docker build cache busting with apt-get

Question

My understanding is that if the RUN command "string" itself just does not change (i.e., the list of packages to be installed does not change), docker engine uses the image in the cache for the same operation. This is also my experience:

...
Step 2/6 : RUN apt update &&      DEBIAN_FRONTEND=noninteractive     apt install -y     curl               git-all            locales            locales-all        python3            python3-pip        python3-venv       libusb-1.0-0       gosu        &&     rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> 518e8ff74d4c
...

However, the official Dockerfile best practices document says this about apt-get:

Using RUN apt-get update && apt-get install -y ensures your Dockerfile installs the latest package versions with no further coding or manual intervention. This technique is known as “cache busting”.

This is true if I add a new package to the list but it is not if I do not modify the list.

Is my understanding correct, or I am missing something here?

If yes, can I assume that I will only get newer packages in apt-get install if also the Ubuntu base image has been updated (which invalidates the whole cache)?

Answer 1

You cut off the quote in the middle. The rest of the quote included a very important condition:

You can also achieve cache-busting by specifying a package version. This is known as version pinning, for example:

RUN apt-get update && apt-get install -y \
    package-bar \
    package-baz \
    package-foo=1.3.*

Therefore the command you run in there example would change each time by changing the pinned version of the package in the list. Note that in addition to changing the command run, you can change the environment, which has the same effect, using a build arg as described in this answer.

Answer 2

You are right. The documentation is very poorly written. If you read further you can see what the author is trying to say:

The s3cmd argument specifies a version 1.1.*. If the image previously used an older version, specifying the new one causes a cache bust of apt-get update and ensures the installation of the new version.

It seems author thinks 'cache busting' is when you change the Dockerfile in a way that invalidates the cache. But the usual definition of cache busting is a mechanism by which we can invalidate cache even if the file is the same.