diff --git a/.github/workflows/backend-ci.yml b/.github/workflows/backend-ci.yml index 929a38d8c..ddf21f7a2 100644 --- a/.github/workflows/backend-ci.yml +++ b/.github/workflows/backend-ci.yml @@ -30,6 +30,7 @@ jobs: with: go-version: "1.24" cache: true + cache-dependency-path: veza-backend-api/go.sum - name: Download deps run: go mod download @@ -40,10 +41,19 @@ jobs: test -z "$(gofmt -l .)" working-directory: veza-backend-api + - name: Cache govulncheck binary + id: govulncheck-cache + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: ~/go/bin/govulncheck + key: ${{ runner.os }}-govulncheck-latest + - name: Run govulncheck run: | - go install golang.org/x/vuln/cmd/govulncheck@latest - govulncheck ./... + if [ ! -x "$HOME/go/bin/govulncheck" ]; then + go install golang.org/x/vuln/cmd/govulncheck@latest + fi + $HOME/go/bin/govulncheck ./... - name: Run unit tests with coverage run: > @@ -145,6 +155,7 @@ jobs: with: go-version: "1.24" cache: true + cache-dependency-path: veza-backend-api/go.sum - name: Download deps run: go mod download diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac9fce94b..9bc1205b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,15 +27,31 @@ jobs: with: go-version: "1.24" cache: true + # go.mod/go.sum live under veza-backend-api, not repo root. + # Without this, setup-go warns "Dependencies file is not + # found" and skips the mod cache → adds ~60-90s per run. + cache-dependency-path: veza-backend-api/go.sum + + - name: Cache Go tool binaries + id: go-tools-cache + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: ~/go/bin + key: ${{ runner.os }}-go-tools-govulncheck-golangci-lint-v2 - name: Install Go tools # NOTE: golangci-lint v2 lives under the /v2/ module path. # The old /cmd/ path still resolves to v1.64.x, which rejects # v2-format .golangci.yml with "please use golangci-lint v2". + # Pinned versions so the cache key stays stable. + if: steps.go-tools-cache.outputs.cache-hit != 'true' run: | go install golang.org/x/vuln/cmd/govulncheck@latest go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest + - name: Add ~/go/bin to PATH + run: echo "$HOME/go/bin" >> $GITHUB_PATH + - name: Build run: go build ./... working-directory: veza-backend-api @@ -117,12 +133,24 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Cache rustup toolchain + id: rustup-cache + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: | + ~/.rustup + ~/.cargo/bin + key: ${{ runner.os }}-rustup-stable-rustfmt-clippy + - name: Set up Rust + if: steps.rustup-cache.outputs.cache-hit != 'true' run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component rustfmt,clippy - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - name: Cache Cargo + - name: Add ~/.cargo/bin to PATH + run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: Cache Cargo deps and target uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: | @@ -130,6 +158,8 @@ jobs: ~/.cargo/git veza-stream-server/target key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- - name: Build run: cargo build @@ -152,8 +182,10 @@ jobs: working-directory: veza-stream-server - name: Security audit + # cargo-audit is cached with the rustup toolchain (~/.cargo/bin), + # so the install is a no-op on warm cache. run: | - cargo install cargo-audit 2>/dev/null || true + command -v cargo-audit >/dev/null || cargo install cargo-audit --locked cargo audit working-directory: veza-stream-server diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 6b813993f..b190b2148 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -4,10 +4,12 @@ on: branches: [main] paths: - "veza-stream-server/**" + - ".github/workflows/rust-ci.yml" pull_request: branches: [main] paths: - "veza-stream-server/**" + - ".github/workflows/rust-ci.yml" env: GIT_SSL_NO_VERIFY: "true" @@ -18,10 +20,34 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Cache rustup toolchain + id: rustup-cache + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: | + ~/.rustup + ~/.cargo/bin + key: ${{ runner.os }}-rustup-stable-clippy-tarpaulin + - name: Set up Rust + if: steps.rustup-cache.outputs.cache-hit != 'true' run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component clippy - echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: Add ~/.cargo/bin to PATH + run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: Cache Cargo deps and target + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + veza-stream-server/target + key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- - name: Clippy lint # NOTE: -D warnings temporarily lifted (see ci.yml Clippy step). @@ -33,7 +59,8 @@ jobs: working-directory: veza-stream-server - name: Install cargo-tarpaulin - run: cargo install cargo-tarpaulin + # Cached via rustup-cache (~/.cargo/bin). Skip rebuild on warm cache. + run: command -v cargo-tarpaulin >/dev/null || cargo install cargo-tarpaulin --locked - name: Measure coverage run: cargo tarpaulin --out json --output-dir target/coverage --timeout 300 --skip-clean diff --git a/.github/workflows/stream-ci.yml b/.github/workflows/stream-ci.yml index 2a11ff0d3..693c34440 100644 --- a/.github/workflows/stream-ci.yml +++ b/.github/workflows/stream-ci.yml @@ -27,18 +27,42 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Cache rustup toolchain + id: rustup-cache + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: | + ~/.rustup + ~/.cargo/bin + key: ${{ runner.os }}-rustup-stable-clippy-audit + - name: Set up Rust + if: steps.rustup-cache.outputs.cache-hit != 'true' run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --component clippy - echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: Add ~/.cargo/bin to PATH + run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: Cache Cargo deps and target + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + veza-stream-server/target + key: ${{ runner.os }}-cargo-${{ hashFiles('veza-stream-server/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- - name: Lint with clippy # NOTE: -D warnings temporarily lifted (see ci.yml Clippy step). run: cargo clippy --all-targets - name: Audit dependencies + # cargo-audit is cached with the rustup toolchain (~/.cargo/bin). run: | - cargo install cargo-audit 2>/dev/null || true + command -v cargo-audit >/dev/null || cargo install cargo-audit --locked cargo audit working-directory: veza-stream-server