From 63009acf36080dc058d0a16eb5546ec72e6aac74 Mon Sep 17 00:00:00 2001
From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com>
Date: Mon, 19 Jan 2026 18:02:32 +0000
Subject: [PATCH] Add S3 bucket for Docker build cache

Create a new S3 bucket in the global infrastructure for storing Docker
BuildKit layer caches. This bucket will be used by GitHub Actions workflows
to cache Docker build layers using the S3 cache backend.

Features:
- AES256 server-side encryption
- 30-day lifecycle policy for automatic cache expiration
- Output for bucket name to use in workflows

Closes #4536

Co-authored-by: Marco Acierno <marcoacierno@users.noreply.github.com>
---
 infrastructure/global/buckets/docker-cache.tf | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 infrastructure/global/buckets/docker-cache.tf

diff --git a/infrastructure/global/buckets/docker-cache.tf b/infrastructure/global/buckets/docker-cache.tf
new file mode 100644
index 0000000000..1c42877726
--- /dev/null
+++ b/infrastructure/global/buckets/docker-cache.tf
@@ -0,0 +1,31 @@
+resource "aws_s3_bucket" "docker_cache" {
+  bucket = "pythonit-docker-cache"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "docker_cache" {
+  bucket = aws_s3_bucket.docker_cache.id
+
+  rule {
+    bucket_key_enabled = false
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "docker_cache" {
+  bucket = aws_s3_bucket.docker_cache.id
+
+  rule {
+    id     = "expire-old-cache"
+    status = "Enabled"
+
+    expiration {
+      days = 30
+    }
+  }
+}
+
+output "docker_cache_bucket_name" {
+  value = aws_s3_bucket.docker_cache.bucket
+}