What is Docker layer caching?

It is a mechanism where Docker reuses previously built layers from a previous build to speed up the creation of new images.

How does it help GitHub Actions?

By caching layers, the runner doesn't have to rebuild every instruction from scratch, significantly reducing the time per workflow run.

Can I use this with multi-stage builds?

Yes, multi-stage builds work exceptionally well with specialized cache backends like GitHub's cache action.

Optimizing CI/CD Pipelines with GitHub Actions and Docker Layer Caching

In this post, you'll learn how to reduce your CI/CD build times by implementing Docker layer caching within GitHub Actions. We'll look at why standard builds often run slowly, how to use the type=gha cache backend, and how to structure your Dockerfiles to get the most out of this approach.

Why are my GitHub Actions builds so slow?

GitHub Actions builds often run slowly because each workflow run starts with a clean environment, meaning Docker has to download and rebuild every single layer from scratch. Without a specific caching strategy, your runner is essentially ignoring the work you did in the previous build. This leads to wasted time and unnecessary compute costs.

When you run a standard docker build command in a GitHub Action, the runner creates a temporary environment. Once the job finishes, that environment is wiped. If your Dockerfile has ten steps and you only changed one line of code, a standard build might still rebuild all ten steps. It's frustrating. You've already built the base image and the dependencies, but the runner doesn't "remember" them.

This isn't just a minor annoyance; it's a bottleneck for teams trying to deploy frequently. If your build takes 15 minutes every time, your development velocity takes a hit. We want to move toward a model where we only rebuild what actually changed.

To understand the underlying mechanics of how Docker handles these layers, you can check out the official Docker documentation on buildkit and layer management. It explains how the engine looks for existing layers before starting a new build.

How do I implement Docker layer caching in GitHub Actions?

You implement Docker layer caching by using the docker/build-push-action alongside the type=gha cache export/import settings. This tells the GitHub Actions runner to store the build cache in the GitHub Actions cache service, making it available for subsequent runs.

The most effective way to do this is by using the BuildKit backend. Instead of relying on the local daemon, we tell Docker to export its cache to a remote location. Here is a standard workflow configuration that implements this:

- name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v3

- name: Build and push
  uses: docker/build-push-action@v5
  with:
    context: .
    push: true
    tags: user/app:latest
    cache-from: type=gha
    cache-to: type=gha,mode=max

The mode=max part is important. Most people just use the default, but mode=max ensures that even intermediate layers—not just the final image—are cached. This is vital if you have complex multi-stage builds. Without it, you might only cache the very last stage of your build, leaving the earlier, heavy lifting to be rebuilt every single time.

The type=gha backend is a specialized feature designed specifically for GitHub's infrastructure. It's faster and more reliable than trying to manually manage a registry-based cache. It's a huge relief to see those build times drop from ten minutes to under two minutes after making this change.

Comparison of Caching Methods

Not all caching strategies are created equal. Depending on your infrastructure, you might choose different methods. Here is how they typically stack up:

Method	Speed	Complexity	Best For
No Cache	Slowest	Very Low	Small, simple projects
Registry Cache	Fast	Medium	Standard Docker builds
GitHub Actions (gha)	Fastest	Low	GitHub-hosted runners
Local File Cache	Variable	High	Self-hosted runners

If you're running on GitHub-hosted runners, stick with type=gha. It's purpose-built for this environment. If you're using your own hardware, you might look into local volume mounts or a dedicated registry. But for most of us, the GHA backend is the way to go.

How should I structure my Dockerfile for better caching?

To maximize your cache hits, you must order your Dockerfile instructions from "least frequently changed" to "most frequently changed." This ensures that when a change occurs, it only invalidates the layers that follow it, rather than the entire build process.

Think about your dependencies. You likely install your OS packages, then your language runtime, then your dependencies (like npm install or pip install), and finally your source code. The source code changes every single time you commit, while your OS packages rarely change.

If you put your COPY . . command at the top of the file, you've ruined your cache. Every time you change a single comment in a Python file, Docker will see that the context has changed and will rebuild every single layer below that command. That's a classic mistake.

Here is a "bad" vs. "good" example of a Dockerfile structure:

The Bad Way (Inefficient):
- COPY . . (Everything is copied first)
- RUN npm install (Re-runs every time a file changes)
- RUN npm build (Re-runs every time a file changes)
The Good Way (Optimized):
- COPY package.json package-lock.json ./ (Only copy dependency files)
- RUN npm ci (Only runs if dependencies actually changed)
- COPY . . (Now copy the rest of the source code)
- RUN npm build (Build the app)

By separating the dependency installation from the source code copy, you've created a "cache anchor." As long as your package.json doesn't change, the npm ci step will be pulled directly from the cache in the next build. It's a simple change, but it's a massive win for your workflow.

This logic applies to almost any language. Whether you're working with Go, Rust, or Node.js, the principle remains: keep the heavy, stable parts at the top and the volatile, frequent parts at the bottom.

If you're dealing with complex environments where even your dependencies are massive, you might want to look into how containerization works at a deeper level. Understanding how the filesystem layers are stacked helps you visualize why the order of operations matters so much.

Sometimes, you'll run into issues where the cache seems "stuck" or isn't picking up changes. This can happen if your build arguments (ARG) are changing frequently. Remember that any change to a build argument will invalidate all subsequent layers. If you're passing a version number as an ARG, try to keep it as late in the build process as possible.

One thing to watch out for: the size of the cache. GitHub has limits on how much data you can store in the Actions cache. While it's generous, if you're building massive images with dozens of stages, you might hit a ceiling. If that happens, you'll need to be even more aggressive about pruning your layers or using a dedicated container registry for your cache.

If you've been struggling with performance in other areas of your stack, such as database-heavy applications, you might find that the same principles of optimization apply. For instance, if you're managing high-concurrency-related issues, you might find value in configuring PostgreSQL indexing to keep your data-heavy operations snappy. Efficient builds are great, but an efficient database is just as important for a smooth production environment.

Ultimately, the goal is to build a pipeline that feels invisible. You want to push code, wait a few minutes, and see a green checkmark. By using the type=gha backend and a well-structured Dockerfile, you're moving closer to that reality. It's not just about speed; it's about reducing the friction between writing code and seeing it live.