ci: add Docker Buildx cache to container workflow

[nanotaboada]

This change is 

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow configuration to enhance build performance and security posture through permission management and caching optimizations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

GitHub Actions workflow configuration update to .github/workflows/maven.yml. Adds per-job contents: read permissions to verify, coverage, and container jobs. Introduces GitHub Actions cache configuration for Docker build-push operations with cache-from and cache-to directives. No changes to core build or test logic.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/maven.yml	Added contents: read permissions to verify, coverage, and container jobs for improved security isolation. Introduced Docker layer caching using GitHub Actions cache backend (cache-from: type=gha and cache-to: type=gha,mode=max) in the container job's docker build-push step for faster builds.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title follows Conventional Commits format with 'ci:' prefix, is under 80 characters (49 chars), and clearly describes the main change of adding Docker Buildx cache configuration to the workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci/add-docker-buildx-cache

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f80c527 and 74d0bfa.

📒 Files selected for processing (1)

• .github/workflows/maven.yml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: CR
Repo: nanotaboada/java.samples.spring.boot PR: 0
File: Dockerfile:0-0
Timestamp: 2026-01-12T13:39:10.478Z
Learning: Applies to Dockerfile{,.prod,.dev,.staging} : Cache Maven dependencies early in the builder stage by copying pom.xml and running dependency:go-offline before copying source code

📚 Learning: 2026-01-12T13:39:10.478Z

Learnt from: CR
Repo: nanotaboada/java.samples.spring.boot PR: 0
File: Dockerfile:0-0
Timestamp: 2026-01-12T13:39:10.478Z
Learning: Applies to Dockerfile{,.prod,.dev,.staging} : Cache Maven dependencies early in the builder stage by copying pom.xml and running dependency:go-offline before copying source code

Applied to files:

• .github/workflows/maven.yml

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (3)

.github/workflows/maven.yml (3)

18-19: LGTM!

Adding explicit contents: read permission follows security best practices by applying the principle of least privilege. This is the minimum permission needed for repository checkout.

---

43-44: LGTM!

Consistent permission scoping across jobs. The contents: read permission is sufficient for checkout and artifact download operations in this job.

---

101-102: LGTM! Good addition of GitHub Actions cache for Docker builds.

The type=gha cache is the recommended approach for GitHub Actions, and mode=max will export all intermediate layers—beneficial for multi-stage Dockerfiles since it improves cache hit rates on subsequent builds.

Note: The GitHub Actions cache has a 10GB limit per repository. If cache eviction becomes an issue, consider switching to mode=min which only caches layers from the final image.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (f80c527)	55	55	100.00%
Head commit (74d0bfa)	55 (+0)	55 (+0)	100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#250)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (f80c527) to head (74d0bfa).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##              master      #250   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity        22        22           
===========================================
  Files              2         2           
  Lines             55        55           
  Branches           4         4           
===========================================
  Hits              55        55           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.