Running into a really weird issue where my multi-layer build caches correctly when I run

pulumi up

locally, but re-builds each layer with no caching when run in GitHub Actions. Excerpt from Pulumi `index.ts`:

const image = repo.buildAndPushImage({
  target: 'app',
  cacheFrom: { stages: ['deps', 'files', 'app'] },
  context: '../',
})

Dockerfile is essentially:

FROM external.image as deps
# install dependencies

FROM deps as files
# copy in some files, precompile assets

FROM files as app
# copy in other files, build app

When run locally, it builds each layer and uploads to the repo. When I run it in GitHub Actions, it does this: • builds

deps

• builds

deps

again as part of building

files

• builds

files

• builds

deps

again as part of building

app

• builds

files

again as part of building

app

• builds

app

Not sure why caching is failing to work only in CI. Any thoughts?

is your CI-agent running in a container that maybe doesn't have access to the docker directory on the agent itself? You want to make sure your docker directory is being preserved across runs

I've had success with building docker images (with layer caching) in github actions before, but my goal here is to build the image within Pulumi, since otherwise I'd need to create the ECR repository outside of Pulumi, and I'd like all resources for the deployment to be defined in Pulumi

So you may need to verify that whatever action you are using has access to the local docker directory on that instance? Or maybe you mount some pre-selected directory to be the docker directory and tell docker to use that instead via environment variables, so it looks the same place each run?

That makes sense -- it may be some issue with GitHub Actions and Pulumi not playing well together when it comes to the docker image cache. I'll look into it. Is there a way to tell Pulumi where to store images locally? (I'm using

repo.buildAndPushImage

)

well I think under the hood pulumi is just using the

docker

CLI so if docker supports an environment variable to specify the directory you could probably just set that and pulumi doesn't need to be aware of the difference

Yep! I'm using

const image = repo.buildAndPushImage({
  target: 'app',
  cacheFrom: { stages: ['deps', 'files', 'app'] },
  context: '../',
})

where the stages are the names of the targets in my multi-stage build (see dockerfile example above)

Gotcha. Are you using the pulumi-provided Github Action?

Yes:

- name: Add Pulumi CLI
        uses: pulumi/action-install-pulumi-cli@v1

      - name: Install Pulumi CLI
        run: cd deploy && npm install

      - uses: pulumi/actions@v3
        with:
          command: up
          stack-name: ${{ env.STACK_NAME }}
          work-dir: deploy
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

Cool so maybe @broad-dog-22463 can clarify how they intend for you to utilize docker build caching

It looks like it's correctly caching from the remote repo when the digest matches, but not caching layers built locally. So if the dependencies don't change, it'll use the cached

deps

correctly, but then will end up building

files

and

app

twice still

I was poking at similar issues a while back and had some success with enabling the new I was poking at similar issues not too long ago, and had some success with enabling Buildx on GHA. Seems to cache things a bit more reliably. 🤷 Could try sticking this step before the Pulumi one:

- uses: docker/setup-buildx-action@v1
  with:
    install: true

Thanks! I'll give it a try