From 8b68651ba89ba6ad16b0df5565cd500eb7b7ef01 Mon Sep 17 00:00:00 2001
From: Gustavo Valverde <gustavo@iterativo.do>
Date: Tue, 3 May 2022 10:13:28 -0400
Subject: [PATCH] fix(build): avoid docker cache contamination and invalidation
 (#4254)

* imp(build): reduce docker cache invalidation

Use scoped caching and more file ignores to reduce cache invalidation

* fix(build): add entrypoint.sh as a required file

* fix(build): do not logout if the build takes too long

* Add 'doc comment' about .dockerignore

Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
---
 .dockerignore                            | 29 +++++++++++++++++++-----
 .github/workflows/docker-image-build.yml |  6 +++--
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index fae64da0f..12a78c0d7 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,23 @@
-target
-Dockerfile
-.dockerignore
-.git
-.github
-.gitignore
+# Before the docker CLI sends the context to the docker daemon, it looks for a file 
+# named .dockerignore in the root directory of the context. If this file exists, the 
+# CLI modifies the context to exclude files and directories that match patterns in it. 
+#
+# You may want to specify which files to include in the context, rather than which 
+# to exclude. To achieve this, specify * as the first pattern, followed by one or 
+# more ! exception patterns.
+# 
+# https://docs.docker.com/engine/reference/builder/#dockerignore-file
+
+# Exclude everything:
+#
+*
+
+# Now un-exclude required files and folders:
+#
+!.cargo
+!*.toml
+!*.lock
+!tower-*
+!zebra-*
+!zebrad
+!docker/entrypoint.sh
diff --git a/.github/workflows/docker-image-build.yml b/.github/workflows/docker-image-build.yml
index eab2af7f2..7cc5c5b65 100644
--- a/.github/workflows/docker-image-build.yml
+++ b/.github/workflows/docker-image-build.yml
@@ -93,6 +93,7 @@ jobs:
           registry: us-docker.pkg.dev
           username: oauth2accesstoken
           password: ${{ steps.auth.outputs.access_token }}
+          logout: false
 
       - name: Login to Google Container Registry
         uses: docker/login-action@v1.14.1
@@ -100,6 +101,7 @@ jobs:
           registry: gcr.io
           username: oauth2accesstoken
           password: ${{ steps.auth.outputs.access_token }}
+          logout: false
 
       # Build and push image to Google Artifact Registry
       - name: Build & push
@@ -121,5 +123,5 @@ jobs:
             CHECKPOINT_SYNC=${{ inputs.checkpoint_sync }}
             RUST_LOG=${{ inputs.rust_log }}
           push: true
-          cache-from: type=registry,ref=us-docker.pkg.dev/zealous-zebra/zebra/${{ inputs.image_name }}:${{ env.GITHUB_REF_SLUG_URL }}-buildcache
-          cache-to: type=registry,ref=us-docker.pkg.dev/zealous-zebra/zebra/${{ inputs.image_name }}:${{ env.GITHUB_REF_SLUG_URL }}-buildcache,mode=max
+          cache-from: type=gha,scope=${{ inputs.image_name }}
+          cache-to: type=gha,mode=max,scope=${{ inputs.image_name }}