Use repository caching for master build

One problem that our master builds may have is that they retain more and
more layers of old builds, as there is no easy way of purging them from
the cache. As such master cache would not have benefits over using
repository-based caching, I've removed persistent local caching for
non-PR builds.

3 files changed, 32 insertions, 39 deletions

diff --git a/.github/workflows/lint-test-build-push.yaml b/.github/workflows/lint-test-build-push.yaml
index 8dd9b34..62691ab 100644
--- a/.github/workflows/lint-test-build-push.yaml
+++ b/.github/workflows/lint-test-build-push.yaml
@@ -23,9 +23,16 @@ jobs:
         run: |
           tag=$(cut -c 1-7 <<< $GITHUB_SHA)
           echo "::set-output name=tag::$tag"
+
       - name: Checkout code
         uses: actions/checkout@v2
 
+      # The current version (v2) of Docker's build-push action uses
+      # buildx, which comes with BuildKit features that help us speed
+      # up our builds using additional cache features. Buildx also
+      # has a lot of other features that are not as relevant to us.
+      #
+      # See https://github.com/docker/build-push-action
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
@@ -36,38 +43,33 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GHCR_TOKEN  }}
 
-      # Set up a caching directory for image layers. According to the docker
-      # documentation, it's recommended to use a SHA-based key to get the
-      # greatest change of finding the most relevant cached layer. We fall
-      # down to more generic containers by then matching by GitHub branch,
-      # to use cache generated earlier in the same branch, and finally to
-      # the latest cache in general. The `v0` is purely a cache version
-      # indicator that can be incremented manually if we want to invalidate
-      # old caches completely.
+      # Create a local cache directory for PR builds, as the image
+      # we build for PRs may start to deviate from the "latest" image
+      # currently registered in the GHCR. For master, the best we can
+      # do is use the previous master build, which can be cached from
+      # the GHCR.
       - name: Cache Image Layers
+        if: github.event_name == 'pull_request'
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-v0-buildx-${{ github.ref }}-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}-v0-buildx-${{ github.ref }}-
-            ${{ runner.os }}-v0-buildx-
 
-      # Build the image we need for testing/linting the current codebase,
-      # without pushing the image to the GHCR. Instead, we load it into
-      # the runner's docker environment so we can run it later. The
-      # target of this build is the `venv` stage of the Dockerfile, as we
-      # don't want to include the final production entry point stage.
+      # Build the image we need for linting and testing using the
+      # `venv` target stage within our Dockerfile. We load the image
+      # into the runner's Docker image collection so we can run it
+      # later.
       #
-      # This build caches to our GitHub Actions cache and uses that cache
-      # during the build process as well. If no GitHub Actions cache was
-      # available, it will use the latest intermediate images pushed to
-      # the GHCR as a cache source.
+      # The image includes an inline cache manifest to support caching
+      # from the GHCR, which means that a build can pull the layers it
+      # can reuse instead of building them from scratch.
       - name: Build image for linting and testing
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./Dockerfile
           push: false
           load: true
           target: venv
@@ -147,61 +149,52 @@ jobs:
           coveralls
 
       # Final build stage. This is run in the same job with conditions
-      # to prevent us from having to reload the caching directory. We
-      # already built a huge chunk of the image before this point in
-      # the run, so it does not make sense to drop down to a completely
-      # fresh build environment in a new worker/runner.
+      # in order to use the local build cache generated by buildx while
+      # building the `venv` image in the lint/test phase.
 
       # Build the final production image and push it to GHCR, tagging it
       # both with the short commit SHA and 'latest'. This step should use
-      # the cache that was just generated when we built the test container.
+      # the local build cache of the current run.
       - name: Build final image
         if: env.production_build == 'true'
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./Dockerfile
           push: true
           cache-from: |
-            type=local,src=/tmp/.buildx-cache
             ghcr.io/python-discord/snekbox-base:latest
             ghcr.io/python-discord/snekbox-venv:latest
             ghcr.io/python-discord/snekbox:latest
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          cache-to: type=inline
           tags: |
             ghcr.io/python-discord/snekbox:latest
             ghcr.io/python-discord/snekbox:${{ steps.sha_tag.outputs.tag }}
 
-      # Push the base image to GHCR, *with* an inline cache manifest to
-      # ensure we can use this image as a cache source if our GitHub Actions
-      # "local" cache failed to be restored. GHCR does not support pushing a
-      # separate cache manifest, meaning we have to use an "inline" manifest.
+      # Push the base image to GHCR, with an inline cache manifest
       - name: Push base image
         if: env.production_build == 'true'
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./Dockerfile
           target: base
           push: true
           cache-from: |
-            type=local,src=/tmp/.buildx-cache
             ghcr.io/python-discord/snekbox-base:latest
           cache-to: type=inline
           tags: ghcr.io/python-discord/snekbox-base:latest
 
-      # Push the venv image to GHCR *with* an inline cache manifest. See
-      # the comment attached to the previous step for more information.
+      # Push the venv image to GHCR, with an inline cache manifest
       - name: Push venv image
         if: env.production_build == 'true'
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./Dockerfile
           target: venv
           push: true
           cache-from: |
-            type=local,src=/tmp/.buildx-cache
             ghcr.io/python-discord/snekbox-base:latest
             ghcr.io/python-discord/snekbox-venv:latest
           cache-to: type=inline
diff --git a/docker/Dockerfile b/Dockerfile
index ea05c5c..ed199a0 100644
--- a/docker/Dockerfile
+++ b/Dockerfile
@@ -59,5 +59,5 @@ FROM venv
 ENTRYPOINT ["gunicorn"]
 CMD ["-c", "config/gunicorn.conf.py", "snekbox.api.app"]
 
-COPY . /snekbox
+COPY docker /snekbox
 WORKDIR /snekbox
diff --git a/docker-compose.yml b/docker-compose.yml
index 066f38b..3062af3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,4 +10,4 @@ services:
     ipc: none
     build:
       context: .
-      dockerfile: docker/Dockerfile
+      dockerfile: Dockerfile