diff --git a/Dockerfile b/Dockerfile
index e2024a5..240317a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,9 +7,9 @@
 FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS download
 SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 WORKDIR /tmp/docker
-RUN --mount=type=tmpfs,target=/var/lib/apt/lists \
+RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
 	--mount=type=tmpfs,target=/var/log \
-	--mount=type=tmpfs,target=/var/cache \
 	apt-get -qq update && \
 	apt-get -qq install --yes --no-install-recommends ca-certificates curl && \
 	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
@@ -26,20 +26,13 @@ RUN ARCH=$(dpkg --print-architecture) && curl --fail --silent --parallel --remot
 
 FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS dockerd
 SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
-RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
-	--mount=type=tmpfs,target=/var/log \
-	--mount=type=tmpfs,target=/var/cache \
-	apt-get -qq update && \
-	apt-get -qq install --yes --no-install-recommends ca-certificates uidmap slirp4netns dbus-user-session iproute2 && \
-	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
 RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
 	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
 	--mount=type=tmpfs,target=/var/log \
-	--mount=type=tmpfs,target=/var/cache \
 	apt-get -qq update && \
-	apt-get -qq install --yes --no-install-recommends /tmp/docker/containerd*.deb /tmp/docker/docker-ce*.deb && \
-	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
-
+	apt-get -qq install --yes --no-install-recommends /tmp/docker/containerd*.deb /tmp/docker/docker-ce*.deb ca-certificates uidmap slirp4netns dbus-user-session iproute2 && \
+	rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status
 RUN useradd dockerd --uid 1000 --home-dir /home/docker --create-home && rm /etc/*- /home/docker/.* && \
 	echo dockerd:100000:65536 >/etc/subuid && \
 	echo dockerd:100000:65536 >/etc/subgid
@@ -55,27 +48,39 @@ FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad
 SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
 	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
+	--mount=type=tmpfs,target=/var/log \
 	apt-get -qq update && \
 	apt-get -qq install --yes --no-install-recommends /tmp/docker/docker-buildx-plugin* /tmp/docker/docker-ce-cli*.deb && \
-	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
 ENV DOCKER_HOST=tcp://dockerd:2375
 
 FROM cli-base AS cli-base-az
 RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
+	--mount=type=tmpfs,target=/var/log \
 	apt-get -qq update && \
 	apt-get -qq install --yes --no-install-recommends python3 pip && \
-	pip install azure-cli==2.66.0 --root-user-action=ignore --no-cache-dir --break-system-packages && \
-	apt-get -qq purge pip && \
-	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
+ARG PYPI_MIRROR=https://mirror.kokuwa.io/pypi/simple/
+# pip cache is explicit stored in cache mount
+# hadolint ignore=DL3042
+RUN --mount=type=cache,target=/var/cache pip install azure-cli==2.66.0 \
+		--root-user-action=ignore \
+		--break-system-packages \
+		--cache-dir=/var/cache/.cache/pip \
+		--index-url=$PYPI_MIRROR
 
 FROM cli-base AS cli
 USER 1000:1000
 
 FROM cli-base AS cli-git
 RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
+	--mount=type=tmpfs,target=/var/log \
 	apt-get -qq update && \
 	apt-get -qq install --yes --no-install-recommends git && \
-	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+	rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status
 USER 1000:1000
 
 FROM cli-base-az AS cli-az
@@ -83,7 +88,9 @@ USER 1000:1000
 
 FROM cli-base-az AS cli-az-git
 RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	--mount=type=cache,target=/var/cache \
+	--mount=type=tmpfs,target=/var/log \
 	apt-get -qq update && \
 	apt-get -qq install --yes --no-install-recommends git && \
-	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+	rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status
 USER 1000:1000