Dev container security and caching
Ensure Envbuilder can only pull pre-approved images and artifacts by configuring it with your existing HTTP proxies, firewalls, and artifact managers.
Configure registry authentication
You may need to authenticate to your container registry, such as Artifactory, or Git provider such as GitLab, to use Envbuilder. See the Envbuilder documentation for more information.
Layer and image caching
To improve build times, dev containers can be cached. There are two main forms of caching:
-
Layer caching
- Caches individual layers and pushes them to a remote registry. When building the image, Envbuilder will check the remote registry for pre-existing layers These will be fetched and extracted to disk instead of building the layers from scratch.
-
Image caching
- Caches the entire image, skipping the build process completely (except for post-build lifecycle scripts).
Note that caching requires push access to a registry, and may require approval from relevant infrastructure team(s).
Refer to the Envbuilder documentation for more information about Envbuilder and caching.
Visit the speed up templates best practice documentation for more ways that you can speed up build times.
Image caching
To support resuming from a cached image, use the Envbuilder Terraform Provider in your template. The provider will:
- Clone the remote Git repository,
- Perform a "dry-run" build of the dev container in the same manner as Envbuilder would,
- Check for the presence of a previously built image in the provided cache repository,
- Output the image remote reference in SHA256 form, if it finds one.
The example templates listed above will use the provider if a remote cache repository is provided.
If you are building your own Dev container template, you can consult the
provider documentation.
You may also wish to consult a
documented example usage of the envbuilder_cached_image resource.