Add EFS-backed Fargate build cache support

[ntner]

Summary

• Upgrade Fargate build image from archived Google Kaniko v1.23.2 to osscontainertools/kaniko v1.27.5, which supports RUN --mount=type=cache directives
• Add opt-in EFS filesystem for persistent Fargate build caches via new FargateBuildCache parameter
• Pin Fargate platform version to 1.4.0 (required for EFS, already the default since 2020)

New parameter

Parameter	Type	Default	Effect
FargateBuildCache	Yes/No	No	Provisions a dedicated EFS filesystem mounted at /kaniko/caches in the Fargate build task. Enables --mount=type=cache persistence across builds. EFS storage charges apply when enabled. Requires BuildMethod=fargate.

Changes

File	Change
cmd/build/Dockerfile	Kaniko base image + FF_KANIKO_OCI_STAGES=0
cmd/build/Dockerfile.arm	Same
pkg/build/kaniko.go	--tarPath to --tar-path (deprecated flag rename)
provider/aws/builds.go	PlatformVersion: "1.4.0" on Fargate RunTask
provider/aws/formation/rack.json	1 param, 2 conditions, 5 resources (EFS filesystem, SG, 3 mount targets), task def volumes/mounts
pkg/cli/rack.go	Register param in build group

Backward compatibility

• FargateBuildCache defaults to No. Disabled racks produce byte-identical CF output.
• Kaniko upgrade is transparent. --mount=type=cache directives previously ignored are now honored (cache ephemeral per task without EFS).
• EC2 builds are unaffected.
• PlatformVersion: "1.4.0" is a no-op (already the Fargate default).

Known changes

• Dockerfiles using VOLUME directives in multi-stage builds may see layer cache misses after the Kaniko upgrade. This affects build speed, not correctness. Users can set ENV FF_KANIKO_VOLUME_SKIP_MKDIR=true in their Dockerfile to opt out.

Downgrade note

Racks that have set FargateBuildCache=Yes must set it back to No before downgrading to a version without this parameter.