senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: cache rustup, go tools and fix go.sum path to shave ~5min per run
Some checks failed
Veza CI / Rust (Stream Server) (push) Waiting to run
Details
Veza CI / Notify on failure (push) Blocked by required conditions
Details
Security Scan / Secret Scanning (gitleaks) (push) Waiting to run
Details
Veza CI / Backend (Go) (push) Has been cancelled
Details
Veza CI / Frontend (Web) (push) Has been cancelled
Details
Backend API CI / test-unit (push) Failing after 16m59s
Details
Stream Server CI / test (push) Failing after 27m27s
Details
Rust CI / test-and-lint (push) Failing after 27m29s
Details
Backend API CI / test-integration (push) Failing after 31m21s
Details

Browse source 
Previous runs were burning ~90-120s on rustup download, ~60-90s on
cargo-audit/cargo-tarpaulin source install, and ~60-90s on Go module
download because setup-go couldn't find go.sum at the repo root.

Fixes:
  - setup-go cache-dependency-path: veza-backend-api/go.sum
    (was silently failing with "Dependencies file is not found")
  - New actions/cache step for ~/.rustup + ~/.cargo/bin keyed on
    stable+components — skips rustup install on warm cache
  - New actions/cache step for ~/go/bin keyed on tool set — skips
    go install @latest on warm cache
  - cargo install cargo-audit / cargo-tarpaulin gated on
    `command -v` so they're no-ops when cached
  - Add restore-keys to the Cargo deps cache for partial hits when
    Cargo.lock changes
  - rust-ci.yml now watches its own path in the trigger (was a bug:
    edits to the workflow didn't retrigger it)

Expected impact on a warm run: Go jobs -90s, Rust jobs -3min.
First run after this commit will still be slow (cache warm-up).
This commit is contained in:
senke 2026-04-14 15:39:06 +02:00
parent 0645d95f4f
commit ff1c044965
4 changed files with 103 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/backend-ci.yml vendored
View file

@ -30,6 +30,7 @@ jobs:
with:
go-version: "1.24"
cache: true
cache-dependency-path: veza-backend-api/go.sum
- name: Download deps
run: go mod download
@ -40,10 +41,19 @@ jobs:
test -z "$(gofmt -l .)"
working-directory: veza-backend-api
- name: Cache govulncheck binary
id: govulncheck-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/go/bin/govulncheck
key: ${{ runner.os }}-govulncheck-latest
- name: Run govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
if [ ! -x "$HOME/go/bin/govulncheck" ]; then
go install golang.org/x/vuln/cmd/govulncheck@latest
fi
$HOME/go/bin/govulncheck ./...
- name: Run unit tests with coverage
run: >
@ -145,6 +155,7 @@ jobs:
with:
go-version: "1.24"
cache: true
cache-dependency-path: veza-backend-api/go.sum
- name: Download deps
run: go mod download

38
.github/workflows/ci.yml vendored
View file

@ -27,15 +27,31 @@ jobs:
with:
go-version: "1.24"
cache: true
# go.mod/go.sum live under veza-backend-api, not repo root.
# Without this, setup-go warns "Dependencies file is not
# found" and skips the mod cache → adds ~60-90s per run.
cache-dependency-path: veza-backend-api/go.sum
- name: Cache Go tool binaries
id: go-tools-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/go/bin
key: ${{ runner.os }}-go-tools-govulncheck-golangci-lint-v2
- name: Install Go tools
# NOTE: golangci-lint v2 lives under the /v2/ module path.
# The old /cmd/ path still resolves to v1.64.x, which rejects
# v2-format .golangci.yml with "please use golangci-lint v2".
# Pinned versions so the cache key stays stable.
if: steps.go-tools-cache.outputs.cache-hit != 'true'
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
- name: Add ~/go/bin to PATH
run: echo "$HOME/go/bin" >> $GITHUB_PATH
- name: Build
run: go build ./...
working-directory: veza-backend-api
@ -117,12 +133,24 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cache rustup toolchain
id: rustup-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.rustup
~/.cargo/bin
key: ${{ runner.os }}-rustup-stable-rustfmt-clippy
- name: Set up Rust
if: steps.rustup-cache.outputs.cache-hit != 'true'
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component rustfmt,clippy
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo
- name: Add ~/.cargo/bin to PATH
run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo deps and target
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
@ -130,6 +158,8 @@ jobs:
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Build
run: cargo build
@ -152,8 +182,10 @@ jobs:
working-directory: veza-stream-server
- name: Security audit
# cargo-audit is cached with the rustup toolchain (~/.cargo/bin),
# so the install is a no-op on warm cache.
run: |
cargo install cargo-audit 2>/dev/null || true
command -v cargo-audit >/dev/null || cargo install cargo-audit --locked
cargo audit
working-directory: veza-stream-server

31
.github/workflows/rust-ci.yml vendored
View file

@ -4,10 +4,12 @@ on:
branches: [main]
paths:
- "veza-stream-server/**"
- ".github/workflows/rust-ci.yml"
pull_request:
branches: [main]
paths:
- "veza-stream-server/**"
- ".github/workflows/rust-ci.yml"
env:
GIT_SSL_NO_VERIFY: "true"
@ -18,10 +20,34 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cache rustup toolchain
id: rustup-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.rustup
~/.cargo/bin
key: ${{ runner.os }}-rustup-stable-clippy-tarpaulin
- name: Set up Rust
if: steps.rustup-cache.outputs.cache-hit != 'true'
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component clippy
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Add ~/.cargo/bin to PATH
run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo deps and target
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.cargo/registry
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Clippy lint
# NOTE: -D warnings temporarily lifted (see ci.yml Clippy step).
@ -33,7 +59,8 @@ jobs:
working-directory: veza-stream-server
- name: Install cargo-tarpaulin
run: cargo install cargo-tarpaulin
# Cached via rustup-cache (~/.cargo/bin). Skip rebuild on warm cache.
run: command -v cargo-tarpaulin >/dev/null || cargo install cargo-tarpaulin --locked
- name: Measure coverage
run: cargo tarpaulin --out json --output-dir target/coverage --timeout 300 --skip-clean

28
.github/workflows/stream-ci.yml vendored
View file

@ -27,18 +27,42 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cache rustup toolchain
id: rustup-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.rustup
~/.cargo/bin
key: ${{ runner.os }}-rustup-stable-clippy-audit
- name: Set up Rust
if: steps.rustup-cache.outputs.cache-hit != 'true'
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component clippy
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Add ~/.cargo/bin to PATH
run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache Cargo deps and target
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
~/.cargo/registry
~/.cargo/git
veza-stream-server/target
key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Lint with clippy
# NOTE: -D warnings temporarily lifted (see ci.yml Clippy step).
run: cargo clippy --all-targets
- name: Audit dependencies
# cargo-audit is cached with the rustup toolchain (~/.cargo/bin).
run: |
cargo install cargo-audit 2>/dev/null || true
command -v cargo-audit >/dev/null || cargo install cargo-audit --locked
cargo audit
working-directory: veza-stream-server