Skip to content

Commit c2a8f77

Browse files
authored
Merge pull request #10731 from julek-wolfssl/ci-cache-save-on-master
CI: only save dependency caches on master, restore on PRs
2 parents 6fcf188 + 84d2774 commit c2a8f77

8 files changed

Lines changed: 141 additions & 57 deletions

File tree

.github/workflows/haproxy.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
pull_request:
88
types: [opened, synchronize, reopened, ready_for_review]
99
branches: [ '*' ]
10+
# Daily run on master reseeds the shared cache (see save step below).
11+
schedule:
12+
- cron: '0 4 * * *'
1013

1114
concurrency:
1215
group: ${{ github.workflow }}-${{ github.ref }}
@@ -71,8 +74,8 @@ jobs:
7174
run: tar -xf build-dir.tgz
7275

7376
# check cache for haproxy if not there then download it
74-
- name: Check haproxy cache
75-
uses: actions/cache@v5
77+
- name: Restore haproxy cache
78+
uses: actions/cache/restore@v5
7679
id: cache-haproxy
7780
with:
7881
path: build-dir/haproxy-${{matrix.haproxy_ref}}
@@ -87,6 +90,14 @@ jobs:
8790
path: build-dir/haproxy-${{matrix.haproxy_ref}}
8891
fetch-depth: 1
8992

93+
# Only master (the daily schedule) saves, so all PRs share one entry.
94+
- name: Save haproxy cache
95+
if: github.ref == 'refs/heads/master' && steps.cache-haproxy.outputs.cache-hit != 'true'
96+
uses: actions/cache/save@v5
97+
with:
98+
path: build-dir/haproxy-${{matrix.haproxy_ref}}
99+
key: haproxy-${{matrix.haproxy_ref}}
100+
90101
- name: Build haproxy
91102
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
92103
run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"

.github/workflows/hostap-vm.yml

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
pull_request:
88
types: [opened, synchronize, reopened, ready_for_review]
99
branches: [ '*' ]
10+
# Daily run on master reseeds the shared cache (see save steps below).
11+
schedule:
12+
- cron: '40 5 * * *'
1013

1114
concurrency:
1215
group: ${{ github.workflow }}-${{ github.ref }}
@@ -72,7 +75,7 @@ jobs:
7275
timeout-minutes: 10
7376
steps:
7477
- name: Checking if we have hostap in cache
75-
uses: actions/cache@v5
78+
uses: actions/cache/restore@v5
7679
id: cache
7780
with:
7881
path: hostap
@@ -82,6 +85,14 @@ jobs:
8285
if: steps.cache.outputs.cache-hit != 'true'
8386
run: git clone https://w1.fi/hostap.git hostap
8487

88+
# Only master (the daily schedule) saves, so all PRs share one entry.
89+
- name: Save hostap cache
90+
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
91+
uses: actions/cache/save@v5
92+
with:
93+
path: hostap
94+
key: hostap-repo
95+
8596
- name: tar hostap
8697
run: tar -zcf hostap.tgz hostap
8798

@@ -101,7 +112,7 @@ jobs:
101112
needs: checkout_hostap
102113
steps:
103114
- name: Checking if we have kernel in cache
104-
uses: actions/cache@v5
115+
uses: actions/cache/restore@v5
105116
id: cache
106117
with:
107118
path: linux/linux
@@ -133,6 +144,14 @@ jobs:
133144
cd linux
134145
yes "" | ARCH=um make -j $(nproc)
135146
147+
# Only master (the daily schedule) saves, so all PRs share one entry.
148+
- name: Save kernel cache
149+
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
150+
uses: actions/cache/save@v5
151+
with:
152+
path: linux/linux
153+
key: hostap-linux-${{ env.LINUX_REF }}
154+
136155
- name: Upload kernel binary
137156
uses: actions/upload-artifact@v6
138157
with:

.github/workflows/mbedtls.yml

Lines changed: 35 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
pull_request:
88
types: [opened, synchronize, reopened, ready_for_review]
99
branches: [ '*' ]
10+
# Daily run on master reseeds the shared cache (see save steps below).
11+
schedule:
12+
- cron: '20 4 * * *'
1013

1114
concurrency:
1215
group: ${{ github.workflow }}-${{ github.ref }}
@@ -25,7 +28,7 @@ jobs:
2528
timeout-minutes: 10
2629
steps:
2730
- name: Checking if we have mbed in cache
28-
uses: actions/cache@v5
31+
uses: actions/cache/restore@v5
2932
id: cache
3033
with:
3134
path: mbedtls
@@ -54,6 +57,28 @@ jobs:
5457
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
5558
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
5659
60+
# Only master (the daily schedule) saves, so all PRs share one entry.
61+
- name: Save mbedtls cache
62+
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
63+
uses: actions/cache/save@v5
64+
with:
65+
path: mbedtls
66+
key: mbedtls-${{ env.MBED_REF }}
67+
68+
# On a cache miss, hand the freshly built mbedtls to mbedtls_test via an
69+
# artifact so it is not compiled a second time in the same run.
70+
- name: tar mbedtls
71+
if: steps.cache.outputs.cache-hit != 'true'
72+
run: tar -zcf mbedtls.tgz mbedtls
73+
74+
- name: Upload mbedtls build
75+
if: steps.cache.outputs.cache-hit != 'true'
76+
uses: actions/upload-artifact@v6
77+
with:
78+
name: mbedtls-build
79+
path: mbedtls.tgz
80+
retention-days: 1
81+
5782
mbedtls_test:
5883
name: Test interop with mbedtls
5984
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
@@ -64,33 +89,25 @@ jobs:
6489
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
6590
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
6691

92+
# Restore only: the build_mbedtls job (master/schedule) owns the save.
6793
- name: Checking if we have mbed in cache
68-
uses: actions/cache@v5
94+
uses: actions/cache/restore@v5
6995
id: cache
7096
with:
7197
path: mbedtls
7298
key: mbedtls-${{ env.MBED_REF }}
7399

74-
- name: Checkout mbedtls (fallback on cache miss)
100+
# On a cache miss, reuse the build_mbedtls artifact instead of
101+
# recompiling. master restores from the cache above instead.
102+
- name: Download mbedtls build (fallback on cache miss)
75103
if: steps.cache.outputs.cache-hit != 'true'
76-
uses: actions/checkout@v5
104+
uses: actions/download-artifact@v7
77105
with:
78-
repository: Mbed-TLS/mbedtls
79-
ref: ${{ env.MBED_REF }}
80-
path: mbedtls
81-
fetch-depth: 1
106+
name: mbedtls-build
82107

83-
- name: Compile mbedtls (fallback on cache miss)
108+
- name: untar mbedtls (fallback on cache miss)
84109
if: steps.cache.outputs.cache-hit != 'true'
85-
working-directory: mbedtls
86-
run: |
87-
git submodule update --init
88-
mkdir build
89-
cd build
90-
cmake ..
91-
make -j$(nproc)
92-
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
93-
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
110+
run: tar -xf mbedtls.tgz
94111

95112
- name: Build wolfSSL
96113
uses: wolfSSL/actions-build-autotools-project@v1

.github/workflows/msys2.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ jobs:
2727
msystem: msys
2828
update: true
2929
install: git gcc autotools base-devel autoconf netcat
30+
# Per-PR cache entries can't be shared across PRs; the action
31+
# offers no master-only save, so disable caching entirely.
32+
cache: false
3033
- name: configure wolfSSL
3134
run: ./autogen.sh && ./configure --disable-sys-ca-certs CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
3235
- name: build wolfSSL

.github/workflows/nss.yml

Lines changed: 35 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
pull_request:
1010
types: [opened, synchronize, reopened, ready_for_review]
1111
branches: [ '*' ]
12+
# Daily run on master reseeds the shared cache (see save steps below).
13+
schedule:
14+
- cron: '40 4 * * *'
1215

1316
concurrency:
1417
group: ${{ github.workflow }}-${{ github.ref }}
@@ -33,7 +36,7 @@ jobs:
3336
fetch-depth: 1
3437

3538
- name: Checking if we have nss in cache
36-
uses: actions/cache@v5
39+
uses: actions/cache/restore@v5
3740
id: cache
3841
with:
3942
path: dist
@@ -63,49 +66,54 @@ jobs:
6366
cd nss
6467
./build.sh
6568
69+
# Only master (the daily schedule) saves, so all PRs share one entry.
70+
- name: Save nss cache
71+
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
72+
uses: actions/cache/save@v5
73+
with:
74+
path: dist
75+
key: nss-${{ env.NSS_REF }}
76+
77+
# On a cache miss, hand the freshly built dist/ to nss_test via an
78+
# artifact so nss is not compiled a second time in the same run.
79+
- name: tar nss dist
80+
if: steps.cache.outputs.cache-hit != 'true'
81+
run: tar -zcf nss-dist.tgz dist
82+
83+
- name: Upload nss build
84+
if: steps.cache.outputs.cache-hit != 'true'
85+
uses: actions/upload-artifact@v6
86+
with:
87+
name: nss-build
88+
path: nss-dist.tgz
89+
retention-days: 1
90+
6691
nss_test:
6792
name: Test interop with nss
6893
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
6994
runs-on: ubuntu-24.04
7095
needs: build_nss
7196
timeout-minutes: 30
7297
steps:
98+
# Restore only: the build_nss job (master/schedule) owns the save.
7399
- name: Checking if we have nss in cache
74-
uses: actions/cache@v5
100+
uses: actions/cache/restore@v5
75101
id: cache
76102
with:
77103
path: dist
78104
key: nss-${{ env.NSS_REF }}
79105

80-
- name: Checkout wolfSSL CI actions (fallback on cache miss)
81-
if: steps.cache.outputs.cache-hit != 'true'
82-
uses: actions/checkout@v5
83-
with:
84-
sparse-checkout: .github/actions
85-
fetch-depth: 1
86-
87-
- name: Install dependencies (fallback on cache miss)
106+
# On a cache miss, reuse the build_nss artifact instead of recompiling.
107+
# master restores from the cache above instead.
108+
- name: Download nss build (fallback on cache miss)
88109
if: steps.cache.outputs.cache-hit != 'true'
89-
uses: ./.github/actions/install-apt-deps
110+
uses: actions/download-artifact@v7
90111
with:
91-
packages: gyp ninja-build
92-
ghcr-debs-tag: ubuntu-24.04-full
112+
name: nss-build
93113

94-
- name: Checkout nss (fallback on cache miss)
114+
- name: untar nss dist (fallback on cache miss)
95115
if: steps.cache.outputs.cache-hit != 'true'
96-
uses: actions/checkout@v5
97-
with:
98-
repository: nss-dev/nss
99-
ref: ${{ env.NSS_REF }}
100-
path: nss
101-
fetch-depth: 1
102-
103-
- name: Compile nss (fallback on cache miss)
104-
if: steps.cache.outputs.cache-hit != 'true'
105-
run: |
106-
hg clone https://hg.mozilla.org/projects/nspr
107-
cd nss
108-
./build.sh
116+
run: tar -xf nss-dist.tgz
109117

110118
- name: Build wolfSSL
111119
uses: wolfSSL/actions-build-autotools-project@v1

.github/workflows/ntp.yml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ on:
77
pull_request:
88
types: [opened, synchronize, reopened, ready_for_review]
99
branches: [ '*' ]
10+
# Daily run on master reseeds the shared cache (see save step below).
11+
schedule:
12+
- cron: '0 5 * * *'
1013

1114
concurrency:
1215
group: ${{ github.workflow }}-${{ github.ref }}
@@ -70,7 +73,7 @@ jobs:
7073

7174
# Avoid DoS'ing ntp site so cache the tar.gz
7275
- name: Check if we have ntp
73-
uses: actions/cache@v5
76+
uses: actions/cache/restore@v5
7477
id: cache
7578
with:
7679
path: ntp-${{ matrix.ref }}.tar.gz
@@ -81,6 +84,14 @@ jobs:
8184
run: |
8285
wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
8386
87+
# Only master (the daily schedule) saves, so all PRs share one entry.
88+
- name: Save ntp cache
89+
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
90+
uses: actions/cache/save@v5
91+
with:
92+
path: ntp-${{ matrix.ref }}.tar.gz
93+
key: ntp-${{ matrix.ref }}.tar.gz
94+
8495
- name: Extract ntp
8596
run: |
8697
tar -xf ntp-${{ matrix.ref }}.tar.gz

.github/workflows/pic32mz-sim.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ on:
55
push:
66
branches: [ 'master', 'main', 'release/**' ]
77
pull_request:
8+
types: [opened, synchronize, reopened, ready_for_review]
89
branches: [ '*' ]
910
# Weekend cron and manual workflow_dispatch refresh the shared ghcr build
1011
# cache that PR runs read (cache-to below is gated to those two events).
@@ -34,7 +35,7 @@ permissions:
3435
jobs:
3536
pic32mz_sim:
3637
name: wolfCrypt on PIC32MZ ${{ matrix.chip_label }} (${{ matrix.port_label }})
37-
if: github.repository_owner == 'wolfssl'
38+
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
3839
runs-on: ubuntu-24.04
3940
timeout-minutes: 30
4041
strategy:

.github/workflows/threadx.yml

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,12 @@ on:
66
pull_request:
77
types: [opened, synchronize, reopened, ready_for_review]
88
branches: [ '*' ]
9+
# Daily run on master reseeds the shared cache (see save step below).
10+
schedule:
11+
- cron: '20 5 * * *'
12+
13+
env:
14+
NETXDUO_REF: v6.4.3_rel
915

1016
jobs:
1117
build:
@@ -15,22 +21,30 @@ jobs:
1521
timeout-minutes: 10
1622

1723
steps:
18-
- name: Cache NetXDuo bundle
24+
- name: Restore NetXDuo bundle cache
1925
id: cache-netxduo
20-
uses: actions/cache@v5
26+
uses: actions/cache/restore@v5
2127
with:
22-
path: ./v6.4.3_rel.tar.gz
23-
key: netxduo-bundle-v6.4.3_rel
28+
path: ./${{ env.NETXDUO_REF }}.tar.gz
29+
key: netxduo-bundle-${{ env.NETXDUO_REF }}
2430

2531
- name: Download NetXDuo bundle if not cached
2632
if: steps.cache-netxduo.outputs.cache-hit != 'true'
2733
run: |
28-
wget https://github.com/eclipse-threadx/netxduo/archive/refs/tags/v6.4.3_rel.tar.gz
34+
wget https://github.com/eclipse-threadx/netxduo/archive/refs/tags/${{ env.NETXDUO_REF }}.tar.gz
35+
36+
# Only master (the daily schedule) saves, so all PRs share one entry.
37+
- name: Save NetXDuo bundle cache
38+
if: github.ref == 'refs/heads/master' && steps.cache-netxduo.outputs.cache-hit != 'true'
39+
uses: actions/cache/save@v5
40+
with:
41+
path: ./${{ env.NETXDUO_REF }}.tar.gz
42+
key: netxduo-bundle-${{ env.NETXDUO_REF }}
2943

3044
- name: Extract NetXDuo bundle
3145
run: |
3246
mkdir -p netxduo_src
33-
tar -xzf v6.4.3_rel.tar.gz -C netxduo_src --strip-components=1
47+
tar -xzf ${{ env.NETXDUO_REF }}.tar.gz -C netxduo_src --strip-components=1
3448
3549
- name: Install NetXDuo Dependencies
3650
working-directory: ./netxduo_src

0 commit comments

Comments
 (0)