ci: cache docker images on main and use in PR builds (#34841)

mrgrain · web-flow · commit 164dc01d8fc5 · 2025-06-27T17:32:49.000Z
### Reason for this change > ECR Public repo allows 1 request/second for un-authenticated pulls and 10 request/second for authenticated pulls. We try to avoid making requests to any repos by caching the used image as much as possible. We do this on builds on main as a baseline and restore the cache on PRs. This assumes that most PRs won't add new images and adding new images is rare enough. ### Description of changes Add a cache for docker images. ### Describe any new or updated permissions being added None. ### Description of how you validated changes Run the commands manually. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -32,16 +32,24 @@ jobs:
       - name: Set up Docker
         uses: docker/setup-buildx-action@v3
 
-      # @TODO
-      # - name: Start ECR proxy
-      #   run: /root/ecr-proxy/start.sh
+      - name: Load Docker images
+        id: docker-cache
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ~/.docker-images.tar
+          key: docker-cache-${{ runner.os }}
+
+      - name: Restore Docker images
+        if: ${{ steps.docker-cache.outputs.cache-hit }}
+        run: docker image load --input ~/.docker-images.tar
 
       - name: Cache build artifacts
         uses: actions/cache@v4
         with:
           path: |
             ~/.s3buildcache
-          key: ${{ runner.os }}-${{ github.event.pull_request.base.ref }}-s3buildcache
+          key: s3buildcache-${{ runner.os }}
 
       - name: Configure system settings
         run: |
@@ -56,3 +64,15 @@ jobs:
 
       - name: Check for uncommitted changes
         run: git diff-index --exit-code --ignore-space-at-eol --stat HEAD
+
+      - name: Export Docker images
+        if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
+        run: docker image save --output ~/.docker-images.tar $(docker image list --format '{{ if ne .Repository "<none>" }}{{ .Repository }}{{ if ne .Tag "<none>" }}:{{ .Tag }}{{ end }}{{ else }}{{ .ID }}{{ end }}')
+
+      - name: Cache Docker images
+        if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.docker-images.tar
+          key: docker-cache-${{ runner.os }}
