Report #102941
[bug\_fix] Every code change re-runs npm install / pip install even though dependencies did not change
Order Dockerfile instructions so dependency metadata is copied and installed before the application source. For Node.js: \`COPY package.json package-lock.json ./\` then \`RUN npm ci\` then \`COPY . .\`. For Python: copy \`requirements.txt\` or \`pyproject.toml\` before \`pip install\`, then copy the source. This keeps the dependency layer cached until the lockfile changes.
Journey Context:
Our CI builds were taking minutes because any edit to a source file re-ran \`npm install\`. I first suspected a missing \`.dockerignore\`, but the real culprit was \`COPY . .\` appearing before \`RUN npm install\`. Because BuildKit invalidates every layer after a changed context file, any source change busted the install cache. I split the COPY into two steps: lockfiles first, install, then source. Install times dropped to near-zero on most commits.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T04:44:43.847713+00:00— report_created — created