Skip to content

Commit da653b7

Browse files
henderkeshenderkes
committed
use github releases for buildroot cache, gha cache for docker images
1 parent f0a86a1 commit da653b7

6 files changed

Lines changed: 182 additions & 45 deletions

File tree

.github/actions/buildroot-cache/action.yml

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
name: Buildroot release cache
2+
description: |
3+
Restore/save buildroot.tar.zst as a GitHub Release asset on the current
4+
repository. Used in place of actions/cache when the asset is too big for
5+
the 10 GB GHA cache. Tag pattern: cache-YYYY-WW (ISO week). Releases are
6+
marked prerelease so they don't appear as "Latest".
7+
8+
inputs:
9+
mode:
10+
required: true
11+
description: '"restore" or "save".'
12+
key:
13+
required: true
14+
description: Cache key ending in -YYYY-WW (e.g. buildroot-rpm-alma10-arm64-zig-2026-19).
15+
fail-on-cache-miss:
16+
required: false
17+
default: 'false'
18+
description: Fail the step if no exact match is found (restore mode only).
19+
path:
20+
required: false
21+
default: buildroot.tar.zst
22+
description: Local file to push/pull.
23+
24+
outputs:
25+
cache-hit:
26+
description: '"true" if an exact-tag match was restored, else "false".'
27+
value: ${{ steps.run.outputs.cache-hit }}
28+
29+
runs:
30+
using: composite
31+
steps:
32+
- id: run
33+
shell: bash
34+
env:
35+
MODE: ${{ inputs.mode }}
36+
KEY: ${{ inputs.key }}
37+
FAIL_ON_MISS: ${{ inputs.fail-on-cache-miss }}
38+
LOCAL_FILE: ${{ inputs.path }}
39+
REPO: ${{ github.repository }}
40+
GH_TOKEN: ${{ github.token }}
41+
run: |
42+
set -euo pipefail
43+
44+
if [[ ! "$KEY" =~ ^(.+)-([0-9]{4}-[0-9]{2})$ ]]; then
45+
echo "::error::key must end in -YYYY-WW: $KEY"
46+
exit 1
47+
fi
48+
EXACT_ASSET="${BASH_REMATCH[1]}.tar.zst"
49+
EXACT_WEEK="${BASH_REMATCH[2]}"
50+
EXACT_TAG="cache-${EXACT_WEEK}"
51+
52+
public_dl() {
53+
local tag="$1" asset="$2"
54+
curl -fsSL "https://github.com/${REPO}/releases/download/${tag}/${asset}" -o "$LOCAL_FILE" 2>/dev/null
55+
}
56+
57+
api() {
58+
curl -sSL -H "Authorization: Bearer $GH_TOKEN" -H "Accept: application/vnd.github+json" "$@"
59+
}
60+
61+
case "$MODE" in
62+
restore)
63+
if public_dl "$EXACT_TAG" "$EXACT_ASSET"; then
64+
echo "cache-hit=true" >> "$GITHUB_OUTPUT"
65+
echo "Restored ${EXACT_TAG}/${EXACT_ASSET}"
66+
exit 0
67+
fi
68+
echo "cache-hit=false" >> "$GITHUB_OUTPUT"
69+
echo "No release asset found for ${KEY}"
70+
if [ "$FAIL_ON_MISS" = "true" ]; then
71+
echo "::error::buildroot cache miss for ${KEY}"
72+
exit 1
73+
fi
74+
;;
75+
save)
76+
# Ensure release exists; ignore 422-already-exists from concurrent siblings.
77+
api -X POST "https://api.github.com/repos/${REPO}/releases" \
78+
-d "$(jq -nc --arg tag "$EXACT_TAG" --arg name "[cache] $EXACT_TAG" --arg body "Buildroot caches for ISO week ${EXACT_WEEK}." \
79+
'{tag_name:$tag, name:$name, body:$body, prerelease:true}')" \
80+
>/dev/null 2>&1 || true
81+
rel_id=$(api "https://api.github.com/repos/${REPO}/releases/tags/${EXACT_TAG}" | jq -r '.id // empty')
82+
if [ -z "$rel_id" ]; then
83+
echo "::error::could not resolve release id for ${EXACT_TAG}"
84+
exit 1
85+
fi
86+
87+
# Clobber: delete existing asset of the same name.
88+
existing=$(api "https://api.github.com/repos/${REPO}/releases/${rel_id}/assets" \
89+
| jq -r --arg n "$EXACT_ASSET" '.[] | select(.name == $n) | .id' | head -1)
90+
if [ -n "$existing" ]; then
91+
api -X DELETE "https://api.github.com/repos/${REPO}/releases/assets/${existing}" >/dev/null
92+
fi
93+
94+
# Upload.
95+
curl -fsSL -X POST \
96+
-H "Authorization: Bearer $GH_TOKEN" \
97+
-H "Content-Type: application/octet-stream" \
98+
--data-binary "@${LOCAL_FILE}" \
99+
"https://uploads.github.com/repos/${REPO}/releases/${rel_id}/assets?name=${EXACT_ASSET}" \
100+
>/dev/null
101+
echo "Uploaded ${EXACT_TAG}/${EXACT_ASSET}"
102+
;;
103+
*)
104+
echo "unknown mode: $MODE"
105+
exit 1
106+
;;
107+
esac

.github/workflows/build-apk-forgejo.yml

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ jobs:
8080
container:
8181
image: ghcr.io/static-php/packages-builder-alpine:latest
8282
permissions:
83-
contents: read
83+
contents: write
8484
packages: read
8585
defaults:
8686
run:
@@ -106,9 +106,9 @@ jobs:
106106
107107
- name: Restore buildroot cache
108108
id: cache
109-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
109+
uses: ./.github/actions/buildroot-cache
110110
with:
111-
path: buildroot.tar.zst
111+
mode: restore
112112
key: ${{ steps.cache-key.outputs.key }}
113113

114114
- name: Prepare cache directories
@@ -153,9 +153,9 @@ jobs:
153153

154154
- name: Save buildroot cache
155155
if: steps.cache.outputs.cache-hit != 'true'
156-
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
156+
uses: ./.github/actions/buildroot-cache
157157
with:
158-
path: buildroot.tar.zst
158+
mode: save
159159
key: ${{ steps.cache-key.outputs.key }}
160160

161161
- name: Upload logs on failure
@@ -238,12 +238,10 @@ jobs:
238238
echo "key=buildroot-apk-${{ matrix.arch }}-${WEEK}" >> $GITHUB_OUTPUT
239239
240240
- name: Restore buildroot cache
241-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
241+
uses: ./.github/actions/buildroot-cache
242242
with:
243-
path: buildroot.tar.zst
243+
mode: restore
244244
key: ${{ steps.cache-key.outputs.key }}
245-
restore-keys: |
246-
buildroot-apk-${{ matrix.arch }}-
247245
fail-on-cache-miss: true
248246

249247
- name: Extract buildroot

.github/workflows/build-deb-forgejo.yml

Lines changed: 14 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ jobs:
8787
container:
8888
image: ghcr.io/static-php/packages-builder-debian:latest
8989
permissions:
90-
contents: read
90+
contents: write
9191
packages: read
9292
defaults:
9393
run:
@@ -122,9 +122,9 @@ jobs:
122122
123123
- name: Restore buildroot cache
124124
id: cache
125-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
125+
uses: ./.github/actions/buildroot-cache
126126
with:
127-
path: buildroot.tar.zst
127+
mode: restore
128128
key: ${{ steps.cache-key.outputs.key }}
129129

130130
- name: Download artifact from spc-download.yml
@@ -169,9 +169,9 @@ jobs:
169169

170170
- name: Save buildroot cache
171171
if: steps.cache.outputs.cache-hit != 'true'
172-
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
172+
uses: ./.github/actions/buildroot-cache
173173
with:
174-
path: buildroot.tar.zst
174+
mode: save
175175
key: ${{ steps.cache-key.outputs.key }}
176176

177177
- name: Upload logs on failure
@@ -208,7 +208,7 @@ jobs:
208208
container:
209209
image: ghcr.io/static-php/packages-builder-debian:latest
210210
permissions:
211-
contents: read
211+
contents: write
212212
packages: read
213213
defaults:
214214
run:
@@ -243,9 +243,9 @@ jobs:
243243
244244
- name: Restore buildroot cache
245245
id: cache
246-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
246+
uses: ./.github/actions/buildroot-cache
247247
with:
248-
path: buildroot.tar.zst
248+
mode: restore
249249
key: ${{ steps.cache-key.outputs.key }}
250250

251251
- name: Download artifact from spc-download.yml
@@ -290,9 +290,9 @@ jobs:
290290

291291
- name: Save buildroot cache
292292
if: steps.cache.outputs.cache-hit != 'true'
293-
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
293+
uses: ./.github/actions/buildroot-cache
294294
with:
295-
path: buildroot.tar.zst
295+
mode: save
296296
key: ${{ steps.cache-key.outputs.key }}
297297

298298
- name: Upload logs on failure
@@ -476,12 +476,10 @@ jobs:
476476
echo "key=buildroot-deb-${{ matrix.arch }}-gcc-${WEEK}" >> $GITHUB_OUTPUT
477477
478478
- name: Restore buildroot cache
479-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
479+
uses: ./.github/actions/buildroot-cache
480480
with:
481-
path: buildroot.tar.zst
481+
mode: restore
482482
key: ${{ steps.cache-key.outputs.key }}
483-
restore-keys: |
484-
buildroot-deb-${{ matrix.arch }}-gcc-
485483
fail-on-cache-miss: true
486484

487485
- name: Extract buildroot
@@ -621,12 +619,10 @@ jobs:
621619
echo "key=buildroot-deb-${{ matrix.arch }}-zig-${WEEK}" >> $GITHUB_OUTPUT
622620
623621
- name: Restore buildroot cache
624-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
622+
uses: ./.github/actions/buildroot-cache
625623
with:
626-
path: buildroot.tar.zst
624+
mode: restore
627625
key: ${{ steps.cache-key.outputs.key }}
628-
restore-keys: |
629-
buildroot-deb-${{ matrix.arch }}-zig-
630626
fail-on-cache-miss: true
631627

632628
- name: Extract buildroot

.github/workflows/build-images.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,8 @@ jobs:
7171
file: ${{ matrix.image.dockerfile }}
7272
platforms: linux/${{ matrix.platform.arch }}
7373
build-args: ${{ matrix.image.build-args }}
74+
cache-from: type=gha,scope=${{ matrix.image.name }}-${{ matrix.platform.arch }}
75+
cache-to: type=gha,scope=${{ matrix.image.name }}-${{ matrix.platform.arch }},mode=max
7476
outputs: type=image,name=${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image.name }},push-by-digest=true,name-canonical=true,push=true
7577

7678
- name: Export digest

.github/workflows/build-rpm-modular-packages.yml

Lines changed: 14 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ jobs:
101101
container:
102102
image: ghcr.io/static-php/packages-builder-rhel-${{ matrix.alma }}:latest
103103
permissions:
104-
contents: read
104+
contents: write
105105
packages: read
106106
defaults:
107107
run:
@@ -138,9 +138,9 @@ jobs:
138138
139139
- name: Restore buildroot cache
140140
id: cache
141-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
141+
uses: ./.github/actions/buildroot-cache
142142
with:
143-
path: buildroot.tar.zst
143+
mode: restore
144144
key: ${{ steps.cache-key.outputs.key }}
145145

146146
- name: Download artifact from spc-download.yml
@@ -184,9 +184,9 @@ jobs:
184184

185185
- name: Save buildroot cache
186186
if: steps.cache.outputs.cache-hit != 'true'
187-
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
187+
uses: ./.github/actions/buildroot-cache
188188
with:
189-
path: buildroot.tar.zst
189+
mode: save
190190
key: ${{ steps.cache-key.outputs.key }}
191191

192192
- name: Upload buildroot
@@ -233,7 +233,7 @@ jobs:
233233
container:
234234
image: ghcr.io/static-php/packages-builder-rhel-${{ matrix.alma }}:latest
235235
permissions:
236-
contents: read
236+
contents: write
237237
packages: read
238238
defaults:
239239
run:
@@ -270,9 +270,9 @@ jobs:
270270
271271
- name: Restore buildroot cache
272272
id: cache
273-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
273+
uses: ./.github/actions/buildroot-cache
274274
with:
275-
path: buildroot.tar.zst
275+
mode: restore
276276
key: ${{ steps.cache-key.outputs.key }}
277277

278278
- name: Download artifact from spc-download.yml
@@ -316,9 +316,9 @@ jobs:
316316

317317
- name: Save buildroot cache
318318
if: steps.cache.outputs.cache-hit != 'true'
319-
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
319+
uses: ./.github/actions/buildroot-cache
320320
with:
321-
path: buildroot.tar.zst
321+
mode: save
322322
key: ${{ steps.cache-key.outputs.key }}
323323

324324
- name: Upload buildroot
@@ -541,12 +541,10 @@ jobs:
541541
echo "key=buildroot-rpm-alma${{ matrix.alma }}-${{ matrix.arch }}-gcc-${WEEK}" >> $GITHUB_OUTPUT
542542
543543
- name: Restore buildroot cache
544-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
544+
uses: ./.github/actions/buildroot-cache
545545
with:
546-
path: buildroot.tar.zst
546+
mode: restore
547547
key: ${{ steps.cache-key.outputs.key }}
548-
restore-keys: |
549-
buildroot-rpm-alma${{ matrix.alma }}-${{ matrix.arch }}-gcc-
550548
fail-on-cache-miss: true
551549

552550
- name: Extract buildroot
@@ -732,12 +730,10 @@ jobs:
732730
echo "key=buildroot-rpm-alma${{ matrix.alma }}-${{ matrix.arch }}-zig-${WEEK}" >> $GITHUB_OUTPUT
733731
734732
- name: Restore buildroot cache
735-
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
733+
uses: ./.github/actions/buildroot-cache
736734
with:
737-
path: buildroot.tar.zst
735+
mode: restore
738736
key: ${{ steps.cache-key.outputs.key }}
739-
restore-keys: |
740-
buildroot-rpm-alma${{ matrix.alma }}-${{ matrix.arch }}-zig-
741737
fail-on-cache-miss: true
742738

743739
- name: Extract buildroot

.github/workflows/buildroot-cache-cleanup.yml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
name: Buildroot cache cleanup
2+
3+
on:
4+
schedule:
5+
# Weekly Mondays at 06:00 UTC, after the new ISO week's caches are populated.
6+
- cron: '0 6 * * 1'
7+
workflow_dispatch:
8+
inputs:
9+
keep:
10+
description: Number of most-recent cache-* releases to keep.
11+
default: '4'
12+
13+
permissions: {}
14+
15+
jobs:
16+
prune:
17+
runs-on: ubuntu-24.04
18+
permissions:
19+
contents: write
20+
steps:
21+
- name: Delete old cache-* releases
22+
env:
23+
GH_TOKEN: ${{ github.token }}
24+
REPO: ${{ github.repository }}
25+
KEEP: ${{ inputs.keep || '4' }}
26+
run: |
27+
set -euo pipefail
28+
# gh pre-installed on ubuntu runners.
29+
tags=$(gh release list --repo "$REPO" --limit 200 --json tagName,isPrerelease \
30+
--jq '.[] | select(.tagName | startswith("cache-")) | .tagName' | sort -r)
31+
total=$(printf '%s\n' "$tags" | grep -c . || true)
32+
echo "Found $total cache-* releases; keeping newest $KEEP"
33+
[ "$total" -le "$KEEP" ] && exit 0
34+
printf '%s\n' "$tags" | tail -n +"$((KEEP + 1))" | while IFS= read -r tag; do
35+
[ -z "$tag" ] && continue
36+
echo "Deleting $tag"
37+
gh release delete "$tag" --repo "$REPO" --yes --cleanup-tag
38+
done

0 commit comments

Comments
 (0)