What does a cache mount (--mount=type=cache) do in a Docker BuildKit RUN step?
Cache mounts attach a persistent directory to a build step. For example RUN --mount=type=cache,target=/root/.npm npm install stores the npm cache between builds, dramatically reducing rebuild times without bloating the final image, since the cache directory is not committed to any layer.
2 / 5
How do secret mounts in BuildKit allow access to sensitive data during a build?
Secret mounts (--mount=type=secret,id=mysecret) make the secret available at a temporary path (default /run/secrets/mysecret) only for that RUN instruction. The secret never appears in the image history or layers, making it safe for tokens and credentials needed at build time (e.g., private registry auth).
3 / 5
What does the --platform flag do in a docker buildx build command?
--platform enables multi-platform builds. Running docker buildx build --platform linux/amd64,linux/arm64 . produces a manifest list referencing separate images for each architecture. When pulled on any target machine, Docker automatically selects the correct variant.
4 / 5
What is inline caching in Docker BuildKit?
Inline caching (--build-arg BUILDKIT_INLINE_CACHE=1 + --cache-from) embeds layer cache metadata into the image manifest. When a CI job pulls the previously built image with --cache-from, BuildKit extracts this metadata to reuse unchanged layers, eliminating a separate cache registry.
5 / 5
How does BuildKit's multi-stage build caching differ from classic Docker layer caching?
BuildKit analyses the dependency graph of a multi-stage Dockerfile and can build independent stages in parallel. Each stage is cached separately, so a change to the final app stage does not invalidate a fully cached builder stage. This results in significantly faster incremental builds.