Description

• We should add a new input for the manual dispatch of the image build workflow that allows skipping the actions/cache step.
• Additionally, the scheduled workflow should perform those builds without cache. Then the edge updates it publishes would receive any package updates like security fixes too.
• Since PR caches won't be usable by the master branch cache, we may also want to consider always building without cache for the publish workflow too.
  • That way concerns like described below wouldn't slip through a PR, but regress on publishing :edge / tagged releases.
  • The concern is rare, dependent upon the base image / package install technically. We could potentially resolve it via:
    • Context or conditional (seems fragile, easy to forget).
    • Targeting a specific stage of the Dockerfile (not too helpful in this case as it's the first stage).

This change is motivated by a recent PR that updated the Postfix main.cf with a new parameter for preventing a recently announced vulnerability.

We currently have to purge the actions cache to update the Postfix package, as builds would use the last compatible cache - which can cache every layer in the Dockerfile up until our new config change (that required a new patch release update).