Add cache to container build

[TheFox0x7]

add mount cache directives to container builds, which speeds up local builds bypassing node and go package download entirely on second build and caching go compilation.
drop job level split on regular/rootless, which allows to reuse the previously made stage for rootless, skipping duplicate builds in CI.

[TheFox0x7]

replaces #34876 and #27998 to a lesser degree.

I've tried to trim down CI time further but I can either optimize for local or CI builds because dockers caching system allows to push layers to registry but it does not allow to share mounted cache in any way. I've tried using one action to do so but it did not work at all and maybe for the better as juggling the cache wouldn't be too fun if something went wrong.

It would be possible to optimize for layers here (which I've sort of done) and have them pushed to registry on nightly builds then pulled during every other one but it then removes the mountable cache completely as when both are used they are unreliable (cache is empty and layers apply as if it worked).

[silverwind]

Just add this to the Dockerfiles instead:

LABEL org.opencontainers.image.authors="maintainers@gitea.io"

Ref: https://docs.docker.com/reference/build-checks/maintainer-deprecated/

[silverwind]

Note, Dockerfiles do already have a maintainer label:

gitea/Dockerfile

Line 45 in 8085c75

LABEL maintainer="maintainers@gitea.io"

It's probably better to use org.opencontainers.image.authors instead, but definitely not two labels for the same thing.

[TheFox0x7]

I moved it to tag generation to avoid having implicitly marking user built containers as maintained by gitea, but I can move back into the container if it's not a concern.

[silverwind]

Hmm makes sense your way I guess. Would just like to avoid duplication.

[wxiaoguang]

By the way, to speed up the "github actions release", I can see a much faster approach:

1. Build release binaries first (they will be released to https://dl.gitea.com/gitea/)
2. Use these pre-built binaries and just copy them into the container image, no need to build anymore.

(The container build cache can still be supported for developers who need to build the images by themselves)

[TheFox0x7]

How would you keep it sane though? It is a good idea (though I thought of it in inverse - take binaries from docker nvm windows builds exist). But I don't see how you'd add the binary without another Dockerfile with ADD for remote resource. That could replace the existing ones sure but then I can't exactly make my own container.
How do you see it?

[wxiaoguang]

Just an idea 😄 not sure whether it brings enough value

[TheFox0x7]

I'd say it does but inverse (binary from container) would be simpler to do (safe for windows builds). I can look at it later.

Is the git checkout in container even used btw? I don't exactly see a usecase for it...
I mean I do but I'm not sure why would someone use that instead of checking out the version with git. Maybe I'm missing something?

[wxiaoguang]

Is the git checkout in container even used btw? I don't exactly see a usecase for it... I mean I do but I'm not sure why would someone use that instead of checking out the version with git. Maybe I'm missing something?

Agree with you. That checkout came from "Docker multi-stage (#2927)", it seems no real use case for it.

• permit to chose the version of the binary build via --build-arg GITEA_VERSION=v1.2.3

If removing it can make the whole system simpler, maybe it's fine to remove it.

If removing it doesn't simplify, maybe it can still be kept for a while.

---

Update: it just conflicts the GITEA_VERSION used by Makefile:

• In Makefile, GITEA_VERSION means always set it as the version, no matter what commit it uses
• In Dockerfile, GITEA_VERSION means "checkout the target branch" .....

[wxiaoguang]

Overall LGTM.

The new approach looks pretty cool and much clearer than before.

[lunny]

I tried to build images locally but got such error.

docker build . -t gitea/gitea:cache-container
[+] Building 11.7s (16/21)                                                                                                                docker:desktop-linux
 => [internal] load build definition from Dockerfile                                                                                                      0.1s
 => => transferring dockerfile: 2.31kB                                                                                                                    0.0s
 => resolve image config for docker-image://docker.io/docker/dockerfile:1                                                                                 1.6s
 => [auth] docker/dockerfile:pull token for registry-1.docker.io                                                                                          0.0s
 => docker-image://docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6                                  0.9s
 => => resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6                                      0.0s
 => => sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 8.40kB / 8.40kB                                                            0.0s
 => => sha256:53813717d076769a5dba593f7e0a49f0daa0ea4027726abc593f56d4940cca1f 850B / 850B                                                                0.0s
 => => sha256:b44bc7059481efb29afbe77bba309a91f221b47a7591413ba162ce0dd9c1587e 1.33kB / 1.33kB                                                            0.0s
 => => sha256:0285701bc73306b992f78de737bc58aa979843b49a277151b4bab0835ab77f6b 12.52MB / 12.52MB                                                          0.7s
 => => extracting sha256:0285701bc73306b992f78de737bc58aa979843b49a277151b4bab0835ab77f6b                                                                 0.2s
 => [internal] load metadata for docker.io/library/golang:1.25-alpine3.22                                                                                 0.6s
 => [internal] load metadata for docker.io/library/alpine:3.22                                                                                            0.0s
 => [auth] library/golang:pull token for registry-1.docker.io                                                                                             0.0s
 => [internal] load .dockerignore                                                                                                                         0.0s
 => => transferring context: 1.31kB                                                                                                                       0.0s
 => CACHED [build-env 1/7] FROM docker.io/library/golang:1.25-alpine3.22@sha256:aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34          0.0s
 => [internal] load build context                                                                                                                         8.0s
 => => transferring context: 162.03MB                                                                                                                     7.6s
 => CACHED [gitea 1/5] FROM docker.io/library/alpine:3.22                                                                                                 0.0s
 => CANCELED [build-env 2/7] RUN apk --no-cache add     build-base     git     nodejs     pnpm                                                            8.3s
 => [gitea 2/5] RUN apk --no-cache add     bash     ca-certificates     curl     gettext     git     linux-pam     openssh     s6     sqlite     su-exec  6.4s
 => [gitea 3/5] RUN addgroup     -S -g 1000     git &&   adduser     -S -H -D     -h /data/git     -s /bin/bash     -u 1000     -G git     git &&   echo  0.4s
 => CACHED [build-env 3/7] WORKDIR /go/src/code.gitea.io/gitea                                                                                            0.0s
 => ERROR [build-env 4/7] COPY --exclude=.git/ . .                                                                                                        0.0s
------
 > [build-env 4/7] COPY --exclude=.git/ . .:
------
Dockerfile:23
--------------------
  21 |     # ".git" directory will be mounted later separately for getting version data.
  22 |     # TODO: in the future, maybe we can pre-build the frontend assets on one platform and share them for different platforms, the benefit is that it won't be affected by webpack plugin compatibility problems, then the working directory can be fully mounted and the COPY is not needed.
  23 | >>> COPY --exclude=.git/ . .
  24 |
  25 |     # Build gitea, .git mount is required for version data
--------------------
ERROR: failed to solve: failed to compute cache key: failed to calculate checksum of ref 48163e4b-339a-4a14-93a1-a011e993846e::yytwi6bzn9wx89gq0vofoywhz: "/.venv/bin/python": not found

View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/q9uipse2lfvsk3s555i6j6ifu

[TheFox0x7]

Huh. How did it build before if /.venv wasn't in ignores? Try now @lunny