buildcache-validator¶

STABLE (Layers 1-7): Shared across OS + containers
├─ Layer 1:    Create /var/roothome
├─ Layer 2-3:  os/00-image-info.sh (metadata)
├─ Layer 4-5:  shared/10-packages-core.sh (~400MB) ⚠️  CRITICAL
└─ Layer 6-7:  shared/20-packages-external.sh (~100MB) ⚠️  CRITICAL

MODERATE (Layers 8-21): OS-specific, changes occasionally
├─ Layer 8-9:   os/15-packages-os-extras.sh (desktop apps)
├─ Layer 10-11: os/25-packages-os-copr.sh (COPR packages)
└─ Layer 12-21: System config, signing, etc.

VOLATILE (Layers 22-26): Changes frequently
├─ Layer 22-23: system_files/ + os/100-copy-system-files.sh
├─ Layer 24-25: os/999-cleanup.sh
└─ Layer 26:    Remove /tmp artifacts

Layers 1-23:  FROM bazzite-ai (inherits OS cache)
Layers 24-26: pod/shared/* (common utilities)
Layers 27-30: pod/nvidia/* OR pod/devops/* (variant-specific)
Layers 31-34: Pixi environments (volatile)

build_files/shared/10-packages-core.sh      ⚠️  HIGH IMPACT
build_files/shared/20-packages-external.sh  ⚠️  HIGH IMPACT
build_files/os/00-image-info.sh             ⚠️  MODERATE IMPACT

# Detect changes to stable layers
git diff --name-only HEAD | grep -E 'shared/(10|20)-packages'

⚠️  STABLE LAYER MODIFICATION DETECTED

File: build_files/shared/10-packages-core.sh
Impact: HIGH - Invalidates ~60-80% of cache

Affected builds:
- OS image: Layers 4-26 (22 layers, ~2GB)
- Base pod: Layers 24-34 (10 layers, ~500MB)
- NVIDIA pod: Layers 24-39 (15 layers, ~1.2GB)
- DevOps pod: Layers 24-32 (8 layers, ~300MB)

Estimated rebuild time:
- Local: +10-15 minutes
- CI: +8-12 minutes

Recommendation:
- Batch changes to stable layers (don't modify twice in short period)
- Schedule during low-activity periods
- Notify team of upcoming cache invalidation
- Consider if change can be moved to volatile layer instead

This is ADVISORY. Proceed if change is necessary.

# Verify system_files/ is copied near end
grep -n 'COPY.*system_files' Containerfile
# Should be near line 180+ (after all RUN commands)

❌ CRITICAL: system_files/ copied too early

Current position: Line 45 (after shared packages)
Required position: Line 180+ (in final layers)

Impact:
- ANY ujust file change invalidates 80% of cache
- Changes to system configs invalidate major portions
- Defeats purpose of granular layer architecture

Fix:
Move COPY system_files/ to end of Containerfile:
- After all RUN commands
- After all package installations
- Before final cleanup only

Reference: docs/BUILDCACHE.md#layer-architecture

# Extract RUN commands from Containerfile
grep -n 'RUN.*build_files' Containerfile | \
  awk -F: '{print $1 " " $2}' | \
  sed 's/.*build_files\///'

shared/10-packages-core.sh
shared/20-packages-external.sh
os/15-packages-os-extras.sh      # OS-specific starts here
os/25-packages-os-copr.sh
os/30-system-config.sh           # Volatile starts here
...
os/100-copy-system-files.sh      # Final volatile
os/999-cleanup.sh

⚠️  BUILD SCRIPT SEQUENCE WARNING

Issue: Volatile layer before stable layer detected
Line 85: RUN build_files/os/30-system-config.sh
Line 120: RUN build_files/shared/20-packages-external.sh

Problem:
- Changes to shared/20-packages invalidates layers 85-120
- Should be: shared scripts first, then OS scripts
- Defeats content-addressable caching

Recommended order:
1. shared/* (most stable)
2. os/* (moderate)
3. system_files/ (most volatile)

Fix:
Reorder Containerfile RUN commands to match stability.

# WRONG - Single layer for multiple scripts
RUN /tmp/build_files/shared/10-packages-core.sh && \
    /tmp/build_files/shared/20-packages-external.sh

# CORRECT - Separate layers
RUN /tmp/build_files/shared/10-packages-core.sh
RUN /tmp/build_files/shared/20-packages-external.sh

⚠️  LAYER GRANULARITY WARNING

Issue: Multiple build scripts in single RUN command
Line 42: RUN script1.sh && script2.sh && script3.sh

Problem:
- Change to ANY script invalidates entire layer
- Loses benefit of granular caching
- Increases rebuild scope unnecessarily

Fix:
Split into separate RUN commands:
RUN /tmp/build_files/script1.sh
RUN /tmp/build_files/script2.sh
RUN /tmp/build_files/script3.sh

Cache benefit:
- Before: 1 change = 3 scripts rebuilt
- After:  1 change = 1 script rebuilt

# Count layers (approximation via RUN/COPY commands)
LAYERS=$(grep -c -E '^(RUN|COPY|ADD)' Containerfile)

⚠️  EXCESSIVE LAYER COUNT

Current: 45 layers
Expected: ~26-30 layers
Excess: 15+ layers

Impact:
- Slower builds (more cache lookups)
- Larger image size (layer overhead)
- More complex debugging

Potential causes:
- Unnecessary RUN commands
- Missing layer consolidation
- Redundant COPY operations

Review:
- Combine stable operations into single layers
- Remove intermediate cleanup steps
- Check for duplicate operations

# Show modified build files
git diff --name-only HEAD | grep -E 'build_files/|Containerfile'

# Categorize by stability
git diff --name-only HEAD | grep 'shared/' # STABLE
git diff --name-only HEAD | grep 'os/' # MODERATE
git diff --name-only HEAD | grep 'system_files/' # VOLATILE

# Find layer number of changed file
FILE="build_files/shared/10-packages-core.sh"
grep -n "$FILE" Containerfile | cut -d: -f1

# Count RUN commands after that line
LINE_NUM=42
tail -n +$LINE_NUM Containerfile | grep -c '^RUN'
# Result = number of layers invalidated

# Extract full build script sequence
grep 'RUN.*build_files' Containerfile | \
  sed 's/.*build_files\///' | \
  nl

# Find where system_files/ is copied
grep -n 'COPY.*system_files' Containerfile

# Count RUN commands before and after
COPY_LINE=$(grep -n 'COPY.*system_files' Containerfile | cut -d: -f1)
echo "RUN commands before: $(head -n $COPY_LINE Containerfile | grep -c '^RUN')"
echo "RUN commands after: $(tail -n +$COPY_LINE Containerfile | grep -c '^RUN')"
# After should be 1-3 (cleanup only)

✅ BUILD CACHE VALIDATED

Changes detected:
- system_files/usr/share/bazzite-ai/just/containers-virt-jupyter.just
- docs/user-guide/jupyter.md

Cache impact: LOW
- Volatile layers only (22-26)
- ~4 layers rebuilt (~5-10 seconds)
- No shared layer invalidation

Build time estimate:
- Local: +30 seconds
- CI: +1 minute

This is an optimal change pattern.

⚠️  BUILD CACHE IMPACT WARNING

Changes detected:
- build_files/shared/10-packages-core.sh

Cache impact: HIGH
- Stable layer modification
- ~22 layers invalidated (layers 4-26)
- Affects OS + all pod variants

Estimated rebuild:
- OS image: +8-12 minutes
- Base pod: +4-6 minutes
- NVIDIA pod: +6-10 minutes
- DevOps pod: +3-5 minutes
- Total CI time: +21-33 minutes

Recommendations:
1. Batch with other stable layer changes
2. Schedule during low-activity period
3. Notify team of upcoming slow builds
4. Consider if change can be deferred/combined

Alternative approaches:
- Can this be moved to os/* script? (moderate layer)
- Can this be delayed until next package update batch?
- Is this essential or nice-to-have?

This is ADVISORY. Proceed if change is necessary.

🚨 CRITICAL BUILD CACHE VIOLATION

Issue: system_files/ copied too early in Containerfile

Current:
- Line 45: COPY system_files/ /
- Before: shared packages, OS packages, system config

Impact: CATASTROPHIC
- ANY ujust change invalidates 80%+ of cache
- Build time: 2 min → 15-20 min for every change
- Defeats entire cache architecture

Required Fix:
Move COPY system_files/ to end (line 180+):
1. After all RUN commands
2. After all package installations
3. Before final cleanup only

Example correct structure:
Line 1-40:   Shared packages (stable)
Line 41-80:  OS packages (moderate)
Line 81-160: System config (moderate)
Line 161:    COPY system_files/ /  ← CORRECT POSITION
Line 162-180: Final cleanup

This WILL BE CAUGHT in code review. Fix before submitting.