chore(ci): use commit SHA for go-build cache key#19173
Conversation
The weekly rotation (`date +%Yw%U`) made caches drop to 50% relevant within a week as dependencies changed. Using `github.sha` ensures each master push creates a fresh cache entry, improving cache hit quality for PR builds that restore from the latest master cache. Partially generated by AI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Skipping CI for Draft Pull Request. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The expression
echo "TAG=${{ github.sha }}"inside therunscript won’t be interpolated by GitHub Actions; instead, passgithub.shaviaenv(orwith) and reference it as"TAG=$GITHUB_SHA"in the shell to ensure the cache key is set correctly.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The expression `echo "TAG=${{ github.sha }}"` inside the `run` script won’t be interpolated by GitHub Actions; instead, pass `github.sha` via `env` (or `with`) and reference it as `"TAG=$GITHUB_SHA"` in the shell to ensure the cache key is set correctly.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
|
Images are ready for the commit at 688a3d5. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19173 +/- ##
=======================================
Coverage 49.62% 49.62%
=======================================
Files 2680 2680
Lines 202195 202195
=======================================
Hits 100333 100333
Misses 94386 94386
Partials 7476 7476
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Strange that this is suggested. It is not true as confirmed in the logs: https://github.com/stackrox/stackrox/actions/runs/22383687632/job/64789749598?pr=19173#step:5:23 |
porridge
left a comment
porridge
left a comment
There was a problem hiding this comment.
I'm not sure this will work as intended. 🤔
First I took a look at the documentation for the restore action and it seems restore-keys needs to be a list but we are passing a string. Does this mean it is as if we never passed restore keys at all? 🤔 OTOH, in another place docs claim this needs to be a multiline string...
Now, using the SHA alone means a build of any other commit will be guaranteed to encounter an initial cache miss. So it is crucial to ensure that the restore keys provide a good fallback. But it's not clear to me how this will work... if there's no go-build-v1-whatever-amd64-deadbeefdeadbeef, then which of the hundreds of other go-build-v1-whatever-amd64- keys is going to be picked? 🤷🏻
Good call. It looks like this issue with the documentation was raised before and partly fixed: actions/cache#1434 (comment) |
TLDR: prefix match of keys sorted by GHA picks up the latest used prefix match of a key (service-side. I didn't find docs about a deterministic ordering (https://docs.github.com/en/actions/reference/workflows-and-actions/dependency-caching#cache-hits-and-misses), but in usage it sorts by last accessed(saved or restored)). And the cache keys are namespaced: Runs on PRs to master can only load caches saved for that PR or from master. The github cli shows the best sorting doc/explanation I could find. I assume the service for the cli behaves the same as the one used in the action: |
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 participants
The weekly rotation (
date +%Yw%U) made caches drop in usefulness within a week as code and dependencies changed. Usinggithub.shaensures each master push creates a fresh cache entry, improving cache hit quality for PR builds that restore from the latest master cache.Example runs:
~6 day old cache (23 commits in master; 11538 go source lines changed; 127 changed lines in go.mod files):
https://github.com/stackrox/stackrox/actions/runs/22299402991/job/64503285263#step:5:95
2026-02-23T09:05:54Z.
21m 3s job time
Cache hit for restore-key: go-build-v1-pre-build-cli-amd64-2026w07(cache entry saved Feb 17 19:42 UTC)
Same-day cache (1 commit in master; 34 go source lines changed; 0 changed lines in go.mod files):
https://github.com/stackrox/stackrox/actions/runs/22304627732/job/64520656630#step:5:96
2026-02-23T11:42:34Z.
5m 12s job time
Cache hit for: go-build-v1-pre-build-cli-amd64-2026w08(cache entry saved Feb 23 09:25 UTC)
1 day old (14 commits in master; 564 go source lines changed; 0 changed lines in go.mod files):
https://github.com/stackrox/stackrox/actions/runs/22384241635/job/64791416091?pr=19174#step:5:93
2026-02-25T05:53:38Z.
5m 44s job time
Cache hit for: go-build-v1-pre-build-cli-amd64-2026w08(cache entry saved Feb 23 09:25 UTC)
Partially generated by AI.