Skip to content

ci: remove shared Actions caches from release-sensitive workflows#90

Closed
prd-carapulse[bot] wants to merge 3 commits into
mainfrom
hermes/actions-cache-hardening-20260512
Closed

ci: remove shared Actions caches from release-sensitive workflows#90
prd-carapulse[bot] wants to merge 3 commits into
mainfrom
hermes/actions-cache-hardening-20260512

Conversation

@prd-carapulse
Copy link
Copy Markdown
Contributor

@prd-carapulse prd-carapulse Bot commented May 12, 2026
edited by tarikbellamine
Loading

Summary

  • Remove setup-node yarn caching from the shared install action used by the manual npm release workflow.
  • Stop restoring/saving Forge compilation caches in the pull_request Foundry workflow.
  • Delete the now-unused install-cache composite action.
  • Pin setup-node and foundry-toolchain in the shared install action to satisfy the repository Actions policy.

Request Context

  • Initiator: tarik (Slack display name; GitHub login unresolved)
  • Initial Slack thread: Slack channel C0B3Z936HR6, thread_ts 1778551077.528289
  • Rationale: Requested to prevent GitHub Actions cache poisoning pattern.

Verification

  • git diff --check
  • CI failure follow-up: pinned external actions used by the shared install composite action.
  • Text check: no .github workflow/action file still references actions/cache, cache: yarn, or install-cache.

Notes

  • No GitHub assignee was added because I only have the Slack display name tarik, and I do not want to guess a GitHub login.
  • This PR only changes GitHub Actions cache usage; it does not change product/runtime code.

prd-carapulse Bot added 2 commits May 12, 2026 04:12
@prd-carapulse
ci: remove shared Actions caches from workflows
efc764b 
- Remove setup-node yarn caching from the shared install action used by the manual npm release workflow.
- Stop restoring/saving Forge compilation caches in the pull_request Foundry workflow.
- Delete the now-unused install-cache composite action.
@prd-carapulse
ci: pin install action dependencies
1ddaf84 
Pin the external actions used by the shared install composite action so the cache-hardening PR satisfies the repository Actions policy.
tarikbellamine
tarikbellamine previously approved these changes May 15, 2026
View reviewed changes
@prd-carapulse
Merge branch 'main' into hermes/actions-cache-hardening-20260512
f09de2e 
Resolve PR #90 cache-removal conflicts after pnpm migration.
Keep shared Actions cache removal, preserve pnpm workflow updates, and fix nested pnpm enable steps.
@prd-carapulse
Copy link
Copy Markdown
Contributor Author

prd-carapulse Bot commented May 15, 2026

Resolved merge conflicts in f09de2e.

Resolution:

  • Kept PR ci: remove shared Actions caches from release-sensitive workflows #90 cache removal: .github/actions/install-cache/action.yml stays deleted.
  • Updated Foundry jobs to use ./.github/actions/install and removed forge cache save/restore.
  • Preserved main's pnpm migration and removed the malformed nested Enable pnpm steps from affected workflows; pnpm setup now lives in the shared install action.

Verification:

  • Parsed all .github/**/*.yml / .yaml with PyYAML.
  • pnpm install --frozen-lockfile --ignore-scripts
  • pnpm run lint
  • pnpm run build:forge --force --sizes
  • pnpm run build:hardhat --force
  • Remote checks on f09de2e: lint, Foundry compilation/tests, Hardhat gas tests, and Aikido are green. Certora still finishing.

PR is now MERGEABLE; current blocker is review re-approval after head update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarikbellamine tarikbellamine tarikbellamine left review comments

@QGarchery QGarchery Awaiting requested review from QGarchery

@MathisGD MathisGD Awaiting requested review from MathisGD

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tarikbellamine