Improve build time in CI through caching native modules (element-hq#482)

t3chguy · web-flow · commit 2f48519dced1 · 2022-12-13T14:12:40.000Z
* Improve caching of hak native modules

* Avoid double-hashing

* Skip native installs where cache is hit

* Include Electron version in the hash, it affects the ABI

* Add missing step IDs

* Add comments
diff --git a/.github/workflows/build_linux.yaml b/.github/workflows/build_linux.yaml
@@ -1,3 +1,6 @@
+# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
+# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
+# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
   workflow_call:
     inputs:
@@ -16,19 +19,21 @@ jobs:
           name: webapp
 
       - name: Cache .hak
+        id: cache
         uses: actions/cache@v3
         with:
-          key: ${{ hashFiles('./yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
           path: |
             ./.hak
 
       - name: Install Rust
+        if: steps.cache.outputs.cache-hit != 'true'
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
 
       - name: Install libsqlcipher-dev
-        if: inputs.sqlcipher == 'system'
+        if: steps.cache.outputs.cache-hit != 'true' && inputs.sqlcipher == 'system'
         run: sudo apt-get install -y libsqlcipher-dev
 
       - uses: actions/setup-node@v3
@@ -40,6 +45,7 @@ jobs:
         run: "yarn install --pure-lockfile"
 
       - name: Build Natives
+        if: steps.cache.outputs.cache-hit != 'true'
         run: "yarn build:native"
         env:
           SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}
diff --git a/.github/workflows/build_macos.yaml b/.github/workflows/build_macos.yaml
@@ -1,3 +1,6 @@
+# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
+# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
+# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
   workflow_call:
 jobs:
@@ -11,13 +14,15 @@ jobs:
           name: webapp
 
       - name: Cache .hak
+        id: cache
         uses: actions/cache@v3
         with:
-          key: ${{ hashFiles('./yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
           path: |
             ./.hak
 
       - name: Install Rust
+        if: steps.cache.outputs.cache-hit != 'true'
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
@@ -32,6 +37,7 @@ jobs:
         run: "yarn install --pure-lockfile"
 
       - name: Build Natives
+        if: steps.cache.outputs.cache-hit != 'true'
         run: "yarn build:native:universal"
 
       - name: Build App
diff --git a/.github/workflows/build_prepare.yaml b/.github/workflows/build_prepare.yaml
@@ -26,10 +26,18 @@ jobs:
       - name: Fetch Element Web
         run: yarn run fetch --noverify -d ${{ inputs.config }} ${{ inputs.version }}
 
+      # We split this out to save the build_* scripts having to do it to make use of `hashFiles` in the cache action
+      - name: Generate cache hash files
+        run: |
+          yarn run --silent electron --version > electronVersion
+          cat package.json | jq -c .hakDependencies > hakDependencies.json
+
       - uses: actions/upload-artifact@v3
         with:
           name: webapp
           retention-days: 1
           path: |
             webapp.asar
             package.json
+            electronVersion
+            hakDependencies.json
diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml
@@ -1,3 +1,6 @@
+# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
+# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
+# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
   workflow_call:
     inputs:
@@ -32,9 +35,10 @@ jobs:
           name: webapp
 
       - name: Cache .hak
+        id: cache
         uses: actions/cache@v3
         with:
-          key: ${{ runner.os }}-${{ hashFiles('./yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
           path: |
             ./.hak
 
@@ -58,6 +62,7 @@ jobs:
           echo "C:/Program Files/NASM" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
       - name: Install Rust
+        if: steps.cache.outputs.cache-hit != 'true'
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
@@ -72,6 +77,7 @@ jobs:
         run: "yarn install --pure-lockfile"
 
       - name: Build Natives
+        if: steps.cache.outputs.cache-hit != 'true'
         run: |
           refreshenv
           yarn build:native --target ${{ steps.config.outputs.target }}
