implement docker caching for faster builds

Signed-off-by: Jack Luar <[email protected]>

Author: luarss

.github/workflows/ci-secret.yaml

@@ -19,13 +19,16 @@ defaults:
 jobs:
   build-backend-docker:
     runs-on: self-hosted
+    permissions:
+      contents: read
+      packages: write
     steps:
     - name: Setup python
       uses: actions/setup-python@v5
       with:
         python-version: '3.12'
     - name: Install uv
-      uses: astral-sh/setup-uv@v6   
+      uses: astral-sh/setup-uv@v6
     - name: Checkout code
       uses: actions/checkout@v4
     - name: Setup prereqs
@@ -56,9 +59,48 @@ jobs:
       run: |
         cp ${{ secrets.PATH_TO_GOOGLE_APPLICATION_CREDENTIALS }} backend/src
         cp ${{ secrets.PATH_TO_GOOGLE_APPLICATION_CREDENTIALS }} evaluation/auto_evaluation/src
-    - name: Build Docker image
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build and push backend Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./backend
+        push: true
+        tags: |
+          ghcr.io/${{ github.repository }}/backend:latest
+          ghcr.io/${{ github.repository }}/backend:${{ github.sha }}
+        cache-from: |
+          type=registry,ref=ghcr.io/${{ github.repository }}/backend:cache
+          type=registry,ref=ghcr.io/${{ github.repository }}/backend:latest
+        cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/backend:cache,mode=max
+        load: true
+
+    - name: Build and push frontend Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./frontend/nextjs-frontend
+        push: true
+        tags: |
+          ghcr.io/${{ github.repository }}/frontend:latest
+          ghcr.io/${{ github.repository }}/frontend:${{ github.sha }}
+        cache-from: |
+          type=registry,ref=ghcr.io/${{ github.repository }}/frontend:cache
+          type=registry,ref=ghcr.io/${{ github.repository }}/frontend:latest
+        cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/frontend:cache,mode=max
+        load: true
+
+    - name: Start services with docker compose
       run: |
-        make docker-up
+        docker compose up -d
 
     - name: Run LLM CI
       id: llm_tests

.github/workflows/ci.yaml

@@ -17,14 +17,17 @@ defaults:
 jobs:
   build-backend-docker:
     runs-on: self-hosted
+    permissions:
+      contents: read
+      packages: write
     steps:
     - name: Setup python
       uses: actions/setup-python@v5
       with:
         python-version: '3.12'
 
     - name: Install uv
-      uses: astral-sh/setup-uv@v6   
+      uses: astral-sh/setup-uv@v6
 
     - name: Checkout code
       uses: actions/checkout@v4
@@ -45,6 +48,34 @@ jobs:
         cp .env.test .env
         make test
 
-    - name: Build Docker images
-      run: |
-        docker compose build
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build backend Docker image with cache
+      uses: docker/build-push-action@v5
+      with:
+        context: ./backend
+        push: false
+        tags: ghcr.io/${{ github.repository }}/backend:pr-${{ github.event.pull_request.number }}
+        cache-from: |
+          type=registry,ref=ghcr.io/${{ github.repository }}/backend:cache
+          type=registry,ref=ghcr.io/${{ github.repository }}/backend:latest
+        cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/backend:cache,mode=max
+
+    - name: Build frontend Docker image with cache
+      uses: docker/build-push-action@v5
+      with:
+        context: ./frontend/nextjs-frontend
+        push: false
+        tags: ghcr.io/${{ github.repository }}/frontend:pr-${{ github.event.pull_request.number }}
+        cache-from: |
+          type=registry,ref=ghcr.io/${{ github.repository }}/frontend:cache
+          type=registry,ref=ghcr.io/${{ github.repository }}/frontend:latest
+        cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/frontend:cache,mode=max

Makefile

@@ -23,15 +23,15 @@ check:
 
 .PHONY: docker-up
 docker-up:
-	@docker compose -f docker-compose.yml up --build --wait
+	@DOCKER_BUILDKIT=1 docker compose -f docker-compose.yml up --build --wait
 
 .PHONY: docker-down
 docker-down:
 	@docker compose -f docker-compose.yml down --remove-orphans
 
 .PHONY: docker-dev
 docker-dev:
-	@docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build --wait
+	@DOCKER_BUILDKIT=1 docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build --wait
 
 # --- Development Commands ---
 .PHONY: seed-credentials

backend/Dockerfile

@@ -2,6 +2,7 @@ FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
 
 WORKDIR /ORAssistant-backend
 
+# Install system dependencies (cacheable layer)
 RUN apt-get update && apt-get install -y \
     build-essential \
     curl \
@@ -15,13 +16,22 @@ RUN apt-get update && apt-get install -y \
     git lfs install && \
     rm -rf /var/lib/apt/lists/*
 
+# Install uv (cacheable layer)
 RUN pip install uv
 
-COPY ./pyproject.toml /ORAssistant-backend/pyproject.toml
+# Copy only dependency files first for better caching
+COPY ./pyproject.toml ./uv.lock* /ORAssistant-backend/
+
+# Install dependencies (cacheable layer - only rebuilds if dependencies change)
+RUN uv venv .venv && uv sync --dev
+
+# Copy the rest of the application
 COPY . .
 
-RUN uv venv .venv && uv sync --dev && uv run /ORAssistant-backend/src/post_install.py
+# Run post-install script
+RUN uv run /ORAssistant-backend/src/post_install.py
 
+# Download dataset (cacheable layer)
 RUN git clone https://huggingface.co/datasets/The-OpenROAD-Project/ORAssistant_RAG_Dataset && \
     mkdir -p data && \
     mv ORAssistant_RAG_Dataset/* data/ && \

docker-compose.yml

@@ -19,6 +19,7 @@ services:
       retries: 5
 
   backend:
+    image: ghcr.io/the-openroad-project/orassistant/backend:latest
     build:
       context: ./backend
     container_name: "backend"
@@ -42,8 +43,9 @@ services:
       timeout: ${HEALTHCHECK_TIMEOUT:-10s}
       retries: ${HEALTHCHECK_RETRIES:-5}
       start_period: ${HEALTHCHECK_START_PERIOD:-1200s}
-  
+
   frontend:
+    image: ghcr.io/the-openroad-project/orassistant/frontend:latest
     build:
       context: ./frontend/nextjs-frontend
     depends_on:

frontend/nextjs-frontend/Dockerfile

@@ -1,7 +1,11 @@
 # Install dependencies only when needed
 FROM node:22-alpine AS deps
 WORKDIR /app
+
+# Copy package files (cacheable layer - only rebuilds if dependencies change)
 COPY package.json package-lock.json* yarn.lock* ./
+
+# Install dependencies
 RUN \
   if [ -f yarn.lock ]; then yarn install --frozen-lockfile; \
   elif [ -f package-lock.json ]; then npm ci; \
@@ -10,21 +14,39 @@ RUN \
 # Rebuild the source code only when needed
 FROM node:22-alpine AS builder
 WORKDIR /app
+
+# Copy dependencies from deps stage
 COPY --from=deps /app/node_modules ./node_modules
-COPY . .
+
+# Copy only necessary source files
+COPY package.json ./
+COPY next.config.ts ./
+COPY tsconfig.json ./
+COPY tailwind.config.ts ./
+COPY postcss.config.mjs ./
+COPY app ./app
+COPY public ./public
+
+# Build the application
 RUN npm run build
 
 # Production image, copy all the files and run next
 FROM node:22-alpine AS runner
 WORKDIR /app
 
-ENV NODE_ENV production
+ENV NODE_ENV=production
+
+# Create a non-root user for security
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
 
 # Copy built assets from builder
-COPY --from=builder /app/public ./public
-COPY --from=builder /app/.next ./.next
-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/package.json ./package.json
+COPY --from=builder --chown=nextjs:nodejs /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next
+COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
+COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json
+
+USER nextjs
 
 EXPOSE 3000