docker
Access to main branch cache form feature branch
Description
Hello,
I'm trying to speed up builds on feature branches, by pulling cache form main but I'm not able to achieve that. Following Github documentation it should be possible:
Access restrictions provide cache isolation and security by creating a logical boundary between different branches or tags. Workflow runs can restore caches created in either the current branch or the default branch (usually main).
I used something like this in my workflows:
feature branch:
- name: Build and export
uses: docker/build-push-action@v5
with:
context: .
cache-from: |
type=gha
type=gha,scope=main
cache-to: type=gha,mode=min,scope=main
build-args: |
VERSION=""
load: true
tags: app:latest
outputs: type=docker,dest=build.tar
main branch:
- name: Build and export
uses: docker/build-push-action@v5
with:
context: .
cache-from: type=gha,scope=main
cache-to: type=gha,mode=min,scope=main
build-args: |
VERSION=""
load: true
tags: app:latest
outputs: type=docker,dest=build.tar
I was doing some variation of that solution, as setting only the same scope for both branches or removing scope form main branch, but nothing worked for me.
Do you have any suggestion? Thanks in advance.
Access restrictions provide cache isolation and security by creating a logical boundary between different branches or tags. Workflow runs can restore caches created in either the current branch or the default branch (usually main).
I don't think it means you have access to default branch cache from a feature branch.
You can check this yourself by looking at the "GitHub Actions runtime token ACs" section in the action logs: https://github.com/docker/build-push-action/actions/runs/9478782186/job/26115912211#step:4:15
In this case the PR #1667 has read access to refs/heads/master cache.
Hello,
I checked it and token have read access to main branch:
Run docker/build-push-action@v5
GitHub Actions runtime token ACs
refs/pull/6/merge: read/write
refs/heads/main: read
So I think this is not a problem