Clean up CI; adjust CI caching (#169)

* Adjust Docker image cache settings. The cache is not being used effectively for whatever reason (see #163), and the previous setting of `mode=max` ended up quickly causing the cache to thrash. Now, use `mode=min`. * Remove CI cruft and rename some matrix build fields for clarity * In release builds, disable caching
praetorian-inc · Apr 10, 2024 · 947ee20 · 947ee20
1 parent f2b1d1d
commit 947ee20
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 49 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -49,20 +49,14 @@ env:
 
 jobs:
   tests:
-    name: CI
+    name: CI (${{ matrix.name }})
 
     runs-on: ${{ matrix.os }}
 
     strategy:
       matrix:
-        build:
-        - macos-13.arm64.stable.test
-        - macos-12.x86_64.stable.test
-        - ubuntu-20.04.x86_64.stable.release
-        - ubuntu-22.04.x86_64.stable.test
-
         include:
-        - build: ubuntu-20.04.x86_64.stable.release
+        - name: ubuntu-20.04.x86_64.stable.release
           os: ubuntu-20.04
           rust: stable
           profile: release
@@ -73,7 +67,7 @@ jobs:
           check_docs: false
           run_tests: true
 
-        - build: ubuntu-22.04.x86_64.stable.test
+        - name: ubuntu-22.04.x86_64.stable.test
           os: ubuntu-22.04
           rust: stable
           profile: test
@@ -84,7 +78,7 @@ jobs:
           check_docs: true
           run_tests: true
 
-        - build: macos-12.x86_64.stable.test
+        - name: macos-12.x86_64.stable.test
           os: macos-12
           rust: stable
           profile: test
@@ -95,7 +89,7 @@ jobs:
           check_docs: false
           run_tests: true
 
-        - build: macos-13.arm64.stable.test
+        - name: macos-13.arm64.stable.test
           os: macos-13-xlarge  # m1-based macos
           rust: stable
           profile: test
@@ -122,12 +116,15 @@ jobs:
       uses: Swatinem/rust-cache@v2
       with:
         prefix-key: 'ci-tests'
-        key: ${{ matrix.build }}
+        key: ${{ matrix.name }}
 
     - name: Build tests
       if: ${{ matrix.run_tests }}
       run: cargo test --no-run --locked --verbose --profile=${{ matrix.profile }} --features=${{ matrix.features }} --timings
 
+    - name: Nosey Parker version
+      run: cargo run --locked --verbose --profile=${{ matrix.profile }} --features=${{ matrix.features }} -- --version
+
     - name: Run tests
       if: ${{ matrix.run_tests }}
       env:
@@ -147,6 +144,6 @@ jobs:
     - name: Upload build timings
       uses: actions/upload-artifact@v4
       with:
-        name: build-timings.${{ matrix.build }}
+        name: build-timings.${{ matrix.name }}
         path: target/cargo-timings
         if-no-files-found: error
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -10,20 +10,16 @@ jobs:
   build:
     strategy:
       matrix:
-        build:
-        - debian
-        - alpine
-
         include:
-        - build: debian
+        - name: debian
           dockerfile: Dockerfile
           image: ghcr.io/${{ github.repository }}
 
-        - build: alpine
+        - name: alpine
           dockerfile: Dockerfile.alpine
           image: ghcr.io/${{ github.repository }}-alpine
 
-    name: Docker
+    name: Docker (${{ matrix.name }})
     runs-on: ubuntu-22.04
 
     steps:
@@ -41,8 +37,8 @@ jobs:
     - name: Build Docker image
       uses: docker/build-push-action@v5
       with:
-        cache-from: type=gha,scope=${{ matrix.dockerfile}}
-        cache-to: type=gha,scope=${{ matrix.dockerfile}},mode=max
+        cache-from: type=gha,scope=${{ matrix.dockerfile }}
+        cache-to: type=gha,scope=${{ matrix.dockerfile }},mode=min
 
         context: .
         file: ${{ matrix.dockerfile }}
@@ -64,6 +60,8 @@ jobs:
     - name: Test the Docker image
       run: docker run --rm "${{ matrix.image }}:edge" --version
 
+    # We need to authenticate with GHCR both to push the tagged image for the
+    # `main` branch
     - name: Authenticate with GitHub Container Registry
       if: github.event_name == 'push' && github.ref_name == 'main'
       uses: docker/login-action@v3

diff --git a/.github/workflows/release-artifacts.yml b/.github/workflows/release-artifacts.yml
@@ -65,9 +65,6 @@ jobs:
     - name: Build linux/amd64 Docker image
       uses: docker/build-push-action@v5
       with:
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-
         context: .
         file: ${{ matrix.dockerfile }}
         platforms: linux/amd64
@@ -88,13 +85,10 @@ jobs:
     - name: Test the Docker image
       run: docker run --rm noseyparker:test --version
 
-    # This shouldn't end up building linux/amd64 again; it should get it from the cache
+    # This shouldn't end up building linux/amd64 again; it should get it from the local Docker cache
     - name: Build multiplatform Docker image
       uses: docker/build-push-action@v5
       with:
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-
         context: .
         file: ${{ matrix.dockerfile }}
         platforms: linux/amd64,linux/arm64
@@ -149,9 +143,6 @@ jobs:
       with:
         toolchain: ${{ matrix.rust }}
 
-    - name: Cache
-      uses: Swatinem/rust-cache@v2
-
     - name: Build release
       run: |
         ./scripts/create-release.zsh

diff --git a/.github/workflows/rust-checks.yml b/.github/workflows/rust-checks.yml
@@ -1,11 +1,8 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
 # rust-clippy is a tool that runs a bunch of lints to catch common
 # mistakes in your Rust code and help improve your Rust code.
 # More details at https://github.com/rust-lang/rust-clippy
 # and https://rust-lang.github.io/rust-clippy/
+#
 # rust-fmt is a tool that checks if your Rust code is formatted
 # according to the style guidelines. More details at
 # https://github.com/rust-lang/rustfmt and
@@ -24,7 +21,7 @@ on:
 
 jobs:
   rust-clippy-analyze:
-    name: Clippy Analysis
+    name: clippy
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -66,7 +63,7 @@ jobs:
           wait-for-processing: true
 
   rust-fmt:
-    name: Rustfmt Check
+    name: rustfmt
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

diff --git a/Dockerfile b/Dockerfile
@@ -9,10 +9,10 @@
 #
 # See https://github.com/praetorian-inc/noseyparker/issues/58.
 ################################################################################
-FROM rust:1.76-bullseye AS chef 
-# We only pay the installation cost once, 
+FROM rust:1.76-bullseye AS chef
+# We only pay the installation cost once,
 # it will be cached from the second build onwards
-RUN cargo install cargo-chef 
+RUN cargo install cargo-chef
 
 WORKDIR "/noseyparker"
 
@@ -24,22 +24,20 @@ FROM chef AS planner
 
 COPY . .
 
-RUN cargo chef prepare  --recipe-path recipe.json
+RUN cargo chef prepare --recipe-path recipe.json
 
 ################################################################################
 # Build `noseyparker`
 ################################################################################
 FROM chef AS builder
 
 # Install dependencies
-#
-# Note: clang is needed for `bindgen`, used by `vectorscan-sys`.
-RUN apt-get update &&\
+RUN apt-get update && \
     apt-get install -y \
         cmake \
-        zsh \
         libboost-all-dev \
-        &&\
+        zsh \
+        && \
     apt-get clean
 
 COPY --from=planner /noseyparker/recipe.json recipe.json
@@ -58,8 +56,8 @@ RUN ./scripts/create-release.zsh && cp -r release /release
 FROM debian:11-slim as runner
 
 # Add `git` so that noseyparker's git and github integration works
-RUN apt-get update &&\
-    apt-get install -y git &&\
+RUN apt-get update && \
+    apt-get install -y git && \
     apt-get clean
 
 COPY --from=builder /release /usr/local/