Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88ab5b27d4497ea4e344167a5c92c5aef461e137
OSIT-AE-App-Svelte/documentation/AE_Docker_CI_cache_policy.md

1.3 KiB
Raw Blame History

AE Docker CI Cache Policy (recommendation)

Purpose

  • Provide a straightforward policy to keep build caches useful but bounded.

Recommendations

  • Primary CI cache: registry-based buildx cache (preferred). Use a single cache ref (e.g. ghcr.io/ORG/REPO:cache) reused by CI builds.
  • Local dev cache: use --cache-to type=local for fast iteration but prune periodically.
  • Retention: keep registry cache for 30 days by default. Implement registry GC or lifecycle rule to delete older cache blobs.

Rotation strategy

  • Option A (simple): CI always writes to the same cache ref :cache. Periodically (monthly) run a job to docker pull and docker image rm older tags if you use date-based tagging.
  • Option B (date-tag): CI writes cache to cache-YYYYMMDD and a small scheduled job deletes tags older than 30 days.

Pruning commands (developer)

  • Remove local build cache older than 72 hours: 
    docker builder prune --filter "until=72h" --force
  • Remove all builder cache (aggressive): 
    docker builder prune --all --force

CI runner requirements

  • docker and docker buildx available in runner environment.
  • Registry credentials provided via CI secrets with permission to push/pull images.

Security & Secrets

  • Do not store registry credentials in repo. Use CI secret storage.
Reference in New Issue View Git Blame Copy Permalink