search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.11k stars 526 forks source link

Access to main branch cache form feature branch #1103

Open rrabenda opened 2 months ago

rrabenda commented 2 months ago

Description

Hello,

I'm trying to speed up builds on feature branches, by pulling cache form main but I'm not able to achieve that. Following Github documentation it should be possible:

Access restrictions provide cache isolation and security by creating a logical boundary between different branches or tags. Workflow runs can restore caches created in either the current branch or the default branch (usually main).

I used something like this in my workflows:

feature branch:

- name: Build and export
  uses: docker/build-push-action@v5
  with:
    context: .
    cache-from:  |
      type=gha
      type=gha,scope=main
    cache-to: type=gha,mode=min,scope=main
    build-args: |
      VERSION=""
    load: true
    tags: app:latest
    outputs: type=docker,dest=build.tar

main branch:

- name: Build and export
  uses: docker/build-push-action@v5
  with:
    context: .
    cache-from: type=gha,scope=main
    cache-to: type=gha,mode=min,scope=main
    build-args: |
      VERSION=""
    load: true
    tags: app:latest
    outputs: type=docker,dest=build.tar

I was doing some variation of that solution, as setting only the same scope for both branches or removing scope form main branch, but nothing worked for me.

Do you have any suggestion? Thanks in advance.

crazy-max commented 3 weeks ago

Access restrictions provide cache isolation and security by creating a logical boundary between different branches or tags. Workflow runs can restore caches created in either the current branch or the default branch (usually main).

I don't think it means you have access to default branch cache from a feature branch.

You can check this yourself by looking at the "GitHub Actions runtime token ACs" section in the action logs: https://github.com/docker/build-push-action/actions/runs/9478782186/job/26115912211#step:4:15

image

In this case the PR #1667 has read access to refs/heads/master cache.

rrabenda commented 2 weeks ago

Hello,

I checked it and token have read access to main branch:

Run docker/build-push-action@v5
GitHub Actions runtime token ACs
  refs/pull/6/merge: read/write
  refs/heads/main: read

So I think this is not a problem