From 0838c096079b8b430b8e309f5fbf748703918b4d Mon Sep 17 00:00:00 2001 From: Piotr Mlocek Date: Mon, 16 Mar 2026 17:54:50 -0700 Subject: [PATCH 1/2] perf(docker): move version ARG below cached layers to fix cache invalidation The OPENSHELL_CARGO_VERSION build arg contains a git commit hash that changes on every build (e.g. 0.0.7-dev.11+g085b131ae). Declaring this ARG near the top of each Dockerfile invalidated every layer below it -- including expensive dependency installs, toolchain setup, and the Rust dependency pre-build step -- on every single commit. Move the ARG declaration to just before the RUN that actually uses it so upstream layers stay cached. This recovers ~5-6 minutes per build on the gateway image (from ~9m back toward ~2-3m) and similarly improves cluster, CLI, and Python wheel builds. Also removes unused OPENSHELL_IMAGE_TAG ARG from cli-macos, python-wheels, and python-wheels-macos Dockerfiles. --- deploy/docker/Dockerfile.cli-macos | 5 +++-- deploy/docker/Dockerfile.cluster | 4 +++- deploy/docker/Dockerfile.gateway | 4 +++- deploy/docker/Dockerfile.python-wheels | 5 +++-- deploy/docker/Dockerfile.python-wheels-macos | 5 +++-- 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/deploy/docker/Dockerfile.cli-macos b/deploy/docker/Dockerfile.cli-macos index 2229923f..c495d533 100644 --- a/deploy/docker/Dockerfile.cli-macos +++ b/deploy/docker/Dockerfile.cli-macos @@ -18,8 +18,6 @@ FROM ${OSXCROSS_IMAGE} AS osxcross FROM python:3.12-slim AS builder -ARG OPENSHELL_CARGO_VERSION -ARG OPENSHELL_IMAGE_TAG ARG CARGO_TARGET_CACHE_SCOPE=default ENV PATH="/root/.cargo/bin:/usr/local/bin:/osxcross/bin:${PATH}" @@ -105,6 +103,9 @@ RUN touch crates/openshell-cli/src/main.rs \ crates/openshell-core/build.rs \ proto/*.proto +# Declare version ARG here (not earlier) so the git-hash-bearing value does not +# invalidate the expensive dependency-build layers above on every commit. +ARG OPENSHELL_CARGO_VERSION RUN --mount=type=cache,id=cargo-registry-cli-macos,sharing=locked,target=/root/.cargo/registry \ --mount=type=cache,id=cargo-git-cli-macos,sharing=locked,target=/root/.cargo/git \ --mount=type=cache,id=cargo-target-cli-macos-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \ diff --git a/deploy/docker/Dockerfile.cluster b/deploy/docker/Dockerfile.cluster index 49e29a98..56084076 100644 --- a/deploy/docker/Dockerfile.cluster +++ b/deploy/docker/Dockerfile.cluster @@ -76,7 +76,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certifi FROM --platform=$BUILDPLATFORM rust:1.88-slim AS supervisor-builder ARG TARGETARCH ARG BUILDARCH -ARG OPENSHELL_CARGO_VERSION ARG CARGO_TARGET_CACHE_SCOPE=default ARG SCCACHE_MEMCACHED_ENDPOINT @@ -132,6 +131,9 @@ RUN touch crates/openshell-sandbox/src/main.rs \ proto/*.proto # Build the supervisor binary +# Declare version ARG here (not earlier) so the git-hash-bearing value does not +# invalidate the expensive dependency-build layers above on every commit. +ARG OPENSHELL_CARGO_VERSION RUN --mount=type=cache,id=cargo-registry-supervisor-${TARGETARCH},sharing=locked,target=/usr/local/cargo/registry \ --mount=type=cache,id=cargo-target-supervisor-${TARGETARCH}-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \ --mount=type=cache,id=sccache-supervisor-${TARGETARCH},sharing=locked,target=/tmp/sccache \ diff --git a/deploy/docker/Dockerfile.gateway b/deploy/docker/Dockerfile.gateway index 05d2a46f..acf186c6 100644 --- a/deploy/docker/Dockerfile.gateway +++ b/deploy/docker/Dockerfile.gateway @@ -10,7 +10,6 @@ FROM --platform=$BUILDPLATFORM rust:1.88-slim AS builder ARG TARGETARCH ARG BUILDARCH -ARG OPENSHELL_CARGO_VERSION ARG CARGO_TARGET_CACHE_SCOPE=default # Install build dependencies @@ -68,6 +67,9 @@ RUN touch crates/openshell-server/src/main.rs \ proto/*.proto # Build the actual application +# Declare version ARG here (not earlier) so the git-hash-bearing value does not +# invalidate the expensive dependency-build layers above on every commit. +ARG OPENSHELL_CARGO_VERSION RUN --mount=type=cache,id=cargo-registry-gateway-${TARGETARCH},sharing=locked,target=/usr/local/cargo/registry \ --mount=type=cache,id=cargo-target-gateway-${TARGETARCH}-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \ --mount=type=cache,id=sccache-gateway-${TARGETARCH},sharing=locked,target=/tmp/sccache \ diff --git a/deploy/docker/Dockerfile.python-wheels b/deploy/docker/Dockerfile.python-wheels index 0cfe17eb..be0c62af 100644 --- a/deploy/docker/Dockerfile.python-wheels +++ b/deploy/docker/Dockerfile.python-wheels @@ -28,8 +28,6 @@ FROM base AS builder ARG TARGETARCH ARG BUILDARCH -ARG OPENSHELL_CARGO_VERSION -ARG OPENSHELL_IMAGE_TAG ARG CARGO_TARGET_CACHE_SCOPE=default ARG SCCACHE_MEMCACHED_ENDPOINT @@ -86,6 +84,9 @@ RUN touch crates/openshell-cli/src/main.rs \ crates/openshell-core/build.rs \ proto/*.proto +# Declare version ARG here (not earlier) so the git-hash-bearing value does not +# invalidate the expensive dependency-build layers above on every commit. +ARG OPENSHELL_CARGO_VERSION RUN --mount=type=cache,id=cargo-registry-python-wheels-${TARGETARCH},sharing=locked,target=/root/.cargo/registry \ --mount=type=cache,id=cargo-git-python-wheels-${TARGETARCH},sharing=locked,target=/root/.cargo/git \ --mount=type=cache,id=cargo-target-python-wheels-${TARGETARCH}-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \ diff --git a/deploy/docker/Dockerfile.python-wheels-macos b/deploy/docker/Dockerfile.python-wheels-macos index fb4199af..d8885f97 100644 --- a/deploy/docker/Dockerfile.python-wheels-macos +++ b/deploy/docker/Dockerfile.python-wheels-macos @@ -12,8 +12,6 @@ FROM ${OSXCROSS_IMAGE} AS osxcross FROM python:${PYTHON_VERSION}-slim AS builder ARG TARGETARCH -ARG OPENSHELL_CARGO_VERSION -ARG OPENSHELL_IMAGE_TAG ARG CARGO_TARGET_CACHE_SCOPE=default ENV PATH="/root/.cargo/bin:/usr/local/bin:/osxcross/bin:${PATH}" @@ -93,6 +91,9 @@ RUN touch crates/openshell-cli/src/main.rs \ crates/openshell-core/build.rs \ proto/*.proto +# Declare version ARG here (not earlier) so the git-hash-bearing value does not +# invalidate the expensive dependency-build layers above on every commit. +ARG OPENSHELL_CARGO_VERSION RUN --mount=type=cache,id=cargo-registry-python-wheels-macos-${TARGETARCH},sharing=locked,target=/root/.cargo/registry \ --mount=type=cache,id=cargo-git-python-wheels-macos-${TARGETARCH},sharing=locked,target=/root/.cargo/git \ --mount=type=cache,id=cargo-target-python-wheels-macos-${TARGETARCH}-${CARGO_TARGET_CACHE_SCOPE},sharing=locked,target=/build/target \ From 317d7f99bd28f0b264d942314727fbedef78dcfd Mon Sep 17 00:00:00 2001 From: Piotr Mlocek Date: Mon, 16 Mar 2026 18:02:55 -0700 Subject: [PATCH 2/2] Test