Skip to content

Test caching docker images #311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Sheikah45 wants to merge 1 commit into from
+5 −0
Closed

Test caching docker images #311

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/workflows/checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ jobs:
develop
${{ github.base_ref }}

- name: Cache Docker Images
uses: ScribeMD/docker-cache@0.5.0
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

What is the full commit SHA currently referenced by the GitHub Action tag ScribeMD/docker-cache@0.5.0?

💡 Result:

The GitHub Action tag ScribeMD/docker-cache@0.5.0 currently points to commit SHA fb28c93772363301b8d0a6072ce850224b73f74e [1][2]. This SHA is shown on GitHub’s tag listing for 0.5.0 (short form fb28c93) [1] and as the full 40-character commit in a workflow that uses uses: ScribeMD/docker-cache@0.5.0 [2].

Citations:

Pin ScribeMD/docker-cache to the immutable commit SHA.

Using @0.5.0 (a tag) is mutable and introduces supply-chain drift risk; CI behavior can change without code changes. Pin to the commit SHA instead.

Suggested patch 
-      - name: Cache Docker Images
-        uses: ScribeMD/docker-cache@0.5.0
+      - name: Cache Docker Images
+        # v0.5.0
+        uses: ScribeMD/docker-cache@fb28c93772363301b8d0a6072ce850224b73f74e
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: ScribeMD/docker-cache@0.5.0
- name: Cache Docker Images
# v0.5.0
uses: ScribeMD/docker-cache@fb28c93772363301b8d0a6072ce850224b73f74e
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/checks.yml at line 35, Replace the mutable action
reference "uses: ScribeMD/docker-cache@0.5.0" with an immutable commit SHA by
pinning to the action's exact commit (e.g., "uses:
ScribeMD/docker-cache@<commit-sha>"); update the line where the action is
referenced so the workflow uses the full commit hash instead of the version tag
to prevent supply-chain drift and optionally run the workflow to verify the SHA
is correct.

with:
key: ${{ github.ref_name }}
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/checks.yml

Repository: FAForever/gitops-stack

Length of output: 1183

🏁 Script executed:

find . -name "Tiltfile" -o -name "Dockerfile*" | head -20

Repository: FAForever/gitops-stack

Length of output: 77

🏁 Script executed:

# Check what Docker image definitions exist
fd -t f -e Dockerfile -o -name "Tiltfile" | head -20

Repository: FAForever/gitops-stack

Length of output: 297

🏁 Script executed:

# Get repository structure overview
git ls-files | grep -E "(Tiltfile|Dockerfile)" | head -20

Repository: FAForever/gitops-stack

Length of output: 75

🏁 Script executed:

git ls-files | grep -i dockerfile

Repository: FAForever/gitops-stack

Length of output: 48

🏁 Script executed:

# Also check if there are any Dockerfile variants
find . -type f \( -iname "dockerfile*" \) 2>/dev/null

Repository: FAForever/gitops-stack

Length of output: 48

🌐 Web query:

ScribeMD/docker-cache action hashFiles support parameters

💡 Result:

ScribeMD/docker-cache does not have any special “hashFiles support” parameter. What it does support is using GitHub Actions expression functions (like hashFiles) yourself when you set the action’s required input key. 1) Supported inputs - key (required): “The cache key to ferry to the official GitHub cache action” [1][2]. This is where you put something like docker-${{ runner.os }}-${{ hashFiles('docker-compose.yaml') }} (shown in the action docs as an example key strategy) [3][4]. - read-only (optional, default: false): If true, disables saving the cache upon cache miss [1][4]. 2) Using hashFiles with this action Example from the action docs: - name: Cache Docker images uses: ScribeMD/docker-cache@0.5.0 with: key: docker-${{ runner.os }}-${{ hashFiles(paths) }} [3][4] The docs also recommend changing the key to a “fast function of your Docker image versions”, giving hashFiles('docker-compose.yaml') as the idea [3][4]. 3) What is NOT supported - restore-keys is not supported by this action [1][4]. The README/action.yaml explicitly says partial cache restoration via restore-keys is not supported due to a “snowball” effect [1][4]. 4) Related behavior notes (for context) - This action caches images (pulled/built) but “does not perform Docker layer caching” [4][3]. If you paste your current workflow snippet (the uses: step and your with: block), I can suggest an exact key expression that matches the files that define which images/tags you pull or build.

Citations:

🏁 Script executed:

cat -n Tiltfile | head -100

Repository: FAForever/gitops-stack

Length of output: 5443

🏁 Script executed:

cat Tiltfile | grep -i "docker\|image" | head -30

Repository: FAForever/gitops-stack

Length of output: 433

🏁 Script executed:

# Check the full Tiltfile size and content
wc -l Tiltfile

Repository: FAForever/gitops-stack

Length of output: 79

🏁 Script executed:

cat Tiltfile | grep -E "docker_build|image:|load\(|local_resource" | head -20

Repository: FAForever/gitops-stack

Length of output: 754

🏁 Script executed:

# Check if there are any Docker image references or build definitions
rg "image:" Tiltfile -A 2 -B 2 | head -40

Repository: FAForever/gitops-stack

Length of output: 48

🏁 Script executed:

# Search for docker_build or any image building directives
rg "docker_build|load\(" Tiltfile

Repository: FAForever/gitops-stack

Length of output: 48

🏁 Script executed:

# Check the .github/workflows/checks.yml workflow more carefully for what gets cached
cat -n .github/workflows/checks.yml | tail -20

Repository: FAForever/gitops-stack

Length of output: 674

🏁 Script executed:

# Look for any Helm chart references that might define docker images
find . -name "values*.yaml" -o -name "Chart.yaml" | head -10

Repository: FAForever/gitops-stack

Length of output: 359

🏁 Script executed:

# Check what the tilt ci command does - look for references in Tiltfile
rg "ci\|CI" Tiltfile | head -10

Repository: FAForever/gitops-stack

Length of output: 48

🏁 Script executed:

# Look at Helm values to see what images are being pulled
head -50 ./apps/faf-api/values.yaml

Repository: FAForever/gitops-stack

Length of output: 100

🏁 Script executed:

# Check if Tiltfile has any references to pulling/loading docker images
rg "pull|load|docker" Tiltfile -i | head -20

Repository: FAForever/gitops-stack

Length of output: 2775

🏁 Script executed:

# Get a broader view of what Helm charts are used
find ./apps -name "values*.yaml" -type f | wc -l

Repository: FAForever/gitops-stack

Length of output: 69

🏁 Script executed:

# Check if Helm values or Chart files change between branches might require cache invalidation
ls -la ./apps/*/values*.yaml | head -5

Repository: FAForever/gitops-stack

Length of output: 458

🏁 Script executed:

# Verify the scope of Helm chart usage
rg "helm_with_build_cache\|k8s_yaml" Tiltfile | wc -l

Repository: FAForever/gitops-stack

Length of output: 68

Include configuration files in Docker cache key to prevent stale images across branches.

The Docker cache key currently depends only on github.ref_name, allowing images cached on one branch to be reused on another even when Tilt or Kubernetes configurations change. Include the Tiltfile in the cache hash. The pattern **/Dockerfile* is unnecessary (no Dockerfiles exist in this repository). Including .github/workflows/checks.yml in the key is overly broad; focus on files that define which images are deployed.

Suggested patch 
-          key: ${{ github.ref_name }}
+          key: docker-${{ github.ref_name }}-${{ hashFiles('Tiltfile') }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
key: ${{ github.ref_name }}
key: docker-${{ github.ref_name }}-${{ hashFiles('Tiltfile') }}
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/checks.yml at line 37, The Docker cache key currently uses
only the Git ref (key: ${{ github.ref_name }}) which can cause stale images
across branches; update the cache key generation to include the repository
Tiltfile (and any other image-defining config files) in its hash instead of the
broad `.github/workflows/checks.yml` or the unnecessary `**/Dockerfile*`
pattern—locate where `key: ${{ github.ref_name }}` is defined in the workflow
and append a hash of the Tiltfile (and any specific image config files) to the
key so the cache invalidates when those files change.


- name: Test Using Local Config
run: tilt ci --timeout "5m"

Expand Down
Loading