Add cache mounts to docker files

backend/docker/Dockerfile

@@ -1,19 +1,25 @@
 FROM python:3.13.3-alpine AS builder
 
-RUN apk update && \
-    addgroup -S owasp && \
-    adduser -S -h /home/owasp -G owasp owasp && \
-    python -m pip install --no-cache-dir poetry
-
-ENV POETRY_VIRTUALENVS_IN_PROJECT=true \
+ENV OWASP_GID=1000 \
+    OWASP_UID=1000 \
+    POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
+    POETRY_VIRTUALENVS_IN_PROJECT=true \
     PYTHONUNBUFFERED=1
 
+RUN apk update && apk upgrade && \
+    addgroup -S -g ${OWASP_GID} owasp && \
+    adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
+    mkdir -p ${POETRY_CACHE_DIR} && \
+    chown -R owasp:owasp /home/owasp && \
+    python -m pip install poetry
+
 WORKDIR /home/owasp
 
 USER owasp
 
 COPY --chmod=444 --chown=owasp:owasp poetry.lock pyproject.toml ./
-RUN poetry install --no-root --without dev --without test
+RUN --mount=type=cache,target=${POETRY_CACHE_DIR},uid=${OWASP_UID},gid=${OWASP_GID} \
+    poetry install --no-root --without dev --without test
 
 COPY apps apps
 COPY docker/entrypoint.sh entrypoint.sh

backend/docker/Dockerfile.local

@@ -1,19 +1,26 @@
 FROM python:3.13.3-alpine AS builder
-SHELL ["/bin/sh", "-o", "pipefail", "-c"]
 
-RUN apk update && apk upgrade && \
-    addgroup -S owasp && \
-    adduser -S -h /home/owasp -G owasp owasp && \
-    python -m pip install --no-cache-dir poetry
+SHELL ["/bin/sh", "-o", "pipefail", "-c"]
 
-ENV POETRY_VIRTUALENVS_IN_PROJECT=true \
+ENV OWASP_GID=1000 \
+    OWASP_UID=1000 \
+    POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
+    POETRY_VIRTUALENVS_IN_PROJECT=true \
     PYTHONUNBUFFERED=1
 
+RUN apk update && apk upgrade && \
+    addgroup -S -g ${OWASP_GID} owasp && \
+    adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
+    mkdir -p ${POETRY_CACHE_DIR} && \
+    chown -R owasp:owasp /home/owasp && \
+    python -m pip install poetry
+
 USER owasp
 WORKDIR /home/owasp
 
 COPY --chmod=444 --chown=owasp:owasp poetry.lock pyproject.toml ./
-RUN poetry install --no-root --without dev --without test
+RUN --mount=type=cache,target=${POETRY_CACHE_DIR},uid=${OWASP_UID},gid=${OWASP_GID} \
+    poetry install --no-root --without dev --without test
 
 FROM python:3.13.3-alpine
 
@@ -23,7 +30,7 @@ RUN apk update && \
     apk add postgresql-client redis && \
     addgroup -S owasp && \
     adduser -S -h /home/owasp -G owasp owasp && \
-    python -m pip install --no-cache-dir poetry
+    python -m pip install poetry
 
 ENV PATH="/home/owasp/.venv/bin:$PATH" \
     PYTHONUNBUFFERED=1
@@ -33,4 +40,4 @@ EXPOSE 8000
 USER owasp
 WORKDIR /home/owasp
 
-COPY --from=builder --chmod=755 --chown=owasp:owasp /home/owasp /home/owasp
+COPY --from=builder --chmod=555 --chown=owasp:owasp /home/owasp /home/owasp

backend/docker/Dockerfile.test

@@ -1,20 +1,24 @@
 FROM python:3.13.3-alpine AS builder
 
-RUN addgroup -S owasp && \
-    adduser -S -h /home/owasp -G owasp owasp && \
-    mkdir -p /home/owasp && \
-    chown owasp:owasp /home/owasp && \
-    python -m pip install --no-cache-dir poetry
-
-ENV FORCE_COLOR=1 \
+ENV OWASP_GID=1000 \
+    OWASP_UID=1000 \
+    POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
     POETRY_VIRTUALENVS_IN_PROJECT=true \
     PYTHONUNBUFFERED=1
 
+RUN apk update && apk upgrade && \
+    addgroup -S -g ${OWASP_GID} owasp && \
+    adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
+    mkdir -p ${POETRY_CACHE_DIR} && \
+    chown -R owasp:owasp /home/owasp && \
+    python -m pip install poetry
+
 WORKDIR /home/owasp
 USER owasp
 
 COPY --chmod=444 poetry.lock pyproject.toml ./
-RUN poetry install --no-root
+RUN --mount=type=cache,target=${POETRY_CACHE_DIR},uid=${OWASP_UID},gid=${OWASP_GID} \
+    poetry install --no-root
 
 COPY .env.example .env.example
 COPY apps apps

cspell/Dockerfile

@@ -2,9 +2,15 @@ FROM node:23-alpine
 
 WORKDIR /opt/node
 
+ENV PNPM_HOME="/pnpm"
+ENV NPM_CONFIG_RETRY=5 \
+    NPM_CONFIG_TIMEOUT=30000 \
+    PATH="$PNPM_HOME:$PATH"
+
 COPY package.json pnpm-lock.yaml ./
 
-RUN npm install --ignore-scripts -g pnpm && \
+RUN npm install --ignore-scripts -g pnpm
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     pnpm install --frozen-lockfile --ignore-scripts
 
 WORKDIR /nest

cspell/custom-dict.txt

@@ -85,6 +85,7 @@ psycopg
 pygithub
 pygoat
 pymdownx
+pypoetry
 pyyaml
 repositorycontributor
 requirepass

docs/docker/Dockerfile.local

@@ -2,21 +2,25 @@ FROM python:3.13.3-alpine AS builder
 
 SHELL ["/bin/sh", "-o", "pipefail", "-c"]
 
-RUN addgroup -S owasp && \
-    adduser -S -h /home/owasp -G owasp owasp && \
-    mkdir -p /home/owasp && \
-    chown owasp:owasp /home/owasp && \
-    python -m pip install --no-cache-dir poetry
-
-ENV FORCE_COLOR=1 \
+ENV OWASP_GID=1000 \
+    OWASP_UID=1000 \
+    POETRY_CACHE_DIR="/home/owasp/.cache/pypoetry" \
     POETRY_VIRTUALENVS_IN_PROJECT=true \
     PYTHONUNBUFFERED=1
 
+RUN apk update && apk upgrade && \
+    addgroup -S -g ${OWASP_GID} owasp && \
+    adduser -S -h /home/owasp -u ${OWASP_UID} -G owasp owasp && \
+    mkdir -p ${POETRY_CACHE_DIR} && \
+    chown -R owasp:owasp /home/owasp && \
+    python -m pip install poetry
+
 WORKDIR /home/owasp
 USER owasp
 
 COPY --chmod=444 --chown=owasp:owasp docs/poetry.lock docs/pyproject.toml mkdocs.yaml ./
-RUN poetry install --no-root && \
+RUN --mount=type=cache,target=${POETRY_CACHE_DIR},uid=${OWASP_UID},gid=${OWASP_GID} \
+    poetry install --no-root && \
     rm -rf docs/poetry.lock docs/pyproject.toml
 
 FROM python:3.13.3-alpine

frontend/docker/Dockerfile

@@ -4,12 +4,16 @@ FROM node:22-alpine AS base
 FROM base AS builder
 # Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine
 # to understand why libc6-compat might be needed.
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
 RUN npm install --ignore-scripts -g pnpm
 COPY --chmod=444 package.json pnpm-lock.yaml ./
-RUN pnpm install --frozen-lockfile --ignore-scripts
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --ignore-scripts
 
 COPY --chmod=444 .env .pnpmrc next.config.ts postcss.config.js tailwind.config.js tsconfig.json ./
 COPY --chmod=555 public public

frontend/docker/Dockerfile.e2e.test

@@ -1,11 +1,17 @@
 FROM mcr.microsoft.com/playwright:v1.52.0-jammy
 
-ENV FORCE_COLOR=1
+ENV PNPM_HOME="/pnpm"
+ENV FORCE_COLOR=1 \
+    NPM_CONFIG_RETRY=5 \
+    NPM_CONFIG_TIMEOUT=30000 \
+    PATH="$PNPM_HOME:$PATH"
+
 
 WORKDIR /app
 
 COPY --chmod=444 package.json pnpm-lock.yaml ./
-RUN npm install --ignore-scripts -g pnpm && \
+RUN npm install --ignore-scripts -g pnpm
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     pnpm install --frozen-lockfile --ignore-scripts
 
 COPY __tests__/e2e __tests__/e2e

frontend/docker/Dockerfile.local

@@ -7,10 +7,16 @@ RUN apk update && \
     chown -R node:node /home/owasp && \
     npm install --ignore-scripts -g pnpm
 
+ENV PNPM_HOME="/pnpm"
+ENV NPM_CONFIG_RETRY=5 \
+    NPM_CONFIG_TIMEOUT=30000 \
+    PATH="$PNPM_HOME:$PATH"
+
 WORKDIR /home/owasp
 
 COPY --chmod=444 --chown=node:node package.json pnpm-lock.yaml ./
-RUN pnpm install --frozen-lockfile --ignore-scripts
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --ignore-scripts
 
 FROM node:22-alpine
 

frontend/docker/Dockerfile.unit.test

@@ -1,11 +1,17 @@
 FROM node:22-alpine
 
-ENV FORCE_COLOR=1
+ENV PNPM_HOME="/pnpm"
+ENV FORCE_COLOR=1 \
+    NPM_CONFIG_RETRY=5 \
+    NPM_CONFIG_TIMEOUT=30000 \
+    PATH="$PNPM_HOME:$PATH"
+
 
 WORKDIR /app
 
 COPY --chmod=444 package.json pnpm-lock.yaml ./
-RUN npm install --ignore-scripts -g pnpm && \
+RUN npm install --ignore-scripts -g pnpm
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     pnpm install --frozen-lockfile --ignore-scripts && \
     chown node:node /app