Refresh ccache TTL #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Refresh ccache TTL | |
| on: | |
| # We use ccache with github save/restore to dramatically cut kernel build times. | |
| # This works well, but GH has a 10GB limit for all cache entries, | |
| # and a 7-day TTL for *each* cache entry. Which means that if we don't build a kernel for a week, | |
| # we lose our cache benefit entirely, which stinks. The *correct* way to work around this is | |
| # to replace GH's cache action with one that saves/restores directly from a dedicated S3 bucket | |
| # we set up and manage. | |
| # | |
| # What *this* does is save/restore the cache every 4 days, well within the 7-day TTL, | |
| # to keep GH from expiring them. Which is disgusting, but cheap. | |
| schedule: | |
| - cron: "0 0 */4 * *" | |
| workflow_dispatch: | |
| jobs: | |
| discover: | |
| name: discover cache keys | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.list.outputs.matrix }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: list ccache entries | |
| id: list | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # List main-scoped ccache-* cache keys, strip the run_id suffix to deduplicate | |
| # by flavor/arch. We specifically skip non-main branches, becuse we only want to save/restore | |
| # from main - in GH, PR branches can use `main` caches, but main cannot see PR branch caches, | |
| # and saving duplicated PR branch caches counts against our 10GB github limit | |
| matrix=$(gh api "/repos/${{ github.repository }}/actions/caches" --paginate \ | |
| --jq '[.actions_caches[] | |
| | select(.ref == "refs/heads/main" and (.key | startswith("ccache-"))) | |
| | {prefix: (.key | gsub("-[0-9]+$"; ""))}] | |
| | unique_by(.prefix) | |
| | {entry: .}') | |
| echo "matrix=$matrix" >> "$GITHUB_OUTPUT" | |
| refresh: | |
| name: "refresh ${{ matrix.entry.prefix }}" | |
| needs: discover | |
| if: needs.discover.outputs.matrix != '{"entry":[]}' | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.discover.outputs.matrix) }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: restore ccache | |
| id: restore | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.2 | |
| with: | |
| path: ~/.cache/kernel-ccache | |
| key: "${{ matrix.entry.prefix }}-${{ github.run_id }}" | |
| restore-keys: | | |
| ${{ matrix.entry.prefix }}- | |
| - name: save ccache | |
| if: steps.restore.outputs.cache-matched-key != '' | |
| uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.2 | |
| with: | |
| path: ~/.cache/kernel-ccache | |
| key: "${{ matrix.entry.prefix }}-${{ github.run_id }}" |