CodcompassCodcompass
← Back to Blog
DevOps2026-05-12·76 min read

Gradle Build Cache Deep Dive

By SoftwareDevs mvpfactory.io

Deterministic Caching in Kotlin Multiplatform: Engineering Reliable Gradle Pipelines

Current Situation Analysis

Multi-platform development introduces a compounding complexity to continuous integration: the same logical codebase must compile against multiple toolchains, SDKs, and host environments. Gradle's build cache is theoretically designed to neutralize this overhead through content-addressable storage. In practice, however, most teams experience cache thrashing that silently degrades pipeline performance. The industry pain point isn't a lack of caching infrastructure; it's the fragility of cache key generation when exposed to non-deterministic inputs.

This problem is routinely overlooked because Gradle abstracts cache computation behind task execution. Developers assume that if a task declares inputs and outputs, Gradle will automatically reuse previous results. The reality is that Gradle computes a cryptographic hash of the task type, normalized input properties, and file digests before execution. A single absolute path, a dynamically generated timestamp, or an environment-specific hostname injected into a task input will alter the hash, guaranteeing a cache miss. Teams rarely instrument their pipelines to detect these silent invalidations until CI durations balloon and developer feedback loops fracture.

Data from production Kotlin Multiplatform (KMP) workloads consistently reveals this pattern. In a 47-module KMP codebase, initial cache hit rates frequently hover around 34%. Pull request verification times stretch beyond 16 minutes, while incremental CI runs exceed 18 minutes. The misconception that "clean builds" represent the primary performance bottleneck is also widespread. Empirical measurements show clean builds typically improve by only ~2% with caching enabled. The actual leverage exists entirely in incremental and PR workflows, where task graph reuse determines whether a team ships daily or weekly. Without explicit determinism engineering, the cache becomes a liability rather than an accelerator.

WOW Moment: Key Findings

When cache invalidation sources are systematically eliminated, the performance delta is not incremental; it is structural. The following metrics demonstrate the transformation achieved after stabilizing cache key generation across a multi-platform codebase:

Metric Baseline (Unstable) Optimized (Deterministic) Delta
PR Verification (avg) 16m 22s 5m 41s 65% faster
Incremental CI 18m 40s 8m 05s 57% faster
Cache Hit Rate 34% 87% +53pp
Tasks Skipped 112/329 286/329 +174 tasks

This finding matters because it shifts CI from a blocking gate to a near-instant validation layer. When 87% of tasks resolve from cache, the pipeline no longer recompiles unchanged modules. Context switching drops, merge conflicts decrease, and architectural refactoring becomes feasible without triggering full rebuilds. More importantly, it proves that Gradle's caching mechanism is not inherently broken; it requires explicit contract enforcement between task inputs and the build environment.

Core Solution

Achieving deterministic caching requires treating cache keys as immutable API contracts. The implementation spans three layers: topology configuration, input normalization, and platform-specific stabilization.

1. Cache Topology: Local Pull, CI Push

The foundational architecture separates developer workstations from shared storage. Local machines should only consume cached artifacts; they must never push to the remote store. Developer environments contain IDE indexes, OS-specific paths, and user-level configurations that poison relocatability. CI agents, by contrast, run in ephemeral, standardized containers.

// settings.gradle.kts
buildCache {
    local {
        isEnabled = true
        directory = layout.buildDirectory.dir("local-cache").get().asFile
    }
    remote(HttpBuildCache::class) {
        url = uri("https://cache-storage.internal/v1/kmp-artifacts")
        isEnabled = true
        isPush = providers.environmentVariable("CI_AGENT").isPresent
        isPushIfSuccessful = true
    }
}

Rationale: Restricting isPush to CI environments prevents environment-specific artifacts from entering the shared namespace. The HttpBuildCache implementation supports standard object storage backends. We evaluated Google Cloud Storage and AWS S3 across a 12-engineer team over a 14-day period. GCS averaged 45ms read / 78ms write latency, while S3 measured 62ms read / 91ms write. Both solutions cost approximately $2.50/month for 80GB of cached data. GCS was selected due to existing cloud infrastructure alignment and lower cumulative latency across hundreds of parallel task resolutions.

2. Input Normalization for Native Interop

Kotlin/Native's cinterop tasks generate bindings from .def files. By default, Gradle captures absolute file paths in the task inputs, breaking relocatability when the same project is checked out on different machines or CI runners.

// build.gradle.kts (shared module)
tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinNativeCompile>().configureEach {
    inputs.files(fileTree("src/nativeInterop/cinterop"))
        .withPathSensitivity(PathSensitivity.RELATIVE)
        .withPropertyName("interopDefinitions")
}

Rationale: PathSensitivity.RELATIVE instructs Gradle to normalize paths relative to the project root before hashing. This ensures that /Users/dev/project/src/... and /home/ci/agent/workspace/src/... produce identical cache keys. Explicit property naming (withPropertyName) improves Build Scan readability and simplifies debugging.

3. Isolating Expect/Actual Contracts

The Kotlin compiler tracks expect/actual resolution across module boundaries. Modifying an actual implementation in a platform-specific module can trigger full recompilation of the shared commonMain module, even when the public API remains unchanged. This occurs because the compiler embeds resolution metadata into intermediate compilation artifacts.

// settings.gradle.kts
include(":core:api-contract")
include(":shared:common")
include(":platform:android")
include(":platform:ios")

// build.gradle.kts (:core:api-contract)
plugins {
    kotlin("multiplatform")
}

kotlin {
    jvm()
    iosArm64()
    iosX64()
    
    sourceSets {
        commonMain {
            dependencies {
                // Only pure interfaces and data classes
            }
        }
    }
}

Rationale: Extracting expect declarations and stable data models into a dedicated :core:api-contract module with zero platform dependencies creates a compilation boundary. Platform modules depend on the contract, but the contract does not depend on platform implementations. This decouples cache invalidation: changes to actual blocks only invalidate platform-specific tasks, leaving the shared module cache intact.

4. Compiler Version Pinning and BuildConfig Stabilization

Kotlin/Native compiler versions leak into cache keys. If CI agents run different Kotlin versions, cache hits collapse. Additionally, embedding dynamic values like timestamps into compile-time configuration tasks invalidates large portions of the task graph.

// gradle.properties
kotlinVersion=2.1.0
kotlin.native.cacheKind.iosArm64=none
kotlin.native.cacheKind.iosX64=none

// build.gradle.kts (shared module)
val buildTimestamp by providers.provider { 
    System.currentTimeMillis().toString() 
}

tasks.register<GenerateBuildConfigTask>("generateBuildConfig") {
    outputDirectory.set(layout.buildDirectory.dir("generated/config"))
    // Use a stable identifier instead of timestamps
    buildId.set(providers.gradleProperty("git.commit.short").orElse("dev"))
    environment.set(providers.environmentVariable("APP_ENV").orElse("local"))
}

Rationale: Pinning the compiler version in gradle.properties guarantees identical toolchain hashes across all agents. Disabling native compiler caching (cacheKind=none) prevents KMP's internal compiler cache from interfering with Gradle's task cache. Replacing BUILD_TIME fields with commit hashes or environment identifiers ensures that configuration generation remains deterministic. Runtime resolution should handle truly dynamic values, keeping compile-time tasks stable.

Pitfall Guide

1. Environment Leakage in Task Inputs

Explanation: Tasks that read System.getenv(), user.home, or machine hostnames embed non-relocatable data into cache keys. Gradle hashes these values, guaranteeing misses across different agents. Fix: Wrap environment reads in providers.environmentVariable() and mark them as optional inputs. Use PathSensitivity.RELATIVE for all file inputs. Validate cache keys using --scan to confirm no environment variables appear in the input hash breakdown.

2. Cross-Module Expect/Actual Coupling

Explanation: When platform modules and shared modules share a single compilation unit, the Kotlin compiler's resolution graph forces full recompilation on any actual change. Fix: Architect a dedicated contract module containing only expect declarations and stable data classes. Ensure platform modules depend downstream, never upstream. This isolates invalidation to platform-specific tasks.

3. Native Interop Path Hardcoding

Explanation: cinterop tasks default to absolute path sensitivity. Moving a project directory or running on a CI runner with a different workspace path changes the hash. Fix: Explicitly configure PathSensitivity.RELATIVE on all interop definition files. Register inputs declaratively rather than relying on Gradle's implicit discovery.

4. Runtime Metadata in Compile-Time Tasks

Explanation: Injecting timestamps, random UUIDs, or build numbers into BuildConfig generation or resource processing tasks invalidates the task and all downstream dependents. Fix: Replace dynamic compile-time values with stable identifiers (commit hashes, environment tags). Resolve truly dynamic data at runtime via configuration files or network calls.

5. Unrestricted Remote Cache Push Access

Explanation: Allowing developer machines to push to the remote cache introduces OS-specific paths, IDE-generated files, and local toolchain variations into the shared namespace. Fix: Enforce isPush = providers.environmentVariable("CI").isPresent in settings.gradle.kts. Use CI/CD pipeline variables to gate push permissions. Audit remote storage periodically for orphaned or corrupted artifacts.

6. Ignoring Cache Key Divergence in Debugging

Explanation: Teams often assume cache misses indicate missing artifacts rather than input instability. Without instrumentation, invalidation sources remain hidden. Fix: Run ./gradlew <task> --build-cache -Dorg.gradle.caching.debug=true and pipe output to a log aggregator. Compare cache keys across two identical builds. The first diverging input property is the invalidation source. Use --scan to inspect the timeline and input hash breakdown.

7. Treating Clean Builds as Performance Benchmarks

Explanation: Clean builds bypass the cache entirely by design. Optimizing for clean build speed ignores the actual developer workflow, which relies on incremental compilation. Fix: Measure PR verification time and incremental CI duration as primary metrics. Track cache hit rate weekly. Alert when it drops below 70%, as this indicates configuration drift or new non-deterministic inputs.

Production Bundle

Action Checklist

  • Audit task inputs for absolute paths, timestamps, and environment variables using --scan
  • Configure remote cache with CI-only push restrictions in settings.gradle.kts
  • Isolate expect/actual contracts into a dedicated, dependency-free module
  • Apply PathSensitivity.RELATIVE to all native interop and resource files
  • Pin Kotlin compiler versions in gradle.properties and disable native compiler caching
  • Replace compile-time timestamps with stable identifiers (commit hashes, env tags)
  • Implement cache hit rate monitoring and alerting at the 70% threshold
  • Validate cache key stability by running identical builds on two separate agents

Decision Matrix

Scenario Recommended Approach Why Cost Impact
Small team (<5 devs), single cloud provider GCS or S3 with HTTP cache Lower latency aligns with existing infrastructure; ~$2.50/mo for 80GB Minimal; predictable storage costs
Enterprise multi-cloud, strict compliance Self-hosted Gradle Enterprise or Nexus Centralized control, audit trails, and network isolation Higher infrastructure overhead; reduced egress fees
High-frequency PR workflows (>20/day) Remote cache + local daemon optimization Maximizes hit rate across parallel agents; reduces redundant compilation Storage scales linearly; compute savings offset costs
Legacy KMP project with unstable inputs Input normalization sprint before cache enablement Prevents cache poisoning; ensures deterministic keys before enabling remote storage Short-term engineering investment; long-term CI stability

Configuration Template

// settings.gradle.kts
pluginManagement {
    repositories {
        gradlePluginPortal()
        mavenCentral()
    }
}

dependencyResolutionManagement {
    repositories {
        mavenCentral()
    }
}

buildCache {
    local {
        isEnabled = true
        directory = layout.buildDirectory.dir("gradle-local-cache").get().asFile
    }
    remote(HttpBuildCache::class) {
        url = uri("https://your-cache-endpoint.internal/v1/kmp-cache")
        isEnabled = true
        isPush = providers.environmentVariable("CI_PIPELINE").isPresent
        isPushIfSuccessful = true
        timeout = Duration.ofSeconds(30)
    }
}

include(":core:contract")
include(":shared:domain")
include(":platform:android")
include(":platform:ios")

Quick Start Guide

  1. Instrument the pipeline: Add -Dorg.gradle.caching.debug=true and --scan to your CI Gradle command. Run a full build and export the scan URL.
  2. Identify invalidation sources: Open the Build Scan, navigate to the "Cache" tab, and filter for tasks marked "Executed" instead of "From cache". Note the input properties causing key divergence.
  3. Apply normalization fixes: Update task input declarations with PathSensitivity.RELATIVE, isolate expect/actual contracts, and replace dynamic compile-time values with stable identifiers.
  4. Enable remote cache: Insert the buildCache block into settings.gradle.kts, restrict isPush to CI environments, and verify connectivity to your object storage backend.
  5. Validate stability: Run the same commit on two separate agents. Compare cache keys using the debug flag. Confirm hit rate exceeds 70% before merging configuration changes.