fix(ci): re-enable additional jobs gha cache saves#19116
Conversation
…files PR #19069 removed all save: false, but check-generated-files modifies the working tree (regenerates protos, removes mocks) which breaks hashFiles('**/go.sum') in the GOMODCACHE post-step, causing cache save failures. Reverted in #19108. Re-enable saves for all other jobs (unit-tests, style-check, scanner-db-integration-tests) while keeping save: false only for check-generated-files where the hashFiles failure occurs. Partially generated by AI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
davdhacs
added
the
ci-save-cache
|
Skipping CI for Draft Pull Request. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
|
Images are ready for the commit at e163405. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19116 +/- ##
=======================================
Coverage 49.64% 49.64%
=======================================
Files 2698 2698
Lines 203075 203075
=======================================
+ Hits 100817 100824 +7
+ Misses 94737 94730 -7
Partials 7521 7521
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
davdhacs
removed
the
ci-save-cache
|
Also |
… jobs
`kubebuilder edit --plugins=helm/v2-alpha` (run by `make -C operator/ chart`
during check-generated-files) scaffolds `operator/.github/` with mode 0700.
The `actions/cache@v5` post step re-evaluates `hashFiles('**/go.sum')` on
the host as the runner user, who cannot traverse this root-owned 0700
directory, causing EACCES.
Compute the hash once upfront in a step output and reference that in cache
keys so the post step uses the resolved string instead of re-traversing the
filesystem. This also removes the `save: false` workaround from
check-generated-files, re-enabling GOMODCACHE saves for that job.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Good call. I'll remove them. |
TEMPORARY: remove the default-branch-only gate on cache saves so the actions/cache@v5 post step actually runs on this PR. This verifies the pre-computed hashFiles fix works when caches are saved (not just restored). Revert this commit before merging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This reverts commit 44056d4.
…ication Use go-mod-v1-pr19116- and go-build-v1-pr19116- prefixes so we can confirm caches are freshly saved (seeding run) and then restored (follow-up run). Also force save on all events. Revert before merging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The plan sounds good, but I'm busy with a release blocker at the moment. |
kubebuilder v4.13 has the perms fix
🥳 The fix in kubebuilder went through already and is on v4.13.0: kubernetes-sigs/kubebuilder@bb95ce2 |
Temporarily remove the master-only save restriction so all jobs save their caches on this PR run. This validates that saves work correctly for all jobs (especially check-generated-files with save: false). TO REVERT after confirming cache save+restore works. Partially generated by AI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
fails. I didn't look into if we have kubebuilder pinned (I think it was just "v4"), but it looks like we didn't get the updated version yet. |
😅 #19264 |
|
I'll wait on this for the kubebuilder upgrade to be dependabot-pr'd and merged. Then this will turn green and we'll be saving new cache entries again :) |
davdhacs
changed the title
|
🥳 kubebuilder updated to 4.13.0 in #19268 |
|
/retest |
|
/retest |
|
/retest-required |
Revert the force-save test. CI run on 699f101 confirmed all 67 jobs passed with cache saves enabled, including check-generated-files (kubebuilder fix resolved the go.sum modification issue). Retains the github.sha TAG for per-commit build cache keys. Partially generated by AI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Removed test-setup (always save) because the check-generated run saved correctly now with the updated kubebuilder (kubebuilder does not now set the file permissions that had blocked the hashFiles previously). |
|
@davdhacs: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
4 participants
Description
PR #19069 removed all GHA cache
save: falsesettings, but check-generated-files modifies the working tree which breakshashFiles('**/go.sum')in the GOMODCACHE post-step, causing cache save failures. Reverted in #19108 (chat discussion in https://redhat-internal.slack.com/archives/CELUQKESC/p1771501400340929).Save hash of go.sum files at the start and re-use it for saving. This avoid re-reading the workspace filesystem after the job completes and there may be part of the filesystem that are not readable because of permissions.Keep disabled: the check-generated-files save of the GOMODCACHE and GOCACHE. check-generated-files still prevents access to the go.sum files because of file system permissions changes by the job under operator/ (to be fixed in follow-up PRs)Partially generated by AI.
Testing and quality
How I validated my change
https://github.com/stackrox/stackrox/actions/runs/22172586856/job/64730778461
https://github.com/stackrox/stackrox/actions/runs/22374447570/job/64761298810?pr=19116
https://github.com/stackrox/stackrox/actions/runs/22375205467/job/64763723220?pr=19116
https://github.com/stackrox/stackrox/actions/runs/22379932019/job/64778159539?pr=19116