6969 rust-version :
7070 type : string
7171 required : false
72+ lto-release :
73+ type : string
74+ required : false
75+ default : " release-lto-thin"
7276 outputs :
7377 image :
7478 description : " Image Name with Tag generated by this task"
@@ -216,10 +220,17 @@ jobs:
216220 with :
217221 build-args : |
218222 RUST_IMAGE_VERSION=${{ env.RUST_IMAGE_VERSION }}
223+ LTO_RELEASE=${{ inputs.lto-release }}
219224 TARGETARCH=${{ matrix.platform-tag }}
220225 APP_CACHE_DIR=${{ inputs.app-cache-dir }}
226+ SCCACHE_BUCKET=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
227+ SCCACHE_REGION=${{ env.RUNS_ON_AWS_REGION }}
228+ SCCACHE_S3_PREFIX=sccache/${{ github.repository }}/${{ inputs.app-cache-dir }}/${{ matrix.platform-tag }}
221229context : ${{ inputs.docker-context }}
222- secrets : BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
230+ secrets : |
231+ BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
232+ sccache_aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_S3_USER }}
233+ sccache_aws_secret_access_key=${{ secrets.AWS_SECRET_KEY_S3_USER }}
223234file : ${{ inputs.docker-file }}
224235 platforms : ${{ matrix.platform }}
225236 push : ${{ inputs.push_image }}
@@ -230,8 +241,20 @@ jobs:
230241 labels : ${{ steps.meta.outputs.labels }}
231242 tags : |
232243 ghcr.io/zama-ai/${{ inputs.image-name }}:${{ needs.determine-tag.outputs.docker_tag }}-${{ matrix.platform-tag }}-${{ matrix.docker-target }}
233- cache-from : type=s3,blobs_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/,manifests_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
234- cache-to : type=s3,blobs_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/,manifests_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max
244+ # BuildKit layer cache, scoped per-branch with `main` as a fallback baseline.
245+ # - cache-from: read from this branch's prefix first, then fall back to `main`.
246+ # On the first build of a feature branch the per-branch prefix is empty,
247+ # so we still benefit from `main`'s warm layers. Subsequent builds on the
248+ # same branch hit their own prefix and avoid clobbering other PRs.
249+ # - cache-to: write only to the current branch's prefix to prevent concurrent
250+ # PRs from overwriting each other's manifests. When the current branch IS
251+ # `main`, this naturally writes to `main`, keeping the shared baseline fresh.
252+ # Pair this with an S3 lifecycle policy that expires per-branch prefixes after
253+ # ~14 days of inactivity so cache storage doesn't grow unboundedly.
254+ cache-from : |
255+ type=s3,blobs_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/${{ github.head_ref || github.ref_name }}/,manifests_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/${{ github.head_ref || github.ref_name }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
256+ type=s3,blobs_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/main/,manifests_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/main/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }}
257+ cache-to : type=s3,blobs_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/${{ github.head_ref || github.ref_name }}/,manifests_prefix=cache/${{ github.repository }}-${{ inputs.app-cache-dir }}-${{ matrix.platform-tag }}/${{ github.head_ref || github.ref_name }}/,region=${{ env.RUNS_ON_AWS_REGION }},bucket=${{ env.RUNS_ON_S3_BUCKET_CACHE }},mode=max
235258
236259 - name : Export image and digest
237260 id : export-image-and-digest
0 commit comments