linux-kernel-oci/.github/workflows/cache-refresh.yml at main · edera-dev/linux-kernel-oci · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Refresh ccache TTL
on:
  # We use ccache with github save/restore to dramatically cut kernel build times.
  # This works well, but GH has a 10GB limit for all cache entries,
  # and a 7-day TTL for *each* cache entry. Which means that if we don't build a kernel for a week,
  # we lose our cache benefit entirely, which stinks. The *correct* way to work around this is
  # to replace GH's cache action with one that saves/restores directly from a dedicated S3 bucket
  # we set up and manage.
  #
  # What *this* does is save/restore the cache every 4 days, well within the 7-day TTL,
  # to keep GH from expiring them. Which is disgusting, but cheap.
  schedule:
    - cron: "0 0 */4 * *"
  workflow_dispatch:
jobs:
  discover:
    name: discover cache keys
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.list.outputs.matrix }}
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
        with:
          egress-policy: audit
      - name: list ccache entries
        id: list
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          # List all ccache-* cache keys, strip the run_id suffix to deduplicate by flavor/arch.
          matrix=$(gh api "/repos/${{ github.repository }}/actions/caches" --paginate \
            --jq '[.actions_caches[]
                  | select(.key | startswith("ccache-"))
                  | {prefix: (.key | gsub("-[0-9]+$"; ""))}]
                  | unique_by(.prefix)
                  | {entry: .}')
          echo "matrix=$matrix" >> "$GITHUB_OUTPUT"
  refresh:
    name: "refresh ${{ matrix.entry.prefix }}"
    needs: discover
    if: needs.discover.outputs.matrix != '{"entry":[]}'
    strategy:
      fail-fast: false
      matrix: ${{ fromJSON(needs.discover.outputs.matrix) }}
    runs-on: ubuntu-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
        with:
          egress-policy: audit
      - name: restore ccache
        id: restore
        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.2
        with:
          path: ~/.cache/kernel-ccache
          key: "${{ matrix.entry.prefix }}-${{ github.run_id }}"
          restore-keys: |
            ${{ matrix.entry.prefix }}-
      - name: save ccache
        if: steps.restore.outputs.cache-matched-key != ''
        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.2
        with:
          path: ~/.cache/kernel-ccache
          key: "${{ matrix.entry.prefix }}-${{ github.run_id }}"