@@ -169,16 +169,14 @@ jobs:
169169 - name : Setup Docker Buildx
170170 uses : docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
171171
172- - name : Configure AWS credentials
173- if : fromJSON(needs.prepare-metadata.outputs.docker_push)
172+ - name : Configure AWS credentials (for ECR access)
174173 uses : aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
175174 with :
176175 aws-access-key-id : ${{ secrets.SAM_AWS_ACCESS_KEY_ID }}
177176 aws-secret-access-key : ${{ secrets.SAM_AWS_SECRET_ACCESS_KEY }}
178177 aws-region : ${{ secrets.AWS_DEFAULT_REGION }}
179178
180- - name : Login to Amazon ECR
181- if : fromJSON(needs.prepare-metadata.outputs.docker_push)
179+ - name : Login to Amazon ECR (for cache access)
182180 uses : aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
183181
184182 - name : Determine Image Name and Cache Configuration
@@ -193,21 +191,25 @@ jobs:
193191 fi
194192 echo "image_name=${image_name}" >> $GITHUB_OUTPUT
195193
196- # Configure cache settings
197- cache_ref ="${image_name} :buildcache-${{ matrix.platform.tag_suffix }}"
198- echo "cache_ref =${cache_ref }" >> $GITHUB_OUTPUT
194+ # Always use ECR for cache reference (main branch writes here, PRs read from here)
195+ ecr_cache_ref ="${{ secrets.SAM_AWS_ECR_REGISTRY }}/solace-agent-mesh :buildcache-${{ matrix.platform.tag_suffix }}"
196+ echo "ecr_cache_ref =${ecr_cache_ref }" >> $GITHUB_OUTPUT
199197
200- # For PR builds, use gha cache as fallback since we can't push to registry
201- # For push builds, use registry cache for better persistence and sharing
198+ # Configure cache settings based on build type
202199 if [[ "${{ fromJSON(needs.prepare-metadata.outputs.docker_push) }}" == "true" ]]; then
203- echo "cache_from=type=registry,ref=${cache_ref}" >> $GITHUB_OUTPUT
204- echo "cache_to=type=registry,ref=${cache_ref},mode=max" >> $GITHUB_OUTPUT
205- echo "Using registry cache (can read and write)"
200+ # Main branch push: read from and write to ECR registry cache
201+ echo "cache_from=type=registry,ref=${ecr_cache_ref}" >> $GITHUB_OUTPUT
202+ echo "cache_to=type=registry,ref=${ecr_cache_ref},mode=max,ignore-error=true" >> $GITHUB_OUTPUT
203+ echo "Main branch: Using ECR registry cache (read/write)"
206204 else
207- # PR builds: try to read from registry cache, write to gha cache
208- echo "cache_from=type=registry,ref=${cache_ref}" >> $GITHUB_OUTPUT
205+ # PR builds: read from ECR cache (best effort) + GHA cache, write to GHA cache only
206+ # Multiple cache sources are newline-separated in docker/build-push-action
207+ cat >> $GITHUB_OUTPUT << EOF
208+ cache_from=type=registry,ref=${ecr_cache_ref}
209+ type=gha,scope=${{ matrix.platform.tag_suffix }}
210+ EOF
209211 echo "cache_to=type=gha,scope=${{ matrix.platform.tag_suffix }},mode=max" >> $GITHUB_OUTPUT
210- echo "Using registry cache for reading, gha cache for writing (PR build) "
212+ echo "PR build: Reading from ECR registry cache + GHA cache, writing to GHA cache "
211213 fi
212214
213215name : Build and Push Platform-Specific Image
@@ -233,15 +235,13 @@ jobs:
233235 runs-on : ubuntu-latest
234236 steps :
235237 - name : Configure AWS credentials
236- if : fromJSON(needs.prepare-metadata.outputs.docker_push)
237238 uses : aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
238239 with :
239240 aws-access-key-id : ${{ secrets.SAM_AWS_ACCESS_KEY_ID }}
240241 aws-secret-access-key : ${{ secrets.SAM_AWS_SECRET_ACCESS_KEY }}
241242 aws-region : ${{ secrets.AWS_DEFAULT_REGION }}
242243
243244 - name : Login to Amazon ECR
244- if : fromJSON(needs.prepare-metadata.outputs.docker_push)
245245 uses : aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
246246
247247 - name : Setup Docker Buildx
0 commit comments