feat(docker): cache apt archives to the Docker build cache

.github/actions/docker-build-and-push/action.yaml

@@ -85,110 +85,29 @@ runs:
         username: ${{ github.actor }}
         password: ${{ github.token }}
 
-    - name: Build and Push - prebuilt and devel
-      if: ${{ (github.event_name == 'push' && github.ref_type == 'branch') || github.event_name == 'schedule' }}
+    - name: Build and Push to GitHub Container Registry
+      if: ${{ github.event_name == 'push' || github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'registry') }}
       uses: docker/bake-action@v3
       with:
         push: ${{ inputs.allow-push == 'true' }}
         files: |
           docker/docker-bake.hcl
           ${{ steps.meta-prebuilt.outputs.bake-file }}
           ${{ steps.meta-devel.outputs.bake-file }}
-        targets: |
-          prebuilt
-          devel
-        provenance: false
-        set: |
-          ${{ inputs.build-args }}
-
-    - name: Build and Publish to GitHub Container Registry
-      if: ${{ ( github.event_name == 'push' && github.ref_type == 'tag' ) || ( github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'registry') }}
-      uses: docker/bake-action@v3
-      with:
-        push: true
-        files: |
-          docker/docker-bake.hcl
-          ${{ steps.meta-devel.outputs.bake-file }}
-          ${{ steps.meta-prebuilt.outputs.bake-file }}
           ${{ steps.meta-runtime.outputs.bake-file }}
         provenance: false
         set: |
           ${{ inputs.build-args }}
 
-    - name: Build and Save Artifacts
+    - name: Build only
       uses: docker/bake-action@v3
       with:
         push: false
         files: |
           docker/docker-bake.hcl
-          ${{ steps.meta-devel.outputs.bake-file }}
           ${{ steps.meta-prebuilt.outputs.bake-file }}
+          ${{ steps.meta-devel.outputs.bake-file }}
           ${{ steps.meta-runtime.outputs.bake-file }}
         provenance: false
         set: |
           ${{ inputs.build-args }}
-          prebuilt.output=type=docker,dest=/tmp/prebuilt.tar
-          devel.output=type=docker,dest=/tmp/devel.tar
-          runtime.output=type=docker,dest=/tmp/runtime.tar
-
-    - name: Upload Artifact - prebuilt
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'tarball' }}
-      id: artifact-upload-step-prebuilt
-      uses: actions/upload-artifact@v4
-      with:
-        name: prebuilt-image${{ inputs.tag-suffix }}
-        path: /tmp/prebuilt.tar
-        retention-days: 7
-        compression-level: 6
-        overwrite: true
-        if-no-files-found: error
-
-    - name: Remove tar file - prebuilt
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'tarball' }}
-      run: |
-        rm /tmp/prebuilt.tar
-      shell: bash
-
-    - name: Upload Artifact - devel
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'tarball' }}
-      id: artifact-upload-step-devel
-      uses: actions/upload-artifact@v4
-      with:
-        name: devel-image${{ inputs.tag-suffix }}
-        path: /tmp/devel.tar
-        retention-days: 7
-        compression-level: 6
-        overwrite: true
-        if-no-files-found: error
-
-    - name: Remove tar file - devel
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'tarball' }}
-      run: |
-        rm /tmp/devel.tar
-      shell: bash
-
-    - name: Upload Artifact - runtime
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'tarball' }}
-      id: artifact-upload-step-runtime
-      uses: actions/upload-artifact@v4
-      with:
-        name: runtime-image${{ inputs.tag-suffix }}
-        path: /tmp/runtime.tar
-        retention-days: 7
-        compression-level: 6
-        overwrite: true
-        if-no-files-found: error
-
-    - name: Remove tar file - runtime
-      if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.artifacts-destination == 'tarball' }}
-      run: |
-        rm /tmp/runtime.tar
-      shell: bash
-
-    - name: Output artifact URLs
-      id: output-artifact-urls
-      run: |
-        echo 'prebuilt URL ${{ steps.artifact-upload-step-prebuilt.outputs.artifact-url }}'
-        echo 'devel URL ${{ steps.artifact-upload-step-devel.outputs.artifact-url }}'
-        echo 'runtime URL ${{ steps.artifact-upload-step-runtime.outputs.artifact-url }}'
-      shell: bash

docker/Dockerfile

@@ -6,10 +6,14 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ARG ROS_DISTRO
 
 # Install apt packages and add GitHub to known hosts for private repositories
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
+RUN rm -f /etc/apt/apt.conf.d/docker-clean \
+  && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
   gosu \
   ssh \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache \
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache \
   && mkdir -p ~/.ssh \
   && ssh-keyscan github.com >> ~/.ssh/known_hosts
 
@@ -20,9 +24,11 @@ WORKDIR /autoware
 
 # Set up base environment
 RUN --mount=type=ssh \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
   ./setup-dev-env.sh -y --module base --runtime openadkit \
   && pip uninstall -y ansible ansible-core \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache \
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache \
   && echo "source /opt/ros/${ROS_DISTRO}/setup.bash" > /etc/bash.bashrc
 
 # Create entrypoint
@@ -37,10 +43,14 @@ COPY setup-dev-env.sh ansible-galaxy-requirements.yaml amd64.env arm64.env /auto
 COPY ansible/ /autoware/ansible/
 WORKDIR /autoware
 
+RUN rm -f /etc/apt/apt.conf.d/docker-clean \
+  && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 RUN --mount=type=ssh \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
   ./setup-dev-env.sh -y rosdep \
   && pip uninstall -y ansible ansible-core \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache
 
 # Copy repository files
 COPY src /autoware/src
@@ -72,19 +82,22 @@ ENV CXX="/usr/lib/ccache/g++"
 # cspell: ignore libcu libnv
 # Set up development environment
 RUN --mount=type=ssh \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
   ./setup-dev-env.sh -y --module all ${SETUP_ARGS} --no-cuda-drivers openadkit \
   && pip uninstall -y ansible ansible-core \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache \
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache \
   && find / -name 'libcu*.a' -delete \
   && find / -name 'libnv*.a' -delete
 
 # Install rosdep dependencies
 COPY --from=src-imported /rosdep-all-depend-packages.txt /tmp/rosdep-all-depend-packages.txt
 # hadolint ignore=SC2002
-RUN --mount=type=ssh \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
   apt-get update \
   && cat /tmp/rosdep-all-depend-packages.txt | xargs apt-get install -y --no-install-recommends \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache
 
 # Build Autoware
 COPY --from=src-imported /autoware/src /autoware/src
@@ -105,9 +118,11 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Install development tools and artifacts
 RUN --mount=type=ssh \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
   ./setup-dev-env.sh -y --module dev-tools openadkit \
   && pip uninstall -y ansible ansible-core \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache
 
 # Create entrypoint
 COPY docker/etc/ros_entrypoint.sh /ros_entrypoint.sh
@@ -125,11 +140,13 @@ ARG SETUP_ARGS
 COPY --from=src-imported /rosdep-exec-depend-packages.txt /tmp/rosdep-exec-depend-packages.txt
 # hadolint ignore=SC2002
 RUN --mount=type=ssh \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
   ./setup-dev-env.sh -y --module all ${SETUP_ARGS} --no-cuda-drivers --runtime openadkit \
   && pip uninstall -y ansible ansible-core \
   && apt-get update \
   && cat /tmp/rosdep-exec-depend-packages.txt | xargs apt-get install -y --no-install-recommends \
-  && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* "$HOME"/.cache \
+  && apt-get autoremove -y && rm -rf "$HOME"/.cache \
   && find /usr/lib/$LIB_DIR-linux-gnu -name "*.a" -type f -delete \
   && find / -name "*.o" -type f -delete \
   && find / -name "*.h" -type f -delete \