE_FROM:
-    default: 'type=gha'
-    description: 'Cache from.'
-    required: false
-  CACHE_TO:
-    default: 'type=gha,mode=max'
-    description: 'Cache to.'
+  ENABLE_CACHE:
+    default: 'false'
+    description: 'Whether to use cache when building the image'
     required: false
 outputs:
   IMAGE_TAG:
@@ -126,15 +122,31 @@ runs:
       run: echo BUILD_ARGS=${{inputs.BUILD_ARGS}} >> $GITHUB_ENV
       shell: bash
 
-    - name: Build and export to Docker
+    - name: Build and export to Docker without cache
       uses: docker/build-push-action@v6
-      if: inputs.TAG_ONLY == 'false'
+      if: inputs.ENABLE_CACHE == 'false'
+      with:
+        load: true
+        tags: |
+          ${{ steps.meta.outputs.tags }}
+        no-cache: true
+        file: ${{ inputs.FILE }}
+        context: ${{ inputs.CONTEXT }}
+        # cannot use multiple platforms with `load`, build a single arch image for validation purposes in CI
+        platforms: linux/amd64
+        build-args: ${{ env.BUILD_ARGS }}
+        secrets: ${{ env.DOCKER_SECRETS }}
+
+    - name: Build and export to Docker with cache
+      uses: docker/build-push-action@v6
+      if: inputs.ENABLE_CACHE == 'true'
       with:
         load: true
         tags: |
           ${{ steps.meta.outputs.tags }}
-        # cache-from: type=gha
-        # cache-to: type=gha,mode=max
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        no-cache: false
         file: ${{ inputs.FILE }}
         context: ${{ inputs.CONTEXT }}
         # cannot use multiple platforms with `load`, build a single arch image for validation purposes in CI
@@ -155,16 +167,31 @@ runs:
         docker logs test
         ${{ inputs.CONTAINER_TEST_COMMAND }}
 
-    - name: Build and push
-      if: inputs.PUSH == 'true' # && inputs.TAG_ONY == 'false'
+    - name: Build and push with cache
+      if: inputs.PUSH == 'true' && inputs.ENABLE_CACHE == 'true'
+      uses: docker/build-push-action@v6
+      with:
+        push: true
+        tags: |
+          ${{ steps.meta.outputs.tags }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        no-cache: false
+        file: ${{ inputs.FILE }}
+        context: ${{ inputs.CONTEXT }}
+        platforms: ${{ inputs.PLATFORMS }}
+        build-args: ${{ env.BUILD_ARGS }}
+        secrets: ${{ env.DOCKER_SECRETS }}
+
+    - name: Build and push without cache
+      if: inputs.PUSH == 'true' && inputs.ENABLE_CACHE == 'false'
       uses: docker/build-push-action@v6
       with:
         push: true
         tags: |
           ${{ steps.meta.outputs.tags }}
-        cache-from: ${{ inputs.CACHE_FROM }}
-        cache-to: ${{ inputs.CACHE_TO }}}
         file: ${{ inputs.FILE }}
+        no-cache: true
         context: ${{ inputs.CONTEXT }}
         platforms: ${{ inputs.PLATFORMS }}
         build-args: ${{ env.BUILD_ARGS }}

.github/workflows/ci-build.yml

@@ -106,15 +106,10 @@ on:
         type: string
         description:  ref to pull and build default to github.ref
         required: false
-      CACHE_FROM:
-        type: string
-        default: 'type=gha'
-        description: 'Cache from.'
-        required: false
-      CACHE_TO:
-        type: string
-        default: 'type=gha,mode=max'
-        description: 'Cache to.'
+      ENABLE_DOCKER_BUILD_CACHE:
+        type: boolean
+        default: false
+        description: 'Whether to use cache when building the image'
         required: false
       ## Vault Secrets
       VAULT_SECRETS:
@@ -229,7 +224,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: signalwire/actions-template
-        ref: main
+        ref: ryanwi/docker-cache
         path: actions
 
     - uses: ./actions/.github/actions/gpg
@@ -280,8 +275,7 @@ jobs:
         CONTAINER_TEST_RUN_OPTIONS: ${{ inputs.CONTAINER_TEST_RUN_OPTIONS }}
         CONTAINER_TEST_COMMAND: ${{ inputs.CONTAINER_TEST_COMMAND }}
         OUTPUT_TAG_INDEX: ${{ inputs.OUTPUT_TAG_INDEX }}
-        CACHE_FROM: ${{ inputs.CACHE_FROM }}
-        CACHE_TO: ${{ inputs.CACHE_TO }}
+        ENABLE_CACHE: ${{ inputs.ENABLE_DOCKER_BUILD_CACHE }}
       env:
         GITHUB_TOKEN: ${{ github.token }}
         DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}

.github/workflows/ci.yml

@@ -151,6 +151,11 @@ on:
         default: .
         description: Whenever the WF requires a different path than . for the revision file
         required: false
+      ENABLE_DOCKER_BUILD_CACHE:
+        type: boolean
+        default: false
+        description: 'Whether to use cache when building the image'
+        required: false
       ## Vault Secrets
       VAULT_SECRETS:
         type: string
@@ -207,7 +212,7 @@ jobs:
 
   CHECK:
     name: CI
-    uses: signalwire/actions-template/.github/workflows/ci-check.yml@main
+    uses: signalwire/actions-template/.github/workflows/ci-check.yml@ryanwi/docker-cache
     with:
       ENVIRONMENT: ${{ inputs.ENVIRONMENT }}
       PROJECT_NAME: ${{ inputs.PROJECT_NAME }}
@@ -245,7 +250,7 @@ jobs:
   BUILD:
     name: BUILD
     needs: CHECK
-    uses: signalwire/actions-template/.github/workflows/ci-build.yml@main
+    uses: signalwire/actions-template/.github/workflows/ci-build.yml@ryanwi/docker-cache
     with:
       ENVIRONMENT: ${{ inputs.ENVIRONMENT }}
       PROJECT_NAME: ${{ inputs.PROJECT_NAME }}
@@ -269,6 +274,7 @@ jobs:
       VAULT_SECRETS: ${{ inputs.VAULT_SECRETS }}
       TELEPORT_APP: ${{ inputs.TELEPORT_APP }}
       TELEPORT_PROXY_URL: ${{ inputs.TELEPORT_PROXY_URL }}
+      ENABLE_DOCKER_BUILD_CACHE: ${{ inputs.ENABLE_DOCKER_BUILD_CACHE }}
     secrets:
       GH_BOT_DEPLOY_KEY: ${{ secrets.GH_BOT_DEPLOY_KEY }}
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}