Skip to content

Commit bc2f17e

Browse files
authored
ci(release): restore action/cache release handoff (#5748)
## Summary Reverts the release workflow handoff from uploaded artifacts back to `actions/cache` now that the repository has more GitHub cache capacity. This restores the previous run-scoped cache keys for CLI build outputs across smoke, publish, Homebrew, Scoop, and preview-package jobs while keeping the newer pinned `actions/cache` version from the dependency bump. Reverts #5740
1 parent b83f2e0 commit bc2f17e

3 files changed

Lines changed: 78 additions & 54 deletions

File tree

.github/workflows/build-cli-artifacts.yml

Lines changed: 17 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,8 @@ on:
2121
required: false
2222
type: string
2323
default: blacksmith-32vcpu-ubuntu-2404
24-
artifact_name_suffix:
25-
description: Suffix to distinguish build artifact producers (e.g. -github)
24+
cache_key_suffix:
25+
description: Suffix to distinguish build artifact cache producers
2626
required: false
2727
type: string
2828
default: ""
@@ -123,26 +123,23 @@ jobs:
123123
echo "Checking dist/..."
124124
ls -la dist/
125125
126+
- name: Check existing build artifacts cache
127+
id: build-artifacts-cache
128+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
129+
with:
130+
path: |
131+
packages/cli-*/bin/
132+
dist/
133+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}${{ inputs.cache_key_suffix }}-v1
134+
enableCrossOsArchive: true
135+
lookup-only: true
126136

127-
# Hand the build off to the smoke/publish/brew/scoop jobs via a run-scoped
128-
# artifact rather than a cache. Caches share a 10 GB per-repo budget and
129-
# are evicted LRU, so a large build cache could vanish mid-run between the
130-
# producer and a later consumer (e.g. publish), failing the restore.
131-
# Artifacts have their own deterministic retention and survive job re-runs
132-
# within the run, which is exactly what this handoff needs.
133-
- name: Upload build artifacts
134-
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
137+
- name: Save build artifacts cache
138+
if: steps.build-artifacts-cache.outputs.cache-hit != 'true'
139+
uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
135140
with:
136-
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}${{ inputs.artifact_name_suffix }}
137141
path: |
138142
packages/cli-*/bin/
139143
dist/
140-
# Intra-run handoff, not a kept deliverable — expire it the next day.
141-
retention-days: 1
142-
# A full re-run of this job replaces its own artifact instead of
143-
# failing on the duplicate name from the previous attempt.
144-
overwrite: true
145-
# dist/* is already compressed (tar.gz/zip/deb/rpm/apk); a light level
146-
# trims the raw bin/ binaries without burning CPU re-packing the rest.
147-
compression-level: 1
148-
if-no-files-found: error
144+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}${{ inputs.cache_key_suffix }}-v1
145+
enableCrossOsArchive: true

.github/workflows/publish-preview-cli-packages.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,10 +57,15 @@ jobs:
5757
with:
5858
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}
5959

60-
- name: Download preview build artifacts
61-
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
60+
- name: Restore preview build artifacts cache
61+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
6262
with:
63-
name: cli-build-legacy-${{ env.PREVIEW_VERSION }}
63+
path: |
64+
packages/cli-*/bin/
65+
dist/
66+
key: cli-build-${{ github.run_id }}-legacy-${{ env.PREVIEW_VERSION }}-v1
67+
enableCrossOsArchive: true
68+
fail-on-cache-miss: true
6469

6570
- name: Prepare package files
6671
run: |

.github/workflows/release-shared.yml

Lines changed: 53 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ jobs:
7979
version: ${{ inputs.version }}
8080
shell: ${{ inputs.shell }}
8181
runner: large-linux-x86
82-
artifact_name_suffix: -github
82+
cache_key_suffix: -github
8383
timeout_minutes: 45
8484
build_timeout_minutes: 20
8585
secrets:
@@ -113,10 +113,15 @@ jobs:
113113
with:
114114
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}
115115

116-
- name: Download build artifacts
117-
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
116+
- name: Restore build artifacts cache
117+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
118118
with:
119-
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}
119+
path: |
120+
packages/cli-*/bin/
121+
dist/
122+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-v1
123+
enableCrossOsArchive: true
124+
fail-on-cache-miss: true
120125

121126
# Docker's classic image store keeps a single platform manifest per
122127
# tag, so pulling `alpine:3.21` for amd64 and again for arm64 leaves
@@ -244,10 +249,15 @@ jobs:
244249
with:
245250
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}
246251

247-
- name: Download build artifacts
248-
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
252+
- name: Restore build artifacts cache
253+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
249254
with:
250-
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
255+
path: |
256+
packages/cli-*/bin/
257+
dist/
258+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
259+
enableCrossOsArchive: true
260+
fail-on-cache-miss: true
251261

252262
- name: Fix binary permissions
253263
run: chmod +x packages/cli-*/bin/supabase || true
@@ -301,17 +311,15 @@ jobs:
301311
with:
302312
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}
303313

304-
- name: Download build artifacts
305-
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
314+
- name: Restore build artifacts cache
315+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
306316
with:
307-
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
308-
309-
# Artifacts are zipped and do not carry Unix permissions, so the compiled
310-
# binaries arrive without the executable bit. publish.ts ships
311-
# packages/cli-*/bin/supabase to npm verbatim, so restore +x before
312-
# publishing or the installed CLI would not be runnable.
313-
- name: Fix binary permissions
314-
run: chmod +x packages/cli-*/bin/supabase || true
317+
path: |
318+
packages/cli-*/bin/
319+
dist/
320+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
321+
enableCrossOsArchive: true
322+
fail-on-cache-miss: true
315323

316324
- name: Sync versions
317325
run: pnpm exec bun apps/cli/scripts/sync-versions.ts --version "${VERSION}"
@@ -471,6 +479,8 @@ jobs:
471479
publish-homebrew:
472480
needs: publish
473481
if: ${{ !inputs.dry_run && inputs.publish_brew_scoop }}
482+
# github-hosted to share a cache store with build-github/publish, whose
483+
# -github-v1 artifacts this job's checksums must match.
474484
runs-on: ubuntu-latest
475485
timeout-minutes: 30
476486
env:
@@ -487,16 +497,21 @@ jobs:
487497
with:
488498
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}
489499

490-
# Must download the github-hosted build (-github), the same artifacts the
491-
# publish job uploads to the GitHub Release. The Bun-compiled binaries are
492-
# not byte-for-byte reproducible across the blacksmith and github builds,
493-
# so the blacksmith dist/checksums.txt does not match the released
500+
# Must restore the github-hosted build (-github-v1), the same artifacts
501+
# the publish job uploads to the GitHub Release. The Bun-compiled binaries
502+
# are not byte-for-byte reproducible across the blacksmith and github
503+
# builds, so the blacksmith dist/checksums.txt does not match the released
494504
# tarballs. Reading it here produced a formula whose sha256 rejected the
495505
# downloaded archive ("Formula reports different checksum").
496-
- name: Download build artifacts
497-
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
506+
- name: Restore build artifacts cache
507+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
498508
with:
499-
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
509+
path: |
510+
packages/cli-*/bin/
511+
dist/
512+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
513+
enableCrossOsArchive: true
514+
fail-on-cache-miss: true
500515

501516
- name: Generate Homebrew tap token
502517
id: app-token
@@ -527,6 +542,8 @@ jobs:
527542
publish-scoop:
528543
needs: publish
529544
if: ${{ !inputs.dry_run && inputs.publish_brew_scoop }}
545+
# github-hosted to share a cache store with build-github/publish, whose
546+
# -github-v1 artifacts this job's checksums must match.
530547
runs-on: ubuntu-latest
531548
timeout-minutes: 30
532549
env:
@@ -543,16 +560,21 @@ jobs:
543560
with:
544561
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}
545562

546-
# Must download the github-hosted build (-github), the same artifacts the
547-
# publish job uploads to the GitHub Release. The Bun-compiled binaries are
548-
# not byte-for-byte reproducible across the blacksmith and github builds,
549-
# so the blacksmith dist/checksums.txt does not match the released
563+
# Must restore the github-hosted build (-github-v1), the same artifacts
564+
# the publish job uploads to the GitHub Release. The Bun-compiled binaries
565+
# are not byte-for-byte reproducible across the blacksmith and github
566+
# builds, so the blacksmith dist/checksums.txt does not match the released
550567
# tarballs. Reading it here would produce a manifest whose hash rejects the
551568
# downloaded archive.
552-
- name: Download build artifacts
553-
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
569+
- name: Restore build artifacts cache
570+
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
554571
with:
555-
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
572+
path: |
573+
packages/cli-*/bin/
574+
dist/
575+
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
576+
enableCrossOsArchive: true
577+
fail-on-cache-miss: true
556578

557579
- name: Generate Scoop bucket token
558580
id: app-token

0 commit comments

Comments
 (0)