ci: try to improve build times

.github/workflows/release.yml

@@ -12,7 +12,7 @@ on:
         required: true
         type: string
       ref:
-        description: 'Git ref to checkout (branch, tag, or SHA)'
+        description: 'Git ref to checkout'
         required: true
         default: 'main'
         type: string
@@ -29,73 +29,57 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      packages: write # Needed if you switch to GHCR, good practice
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.inputs.ref }}
+          ref: ${{ inputs.ref || github.ref }}
-        if: github.event_name == 'workflow_dispatch'
-
-      - name: Checkout code (non-manual)
-        uses: actions/checkout@v4
-        if: github.event_name != 'workflow_dispatch'
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      # This action handles all the logic for tags (nightly vs release vs custom)
+      - name: Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Logic for Push to Main -> nightly
+            type=raw,value=nightly,enable=${{ github.event_name == 'push' }}
+            # Logic for Release -> semver and latest
+            type=semver,pattern={{version}},enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+            # Logic for Manual Dispatch -> custom input
+            type=raw,value=${{ inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' }}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build and push nightly image
+      - name: Build and push
-        if: github.event_name == 'push'
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./docker/prod/django/Dockerfile
           push: true
           provenance: false
+          # Pass the calculated tags from the meta step
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           build-args: |
-            VERSION=nightly
+            VERSION=${{ steps.meta.outputs.version }}
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:nightly
           platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
 
-      - name: Build and push release image
+          # --- CACHE CONFIGURATION ---
-        if: github.event_name == 'release'
+          # We set a specific 'scope' key.
-        uses: docker/build-push-action@v6
+          # This allows the Release tag to see the cache created by the Main branch.
-        with:
+          cache-from: type=gha,scope=build-cache
-          context: .
+          cache-to: type=gha,mode=max,scope=build-cache
-          file: ./docker/prod/django/Dockerfile
-          push: true
-          provenance: false
-          build-args: |
-            VERSION=${{ github.event.release.tag_name }}
-          tags: |
-            ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push custom image
-        if: github.event_name == 'workflow_dispatch'
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./docker/prod/django/Dockerfile
-          push: true
-          provenance: false
-          build-args: |
-            VERSION=${{ github.event.inputs.tag }}
-          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.tag }}
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max

docker/prod/django/Dockerfile

@@ -11,12 +11,16 @@ RUN --mount=type=cache,target=/root/.cache/pip \
 
 FROM node:lts-alpine AS webpack_build
 WORKDIR /usr/src/frontend
+
+COPY ./frontend/package.json ./frontend/package-lock.json* ./
+
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci || npm install
+
 COPY ./frontend .
 COPY ./app/templates /usr/src/app/templates
-RUN --mount=type=cache,target=/root/.npm \
+
-    rm -rf node_modules package-lock.json && \
+RUN npm run build
-    npm install --verbose && \
-    npm run build
 
 FROM python:3.11-slim-bookworm AS python-run-stage
 
@@ -33,6 +37,7 @@ RUN addgroup --system app && \
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1
 
+# Install python dependencies from wheels
 COPY --from=python-build-stage /usr/src/app/wheels /wheels/
 RUN --mount=type=cache,target=/root/.cache/apt \
     apt-get update && \
@@ -47,6 +52,7 @@ COPY --chown=app:app ./docker/prod/procrastinate/start /start-procrastinate
 COPY --chown=app:app ./docker/prod/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 COPY --chown=app:app ./docker/prod/supervisord/supervisord.conf /etc/supervisord.conf
 COPY --chown=app:app ./docker/prod/supervisord/start /start-single
+
 RUN sed -i 's/\r$//g' /start && \
     chmod +x /start && \
     sed -i 's/\r$//g' /start-procrastinate && \