From ac4eaa76ed4b11d3d225d9093a8afc2964876aa8 Mon Sep 17 00:00:00 2001
From: Teodor-Ioan Baltoi <teodorioan.baltoi@lacework.net>
Date: Wed, 1 Apr 2026 14:36:21 +0100
Subject: [PATCH] cache docker image on daily basis

---
 action.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/action.yaml b/action.yaml
index 5030c956..f56670f5 100644
--- a/action.yaml
+++ b/action.yaml
@@ -79,6 +79,29 @@ runs:
         HUSKY=0 npm install
         npm run compile
         yq -i -o yaml 'del(.runs.steps) | del(.outputs) | .runs.using="node16" | .runs.main="dist/src/index.js"' action.yaml
+    # Docker image cache: keyed by date so the first job each day pulls fresh,
+    # subsequent jobs (old, new, display) load from cache. Cache is branch-scoped:
+    # PR branches read from base branch on miss but only write to their own cache.
+    - name: Get date for cache key
+      id: cache-date
+      shell: bash
+      run: echo "cache-date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
+    - name: Cache Docker image
+      uses: actions/cache@v4
+      with:
+        path: /tmp/codesec-image.tar
+        key: codesec-image-${{ steps.cache-date.outputs.cache-date }}
+    - name: Load or pull Docker image
+      shell: bash
+      run: |
+        if [ -f /tmp/codesec-image.tar ]; then
+          echo "Loading cached Docker image..."
+          docker load -i /tmp/codesec-image.tar
+        else
+          echo "Pulling Docker image..."
+          docker pull lacework/codesec:latest
+          docker save lacework/codesec:latest -o /tmp/codesec-image.tar
+        fi
     - id: run-analysis
       uses: './../lacework-code-security'
       with: