Open Tchekda opened 2 years ago
I think you can use personal access token or deploy token to workaround the issue, since these token will be same build after build.
Can anyone here confirm if the Dockerfile cache would also invalidate in this case of dynamic ARG values (how this compares to docker's behaviour)?
I think you can use personal access token or deploy token to workaround the issue, since these token will be same build after build.
Hello, Sorry I missed your reply. In our case it wouldn't be viable because we work as a team and having someone's PAT used in a pipeline isn't in line with our security measures. Also, if that person were to leave the team, all pipelines would break immediately
Can anyone here confirm if the Dockerfile cache would also invalidate in this case of dynamic ARG values (how this compares to docker's behaviour)?
Yes, since the hash of the layer wouldn't be the same, docker won't pull it from the cache.
Would be great if possible to escape selected ARG from the cache key...
Hey! Has anyone found a solution for this case?
Actual behavior Gitlab is proving a uniquely generated
NPM_TOKEN
to the docker context in order to download private dependencies.Because of that the step
ARG NPM_TOKEN
isn't cached since this token changes each time. And so the build redownloads the wholenode_modules
folder which is fully unnecessary ifpackages.json
andyarn.lock
didn't not change.I hoped that kaniko cache could do something about it but since the hash is different, the cached layer isn't found.
Expected behavior Skip dependencies re-download if
packages.json
andyarn.lock
didn't changeAdditional Information
Triage Notes for the Maintainers
--cache
flag