Skip to content

fix(ci): disable toolchain cache in release-binaries#462

Merged
rhuanbarreto merged 1 commit into
mainfrom
claude/glimmering-inventing-bubble
Jul 7, 2026
Merged

fix(ci): disable toolchain cache in release-binaries#462
rhuanbarreto merged 1 commit into
mainfrom
claude/glimmering-inventing-bubble

Conversation

@rhuanbarreto

Copy link
Copy Markdown
Contributor

Summary

  • Disables moonrepo/setup-toolchain caching on release-binaries.yml to eliminate intermittent bun: command not found failures on macOS and Windows — the cache flakily restores broken shims, and proto skips re-downloading when it sees the tool as already installed
  • Adds cache-version: ${{ env.ImageOS }} on workflows that still use caching, as a defensive measure against runner image upgrades staling the cache

Test plan

  • bun run validate passes locally (1438 tests, 43/43 ADR rules)
  • Rerunned v0.48.0 release-binaries succeeds on macOS + Windows (verifies the flaky cache was the cause)
  • Next release builds all 3 binaries without retries

https://claude.ai/code/session_01RumFmYvyyM3Vsfpfm5pSP9

… shim failures

moonrepo/setup-toolchain's cache intermittently restores broken shims on
macOS and Windows — proto reports tools as installed but they're not on
PATH. Disabling the cache for release-binaries (runs once per release, so
the ~15s install penalty is negligible) eliminates the flakiness entirely.

Also adds cache-version keyed to $ImageOS on cached workflows as a
defensive measure against runner image upgrades invalidating the cache.

Claude-Session: https://claude.ai/code/session_01RumFmYvyyM3Vsfpfm5pSP9
Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
@cursor

cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_4d32050f-ba30-4546-9882-37f71b0a89ad)

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d5904432-dd32-4e95-b1b4-b4237fd52e86

📥 Commits

Reviewing files that changed from the base of the PR and between 9deb906 and eb166bf.

📒 Files selected for processing (6)
  • .claude/agent-memory/archgate-developer/project_release_pipeline_gotchas.md
  • .github/actions/setup-bun-project/action.yml
  • .github/workflows/release-binaries.yml
  • .github/workflows/release.yml
  • .github/workflows/update-llms.yaml
  • .github/workflows/update-lock.yaml
📜 Recent review details
⏰ Context from checks skipped due to timeout. (2)
  • GitHub Check: Smoke Test (Windows) / Windows
  • GitHub Check: Cloudflare Pages
⚠️ CI failures not shown inline (4)

GitHub Actions: DCO / 0_DCO Sign-off Check.txt: fix(ci): disable toolchain cache in release-binaries

Conclusion: failure

View job details

##[group]Run base="9deb9061d36e7f8263afcf7d1594505719c361d2"
 �[36;1mbase="9deb9061d36e7f8263afcf7d1594505719c361d2"�[0m
 �[36;1mhead="eb166bf1d925cb14c70294753124d5def3339a5c"�[0m
 �[36;1mfailed=0�[0m
 �[36;1m�[0m
 �[36;1mfor sha in $(git rev-list --no-merges "$base".."$head"); do�[0m
 �[36;1m  if ! git log -1 --format='%B' "$sha" | grep -qiE '^Signed-off-by: .+ <.+>'; then�[0m
 �[36;1m    echo "::error::Commit $sha is missing a DCO Signed-off-by line."�[0m

GitHub Actions: DCO / DCO Sign-off Check: fix(ci): disable toolchain cache in release-binaries

Conclusion: failure

View job details

##[group]Run base="9deb9061d36e7f8263afcf7d1594505719c361d2"
 �[36;1mbase="9deb9061d36e7f8263afcf7d1594505719c361d2"�[0m
 �[36;1mhead="eb166bf1d925cb14c70294753124d5def3339a5c"�[0m
 �[36;1mfailed=0�[0m
 �[36;1m�[0m
 �[36;1mfor sha in $(git rev-list --no-merges "$base".."$head"); do�[0m
 �[36;1m  if ! git log -1 --format='%B' "$sha" | grep -qiE '^Signed-off-by: .+ <.+>'; then�[0m
 �[36;1m    echo "::error::Commit $sha is missing a DCO Signed-off-by line."�[0m

GitHub Actions: Code Quality: PR #462 / 0_Analyze (go).txt: Code Quality: PR #462

Conclusion: failure

View job details

xtracting types for package crypto/aes.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/aes.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/des.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/des.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/des.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/internal/fips140/nistec/fiat.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/internal/fips140/nistec/fiat.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/internal/fips140/nistec/fiat.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/internal/fips140/nistec.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/internal/fips140/nistec.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/internal/fips140/nistec.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/internal/fips140/ecdh.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/internal/fips140/ecdh.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/internal/fips140/ecdh.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/internal/fips140/edwards25519/field.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/internal/fips140/edwards25519/field.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/internal/fips140/edwards25519/field.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/ecdh.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/ecdh.
 [] [build-stderr] 2026/07/07 13:59:43 Done extracting types for package crypto/ecdh.
 [] [build-stderr] 2026/07/07 13:59:43 Processing package crypto/elliptic.
 [] [build-stderr] 2026/07/07 13:59:43 Extracting types for package crypto/elliptic.
 [] [build-std...

GitHub Actions: Code Quality: PR #462 / Analyze (go): Code Quality: PR #462

Conclusion: failure

View job details

,"bundleSupportsIncludeLogs":true,"bundleSupportsOverlay":true,"databaseInterpretResultsSupportsSarifRunProperty":true,"featuresInVersionResult":true,"indirectTracingSupportsStaticBinaries":false,"informsAboutUnsupportedPathFilters":true,"supportsPython312":true,"mrvaPackCreate":true,"threatModelOption":true,"traceCommandUseBuildMode":true,"v2ramSizing":true,"mrvaPackCreateMultipleQueries":true,"setsCodeqlRunnerEnvVar":true,"sarifMergeRunsFromEqualCategory":true,"forceOverwrite":true,"generateSummarySymbolMap":true,"pythonDefaultIsToNotExtractStdlib":true,"queryServerRunQueries":true,"queryServerTrimCacheWithMode":true,"builtinExtractorsSpecifyDefaultQueries":true,"bqrsDiffResultSets":true,"bundleSupportsIncludeOption":true,"suppressesMissingFileBaselineWarning":true}}}
   CODEQL_ACTION_GO_BINARY: /home/runner/work/_temp/codeql-action-go-tracing/bin/go
   CODEQL_RAM: 14578
   CODEQL_THREADS: 4
   CODEQL_PROXY_HOST:
   CODEQL_PROXY_PORT:
   CODEQL_PROXY_CA_CERTIFICATE:
   CODEQL_PROXY_URLS:
 ##[endgroup]
 ##[group]Attempting to automatically build go code
 [command]/opt/hostedtoolcache/CodeQL/2.25.6/x64/codeql/codeql database trace-command --use-build-mode --working-dir /home/runner/work/cli/cli /home/runner/work/_temp/codeql_databases/go
 Picked up JAVA_TOOL_OPTIONS:  -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false
 Running command in /home/runner/work/cli/cli: [/opt/hostedtoolcache/CodeQL/2.25.6/x64/codeql/go/tools/autobuild.sh]
 [] [build-stderr] 2026/07/07 13:59:34 Autobuilder was built with go1.26.0, environment has go1.24.13
 [] [build-stderr] 2026/07/07 13:59:34 LGTM_SRC is /home/runner/work/cli/cli
 [] [build-stderr] 2026/07/07 13:59:34 Found no go.work files in the workspace; looking for go.mod files...
 [] [build-stderr] 2026/07/07 13:59:34 Found 1 go.mod files in: shims/go/go.mod.
 [] [build-stderr] 2026/07/07 13:59:34 Found 1 go.mod file(s).
 [] [build-stderr] 2026/07/07 13:59:34 Import path is 'github.com/archgate/cli'
 [] [build-stderr] 2026/07/...
🧰 Additional context used
📓 Path-based instructions (2)
.github/workflows/*

📄 CodeRabbit inference engine (.archgate/adrs/GEN-003-tool-invocation-via-scripts.md)

.github/workflows/*: Do not use direct lint/format binary invocations such as bunx prettier, bunx oxfmt, npx eslint, oxlint ., or similar in GitHub Actions workflows; call the repository scripts instead.
In GitHub Actions workflows, do not run bare bun test; use bun run test so the script-level flags from package.json are applied.

Files:

  • .github/workflows/update-llms.yaml
  • .github/workflows/update-lock.yaml
  • .github/workflows/release.yml
  • .github/workflows/release-binaries.yml
.github/workflows/*.yml

📄 CodeRabbit inference engine (.archgate/adrs/CI-001-pin-github-actions-by-hash.md)

.github/workflows/*.yml: In GitHub Actions workflow files under .github/workflows/*.yml, every third-party uses: reference must be pinned to a full 40-character commit SHA and include a human-readable version comment on the same line (for example, uses: owner/action@<40-char-sha> # v4).
In GitHub Actions workflow files under .github/workflows/*.yml, do not reference third-party actions or reusable workflows by tag, branch, or abbreviated SHA; only a full 40-character commit SHA is allowed for third-party uses: entries.
In GitHub Actions workflow files under .github/workflows/*.yml, local workflow references (uses: ./.github/workflows/...) and local composite action references (uses: ./.github/actions/...) are exempt from SHA pinning because they stay within the same repository trust boundary.
In GitHub Actions workflow files under .github/workflows/*.yml, the slsa-framework/slsa-github-generator/.github/workflows/* reusable workflow is exempt from SHA pinning and must be referenced by tag (for example, @v2.1.0).

Files:

  • .github/workflows/release.yml
  • .github/workflows/release-binaries.yml
🧠 Learnings (1)
📚 Learning: 2026-06-11T12:50:28.661Z
Learnt from: rhuanbarreto
Repo: archgate/cli PR: 406
File: .claude/agent-memory/archgate-developer/feedback_prefer_tests_over_adr_rules.md:8-18
Timestamp: 2026-06-11T12:50:28.661Z
Learning: In `archgate/cli`, for markdown files under `.claude/agent-memory/`, follow the established convention: use YAML frontmatter (with a `name:` field used as the document title) and do not require a top-level `#` (H1) heading. During code review, do not flag missing first-line/first-top-level H1 headings (e.g., MD041) for these agent-memory files since markdownlint is not part of the repo’s `bun run validate` lint pipeline (oxlint/oxfmt only).

Applied to files:

  • .claude/agent-memory/archgate-developer/project_release_pipeline_gotchas.md
🪛 LanguageTool
.claude/agent-memory/archgate-developer/project_release_pipeline_gotchas.md

[uncategorized] ~11-~11: The official name of this software platform is spelled with a capital “H”.
Context: ...te-llms.yaml, and the composite action .github/actions/setup-bun-project/action.yml` (...

(GITHUB)

🔇 Additional comments (6)
.github/workflows/release.yml (1)

43-48: Same env.ImageOS concern applies to all three setup-toolchain calls here.

Also applies to: 91-96, 145-150

.github/workflows/update-llms.yaml (1)

37-42: Same env.ImageOS concern applies here.

.github/workflows/update-lock.yaml (1)

36-41: Same env.ImageOS concern applies here.

.github/actions/setup-bun-project/action.yml (1)

16-21: 🎯 Functional Correctness

Confirm env.ImageOS is available in this composite action.

If it resolves empty here, the cache-version change is a no-op and the stale-shim fix won’t invalidate caches for downstream workflows.

.github/workflows/release-binaries.yml (1)

49-52: LGTM!

.claude/agent-memory/archgate-developer/project_release_pipeline_gotchas.md (1)

11-11: LGTM!


📝 Walkthrough

Walkthrough

This pull request adds a cache-version setting sourced from env.ImageOS to moonrepo/setup-toolchain steps across the composite setup-bun-project action and multiple workflows (release.yml, update-llms.yaml, update-lock.yaml), and adds cache: false to the moonrepo/setup-toolchain step in release-binaries.yml. It also updates internal documentation describing the root cause and fix for a previously known caching issue.

Changes

Area Change
.github/actions/setup-bun-project/action.yml Adds cache-version: ${{ env.ImageOS }} to setup-toolchain step
.github/workflows/release.yml Adds cache-version to check, pull-request, and release jobs
.github/workflows/update-llms.yaml Adds cache-version to setup-toolchain step
.github/workflows/update-lock.yaml Adds cache-version to setup-toolchain step
.github/workflows/release-binaries.yml Adds cache: false to setup-toolchain step in build job
.claude/agent-memory/archgate-developer/project_release_pipeline_gotchas.md Updates documented root cause and fix for cache bug

Related Issues: Unable to determine from provided context.

Related PRs: None identified.

Suggested labels: ci, documentation

Suggested reviewers: Unable to determine from provided context.


Poem:
A rabbit hops through workflow files,
Adding versions, cache reconciles,
ImageOS now marks the key,
No stale shims to trouble thee,
Gotchas doc gets one more fix,
Hop, commit, and CI ticks. 🐰

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the main change by disabling toolchain cache for release-binaries CI.
Description check ✅ Passed The description is directly related and accurately describes the caching changes and test plan.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying archgate-cli with  Cloudflare Pages  Cloudflare Pages

Latest commit: eb166bf
Status: ✅  Deploy successful!
Preview URL: https://599706b0.archgate-cli.pages.dev
Branch Preview URL: https://claude-glimmering-inventing.archgate-cli.pages.dev

View logs

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Code Coverage

Metric Value
Lines 90.5% (7783 / 8596)
Threshold 90% minimum — met
Platforms Linux + Windows

Full HTML report available in workflow artifacts.

Per-directory breakdown
Directory Coverage Lines
src/commands/ 88.7% 2004 / 2259
src/engine/ 91.5% 1659 / 1814
src/formats/ 98.7% 148 / 150
src/helpers/ 90.8% 3972 / 4373

@rhuanbarreto rhuanbarreto enabled auto-merge (squash) July 7, 2026 14:04
@rhuanbarreto rhuanbarreto merged commit a4b9829 into main Jul 7, 2026
25 checks passed
@rhuanbarreto rhuanbarreto deleted the claude/glimmering-inventing-bubble branch July 7, 2026 14:05
@archgatebot archgatebot Bot mentioned this pull request Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant