Kaniko CICD Caching Not Detecting Code Changes

GitLab CI/CD
#1

Replace this template with your information

I am using Kaniko with Gitlab runners and Kubernetes to build containers from my code. This works and I get a working container in the Gitlab registry.

When I enable caching with kaniko using --cache=true it starts to cache layers and the build finishes in less than half the time. However, if I modify code in the repo and trigger a fresh build, the caching is not detecting that the code has changed and instead uses the previously cached layer from that build step.

I have tried using both Kaniko 1.8.0 and 1.7.0 and the issue is the same on both. Running the latest version of Gitlab and the Gitlab runners.

.kaniko-build:
  variables:
    KANIKO_ARGS: ""
    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
    IMAGE_TAG: $CI_COMMIT_SHORT_SHA
  image:
    name: gcr.io/kaniko-project/executor:v1.7.0-debug
    entrypoint: [""]
  cache:
    key: scf-cache
    paths:
     - .cache/pip
  script:
    - |
      if [ "$CI_COMMIT_REF_NAME" = $CI_DEFAULT_BRANCH ]; then
        VERSION="latest"
      elif [ -n "$CI_COMMIT_TAG" ];then
        NOSLASH=$(echo "$CI_COMMIT_TAG" | tr -s / - )
        SANITIZED="${NOSLASH//[^a-zA-Z0-9\-\.]/}"
        VERSION="$SANITIZED"
      else \
        NOSLASH=$(echo "$CI_COMMIT_REF_NAME" | tr -s / - )
        SANITIZED="${NOSLASH//[^a-zA-Z0-9\-]/}"
        VERSION="branch-$SANITIZED"
      fi
    - echo $VERSION
    - mkdir -p /kaniko/.docker
    - |-
       KANIKOPROXYBUILDARGS=""
       KANIKOCFG="\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}"
       if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then
         KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}"
         KANIKOPROXYBUILDARGS="--build-arg http_proxy=${http_proxy} --build-arg https_proxy=${https_proxy} --build-arg no_proxy=${no_proxy}"
       fi
       KANIKOCFG="{ ${KANIKOCFG} }"
       echo "${KANIKOCFG}" > /kaniko/.docker/config.json
    - >-
      /kaniko/executor
      --context "${CI_PROJECT_DIR}/$DOCKERFILE_PATH"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      "${KANIKOPROXYBUILDARGS}"
      --destination "${CI_REGISTRY_IMAGE}/${CONTAINER_NAME}:${VERSION}"
      --build-arg CI_JOB_TOKEN
      --build-arg BUILD_AGENT_ACCESS_KEY
#      --cache=true # cache disabled due to issue detecting code changes 
    - echo "VERSION=$VERSION" >> build.env
  artifacts:
    reports:
      dotenv: build.env