fix(ci): GHA cache keys unique vs shared#19580
Merged
Conversation
|
Skipping CI for Draft Pull Request. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey - I've found 1 issue, and left some high level feedback:
- Using
matrix.name == 'race-condition-debug' && 'race' || ''relies on GitHub’s truthy/falsey behavior and is a bit opaque; consider moving the condition into the matrix definition (e.g., arace: trueflag) or a small reusable expression to make the cache key logic more readable and less brittle to matrix-name changes. - For the
pre-build-go-binariesjob, double-check that passing an empty string askey-suffixis treated the same by.github/actions/cache-go-dependenciesas omitting the input entirely (as done inbuild-and-push-operator), or adjust the action so unset vs empty suffix behaves consistently.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Using `matrix.name == 'race-condition-debug' && 'race' || ''` relies on GitHub’s truthy/falsey behavior and is a bit opaque; consider moving the condition into the matrix definition (e.g., a `race: true` flag) or a small reusable expression to make the cache key logic more readable and less brittle to matrix-name changes.
- For the `pre-build-go-binaries` job, double-check that passing an empty string as `key-suffix` is treated the same by `.github/actions/cache-go-dependencies` as omitting the input entirely (as done in `build-and-push-operator`), or adjust the action so unset vs empty suffix behaves consistently.
## Individual Comments
### Comment 1
<location path=".github/workflows/build.yaml" line_range="213" />
<code_context>
uses: ./.github/actions/cache-go-dependencies
with:
- key-suffix: ${{ matrix.name }}
+ key-suffix: ${{ matrix.name == 'race-condition-debug' && 'race' || '' }}
- uses: ./.github/actions/handle-tagged-build
</code_context>
<issue_to_address>
**suggestion:** Consider making this conditional expression more explicit to avoid ambiguity in evaluation and future edits.
GitHub Actions’ `&&`/`||` precedence and truthiness can be hard to parse. Adding parentheses like `${{ (matrix.name == 'race-condition-debug' && 'race') || '' }}` makes the grouping clearer. If the action distinguishes `null` from `''`, you could instead use `${{ matrix.name == 'race-condition-debug' && 'race' || null }}` to signal that the suffix is intentionally omitted.
```suggestion
key-suffix: ${{ (matrix.name == 'race-condition-debug' && 'race') || '' }}
```
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Contributor
|
Images are ready for the commit at f5bcf9d. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19580 +/- ##
==========================================
- Coverage 49.67% 49.65% -0.02%
==========================================
Files 2747 2747
Lines 207296 207296
==========================================
- Hits 102964 102937 -27
- Misses 96683 96703 +20
- Partials 7649 7656 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
Author
|
@sourcery-ai review |
Contributor
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The GitHub Actions expression
${{ (matrix.name == 'race-condition-debug' && 'race') || '' }}is a bit terse; consider using a more explicit pattern (e.g., theiffunction or a short comment) so future readers immediately understand that only the race build gets a distinct cache key. - In
scanner-build.yaml, you setGOARCHonly on the cache step; if any later Go steps rely ongo env GOARCH, it may be safer to setGOARCHat the job level (or at least consistently on all Go-related steps) to avoid subtle cross-arch issues.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The GitHub Actions expression `${{ (matrix.name == 'race-condition-debug' && 'race') || '' }}` is a bit terse; consider using a more explicit pattern (e.g., the `if` function or a short comment) so future readers immediately understand that only the race build gets a distinct cache key.
- In `scanner-build.yaml`, you set `GOARCH` only on the cache step; if any later Go steps rely on `go env GOARCH`, it may be safer to set `GOARCH` at the job level (or at least consistently on all Go-related steps) to avoid subtle cross-arch issues.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
davdhacs
changed the title
Contributor
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The conditional expression for
key-suffixinbuild.yaml(${{ (matrix.name == 'race-condition-debug' && 'race') || '' }}) is a bit opaque and tightly coupled to the matrix name; consider either using a more explicit mapping or a dedicated matrix field (e.g.cacheKeySuffix) to make future variant changes less error-prone. - In
unit-tests.yaml, usingmatrix.gotagsdirectly as thekey-suffixassumes only''andrelease; if more complex tag sets are introduced later it may be safer to normalize or hash them to avoid unexpected characters in cache keys or collisions between equivalent tag permutations.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The conditional expression for `key-suffix` in `build.yaml` (`${{ (matrix.name == 'race-condition-debug' && 'race') || '' }}`) is a bit opaque and tightly coupled to the matrix name; consider either using a more explicit mapping or a dedicated matrix field (e.g. `cacheKeySuffix`) to make future variant changes less error-prone.
- In `unit-tests.yaml`, using `matrix.gotags` directly as the `key-suffix` assumes only `''` and `release`; if more complex tag sets are introduced later it may be safer to normalize or hash them to avoid unexpected characters in cache keys or collisions between equivalent tag permutations.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
5 tasks
… entries pre-build-go-binaries: default and prerelease (GOTAGS=release) share 93% of cache entries (only 6 packages use release build tags). Separating them doubles cache storage and causes the trim to delete shared entries. Keep key-suffix only for race-condition-debug which uses -race/CGO_ENABLED=1 and has 39% unique entries. build-and-push-operator: branding (RHACS vs STACKROX) is a runtime env var, not a build tag. Compiled output is identical. Remove key-suffix entirely. Verified locally: default: 8911 entries (baseline) prerelease: +691 new (7% unique, 93% shared) race: +6300 new (39% unique, 61% shared) branding: +0 new (0% unique, 100% shared) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
unit-tests.yaml: go and go-postgres have GOTAGS matrix (""/ release)
sharing one cache key. With the GOCACHE trim, each variant deletes
the other's entries on every run, causing 3GB of churn. Add key-suffix
to give each variant its own cache.
scanner-build.yaml: pre-build-scanner-go-binary cross-compiles for
multiple architectures but doesn't set GOARCH on the cache step,
so all arches share one amd64-labeled cache key. Add env GOARCH.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Address sourcery-ai review: make GHA expression grouping explicit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The operator branding key-suffix is unnecessary for GOCACHE (0% unique entries), but PR #19417 will unify operator builds entirely. Removing the key-suffix here would create a merge conflict with that PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Address sourcery-ai feedback: clarify why only race-condition-debug gets a separate cache key (39% unique entries from -race/CGO_ENABLED=1) while default and prerelease share (93% overlap). GOARCH is intentionally set only on the cache step, not job-level, to avoid changing the default arch for other steps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
davdhacs
force-pushed
the
davdhacs/fix-cache-key-separation
branch
from
1b8d82d to
952e5be
Compare
This was referenced Mar 28, 2026
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Central YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThree GitHub Actions workflows were updated to refine Go dependency cache key partitioning: Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
davdhacs
force-pushed
the
davdhacs/fix-cache-key-separation
branch
from
b89b929 to
f5bcf9d
Compare
janisz
approved these changes
Mar 31, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix key issues for GHA cache of GOCACHE:
unit-tests.yaml: add key-suffix for GOTAGS matrix
goandgo-postgreshave GOTAGS matrix (""/release) sharing one cache key. Each variant's trim deletes ~3GB of the other's entries every run. Fix: addkey-suffix: ${{ matrix.gotags }}.scanner-build.yaml: set GOARCH on cache step
pre-build-scanner-go-binarycross-compiles for 4 architectures but doesn't set GOARCH on the cache step.go env GOARCHreturns the runner's nativeamd64, so all arches share one cache key with incompatible entries. Fix: addenv: GOARCH: ${{ matrix.goarch }}.build.yaml: only separate race-condition-debug
pre-build-go-binaries: default and prerelease share 93% of GOCACHE entries (only 6 packages use release build tags). Only separaterace-condition-debug(-race/CGO_ENABLED=1, 39% unique).Verification
Local GOCACHE entry overlap measurements:
All CI passed (Build, Unit Tests, Style, Scanner).
Partially generated by AI.