diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 8e3d4dc..5a41746 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -51,7 +51,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+
+
+      - uses: docker/setup-buildx-action@v1
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
@@ -77,7 +80,7 @@ jobs:
           tags: |
             type=raw, ${{ github.event.inputs.tag_name }}
             type=raw, ${{ github.event.inputs.tag_name }}-{{date 'YYYYMMDD'}}
-              
+
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
@@ -91,3 +94,5 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          secrets: |
+            "signingkey=${{ secrets.BUILDCACHE_PRIVATE_KEY }}"
diff --git a/spack/Dockerfile b/spack/Dockerfile
index 9f736f4..77a53ac 100644
--- a/spack/Dockerfile
+++ b/spack/Dockerfile
@@ -1,45 +1,60 @@
-ARG BASEIMAGE=ecpe4s/rhel8-runner-x86_64
+# syntax=docker/dockerfile:1.3
+ARG BASEIMAGE=ubuntu:22.04
 
-FROM $BASEIMAGE
+FROM $BASEIMAGE AS base
 
 ARG SPACK_VERSION=0.19.0
 ARG RECIPES_BRANCH=main
 
-ARG UID=1000
-ARG GID=100
-
-RUN ( ( getent group $GID ) ||  groupadd --gid $GID user ) \
-    &&( ( getent passwd $UID ) || useradd --gid $GID --uid $UID user )
-
-RUN mkdir -p /spack /recipes /home/user && useradd spack && chown -R user: /spack /recipes /home/user
-
 ADD install_spack_deps.sh /tmp/
 
-RUN bash /tmp/install_spack_deps.sh
-
-USER user
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked bash /tmp/install_spack_deps.sh
 
 SHELL ["/bin/bash", "-c"]
 
 # Download last release of spack
-RUN curl -L https://github.com/spack/spack/releases/download/v${SPACK_VERSION}/spack-${SPACK_VERSION}.tar.gz | tar xz -C /spack --strip-components=1 && \
+RUN mkdir -p /spack && \
+    curl -L https://github.com/spack/spack/releases/download/v${SPACK_VERSION}/spack-${SPACK_VERSION}.tar.gz | tar xz -C /spack --strip-components=1 && \
     source /spack/share/spack/setup-env.sh && \
     spack config --scope site add 'packages:all:target:[x86_64]' && \
     spack compiler find
 
 # Get arcane recipes
-RUN curl -L https://github.com/arcaneframework/spack_recipes/archive/refs/heads/${RECIPES_BRANCH}.tar.gz | tar xz -C /recipes --strip-components 1
-
-# setup our recipes
-RUN source /spack/share/spack/setup-env.sh && \
+RUN mkdir -p recipes && \
+    curl -L https://github.com/arcaneframework/spack_recipes/archive/refs/heads/${RECIPES_BRANCH}.tar.gz | tar xz -C /recipes --strip-components 1 && \
+    source /spack/share/spack/setup-env.sh && \
     spack repo add --scope site /recipes
 
+ADD import_signing_key.sh /tmp
+
+RUN --mount=type=secret,id=signingkey /tmp/import_signing_key.sh /run/secrets/signingkey
+
+FROM base AS builder
+
+RUN --mount=type=cache,target=/buildcache source /spack/share/spack/setup-env.sh && \
+    spack mirror add cache /buildcache && \
+    spack buildcache update-index -d /buildcache && \
+    spack buildcache list --allarch
+
+# Populate cache with build tools
+# Uninstall to avoid bad reuse
+RUN  --mount=type=cache,target=/buildcache source /spack/share/spack/setup-env.sh && \
+    spack env create tools --without-view && \
+    spack env activate tools && \
+    spack add cmake meson m4 pkgconf autoconf automake libtool && \
+    spack concretize -f && (spack install --fail-fast ; \
+    spack buildcache create -a -m cache) && \
+    spack uninstall -y --all
+
 # Define and compile an alien environment
-RUN source /spack/share/spack/setup-env.sh && \
+RUN --mount=type=cache,target=/buildcache source /spack/share/spack/setup-env.sh && \
+    spack buildcache update-index -d /buildcache && \
     spack env create alien --without-view && \
     spack env activate alien && \
-    spack add alien +hypre+petsc+xml+hdf5+move+ref ginkgo=omp trilinos=omp && \
-    spack concretize -f && spack install --fail-fast
+    spack add alien +hypre+petsc+xml+hdf5+move+ref ginkgo=omp trilinos=omp ^trilinos~explicit_template_instantiation && \
+    spack concretize -f && (spack install --fail-fast; \
+    spack buildcache create -a -m cache)
 
 # # Define and compile an arcane environment
 # RUN source /spack/share/spack/setup-env.sh && \
@@ -56,7 +71,15 @@ RUN source /spack/share/spack/setup-env.sh && \
 #     spack add arcane ~wrapper~monoembed && \
 #     spack concretize -f && spack install --fail-fast
 
-RUN source /spack/share/spack/setup-env.sh && \
-    spack clean -a
+# RUN source /spack/share/spack/setup-env.sh && \
+#     spack clean -a
+
+# Strip all the binaries
+RUN find -L /spack/opt/* -type f -exec readlink -f '{}' \; | \
+    xargs file -i | \
+    grep 'charset=binary' | \
+    grep 'x-executable\|x-archive\|x-sharedlib' | \
+    awk -F: '{print $1}' | xargs strip -s
 
-RUN rm -rf /tmp/* || true
+FROM base AS final
+COPY --from=builder /spack/opt/ /spack/
diff --git a/spack/import_signing_key.sh b/spack/import_signing_key.sh
new file mode 100755
index 0000000..572b9ec
--- /dev/null
+++ b/spack/import_signing_key.sh
@@ -0,0 +1,13 @@
+#! /usr/bin/bash
+
+SPACKHOME=/spack
+export GNUPGHOME=${SPACKHOME}/opt/spack/gpg
+
+. ${SPACKHOME}/share/spack/setup-env.sh
+spack gpg init
+spack gpg list 2> /dev/null
+
+gpg --import "$1"
+for fpr in $(gpg --no-tty --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' | sort -u); do
+    echo -e "5\ny\n" |  gpg --no-tty --command-fd 0 --expert --edit-key $fpr trust;
+done
diff --git a/spack/install_spack_deps.sh b/spack/install_spack_deps.sh
index 2fd96e2..7eb829e 100755
--- a/spack/install_spack_deps.sh
+++ b/spack/install_spack_deps.sh
@@ -1,13 +1,15 @@
 #! /usr/bin/bash
 
+# debian like
 install_apt() {
-export DEBIAN_FRONTEND=noninteractive
-apt update
-apt install -y build-essential ca-certificates coreutils curl environment-modules gfortran git gpg lsb-release python3 python3-distutils python3-venv unzip zip curl
-apt clean
-rm -rf /var/lib/apt/lists/*
+    export DEBIAN_FRONTEND=noninteractive
+    apt update
+    apt install -y build-essential ca-certificates coreutils curl environment-modules gfortran git gpg lsb-release python3 python3-distutils python3-venv unzip zip curl file
+    # apt clean
+    # rm -rf /var/lib/apt/lists/*
 }
 
+# RedHat like
 install_dnf()
 {
     dnf -y update