Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Objective
Currently, the CI cache is only renewed when the
Cargo.toml
files are updated. However, when a patch dependency is released which is compatible with theCargo.toml
, the CI cache will be outdated and the dependencies will need to be recompiled every time.Additionally, our CI workflow definitions are quite verbose, because the cache paths need to be defined every time.
Solution
Use the Leafwing-Studios/cargo-cache action.
It generates the
Cargo.lock
file before determining the cache key, such that the exact dependencies can be used to keep the cache up-to-date and avoid recompiles. The cache falls back to similar previous caches to avoid completely starting from scratch.This also reduces a lot of boilerplate in the CI definitions.
Additional Context
key
is not already available. This is why theCargo.lock
file should be part of the cache key, because it determines exactly which dependencies are used.Cargo.lock
file is not committed to the repository, because this is not recommended for libraries. This is why the Rust toolchain action must be used before thecargo-cache
action, because it uses thecargo update
command to generate theCargo.lock
file.Security Considerations
Adding a new third-party action increases the attack vector and should be considered carefully.
I recommend to audit the action first, it should be easy enough to understand (it's very similar to the current system we use) and I tried to add as many comments as possible.
I also published the action under the Leafwing org to get additional eyes on every PR (e.g. Alice).
If you'd prefer, we can also target an explicit commit of the action instead of a tag, to ensure that updates can be audited properly.