DAMN multistage Docker building!

Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1
-FROM ubuntu:22.04
+FROM ubuntu:22.04 AS common
 LABEL maintainer="Piero Toffanin <pt@masseranolabs.com>"
 
 ARG TEST_BUILD
@@ -17,9 +17,6 @@ ENV RELEASE_CODENAME=jammy
 # Create and change into working directory
 WORKDIR $WORKDIR
 
-# Install Python deps -- install & remove cleanup build-only deps in the process
-COPY requirements.txt ./
-
 # Allow multi-line runs, break on errors and output commands for debugging.
 # The following does not work in Podman unless you build in Docker
 # compatibility mode: <https://github.com/containers/podman/issues/8477>
@@ -30,6 +27,16 @@ RUN <<EOT
     # Common system configuration, should change very infrequently
     # Set timezone to UTC
     echo "UTC" > /etc/timezone
+EOT
+
+FROM common AS build
+
+# Install Python deps -- install & remove cleanup build-only deps in the process
+COPY requirements.txt ./
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    <<EOT
     # Build-time dependencies
     apt-get -qq update
     apt-get -qq install -y --no-install-recommends curl
@@ -41,17 +48,20 @@ RUN <<EOT
     # Node.js deb source
     curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/trusted.gpg.d/nodesource.gpg
     echo "deb https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" > /etc/apt/sources.list.d/nodesource.list
-    # Postgres 13
-    # curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg
-    # echo "deb http://apt.postgresql.org/pub/repos/apt $RELEASE_CODENAME-pgdg main" > /etc/apt/sources.list.d/postgresql.list
     # Update package list
     apt-get update
     # Install common deps, starting with NodeJS
     apt-get -qq install -y nodejs
     # Python3.9, GDAL, PDAL, nginx, letsencrypt, psql
     apt-get install -y --no-install-recommends \
-        python3.9 python3.9-venv git binutils libproj-dev gdal-bin pdal \
+        python3.9 python3.9-venv python3.9-dev libpq-dev build-essential python3.9-dev git libproj-dev gdal-bin pdal \
         libgdal-dev nginx certbot gettext-base cron postgresql-client gettext tzdata
+    # Cleanup after apt
+    apt-get autoremove -y
+    apt-get clean
+    rm -rf /var/lib/apt/lists/*
+    # Remove stale temp files
+    rm -rf /tmp/* /var/tmp/*
     # Create virtualenv
     python3.9 -m venv $WORKDIR/venv
 EOT
@@ -59,32 +69,25 @@ EOT
 # Modify PATH to prioritize venv, effectively activating venv
 ENV PATH="$WORKDIR/venv/bin:$PATH"
 
-RUN <<EOT
+RUN --mount=type=cache,target=/root/.cache/pip \
+    <<EOT
     # Install Python dependencies
     # Install pip
     pip install pip==24.0
-    # Install webpack, webpack CLI
-    # Note webpack CLI is also used in `rebuildplugins` below
-    npm install --quiet -g webpack@5.89.0
-    npm install --quiet -g webpack-cli@5.1.4
-    # Build-only deps
-    apt-get -qq install -y --no-install-recommends g++ python3.9-dev libpq-dev
     # Install Python requirements
     pip install -r requirements.txt "boto3==1.14.14"
-
-RUN <<EOT
-    # Cleanup of build requirements
-    apt-get remove -y g++ python3.9-dev libpq-dev
-    apt-get autoremove -y
-    apt-get clean
-    rm -rf /var/lib/apt/lists/*
-    # Remove stale temp files
-    rm -rf /tmp/* /var/tmp/*
 EOT
 
 # Install project Node dependencies
 COPY package.json ./
-RUN npm install --quiet
+RUN --mount=type=cache,target=/root/.npm \
+    <<EOT
+    npm install --quiet
+    # Install webpack, webpack CLI
+    # Note webpack CLI is also used in `rebuildplugins` below
+    npm install --quiet -g webpack@5.89.0
+    npm install --quiet -g webpack-cli@5.1.4
+EOT
 
 # Copy remaining files
 COPY . ./
@@ -105,9 +108,47 @@ RUN <<EOT
     python manage.py rebuildplugins
     python manage.py translate build --safe
     # Final cleanup
+    # Remove stale temp files
     rm -rf /tmp/* /var/tmp/*
     # Remove auto-generated secret key (happens on import of settings when none is defined)
     rm /webodm/webodm/secret_key.py
 EOT
 
+FROM common AS app
+
+# Modify PATH to prioritize venv, effectively activating venv
+ENV PATH="$WORKDIR/venv/bin:$PATH"
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    <<EOT
+    # Run-time dependencies
+    apt-get -qq update
+    apt-get -qq install -y --no-install-recommends curl
+    apt-get install -y ca-certificates gnupg software-properties-common
+    # Enable universe, for pdal
+    add-apt-repository universe
+    # Python 3.9 support
+    add-apt-repository ppa:deadsnakes/ppa
+    # Node.js deb source
+    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/trusted.gpg.d/nodesource.gpg
+    echo "deb https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" > /etc/apt/sources.list.d/nodesource.list
+    # Update package list
+    apt-get update
+    # Install common deps, starting with NodeJS
+    apt-get -qq install -y nodejs
+    # Python3.9, GDAL, PDAL, nginx, letsencrypt, psql
+    apt-get install -y --no-install-recommends \
+        python3.9 git gdal-bin pdal \
+        nginx certbot gettext-base cron postgresql-client gettext tzdata
+    # Cleanup of build requirements
+    apt-get autoremove -y
+    apt-get clean
+    rm -rf /var/lib/apt/lists/*
+    # Remove stale temp files
+    rm -rf /tmp/* /var/tmp/*
+EOT
+
+COPY --from=build $WORKDIR ./
+
 VOLUME /webodm/app/media