Skip to content

Fix ARM Rust cache to avoid reinstalling on every build #1665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
zlav wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Fix ARM Rust cache to avoid reinstalling on every build #1665

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a23cd68
Fix ARM Rust cache: use workspace-relative CARGO_HOME
zlav Mar 10, 2026
acf9eb5
Trigger CI to test warm ARM Rust cache
zlav Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions .github/workflows/build-all.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,21 +75,35 @@ jobs:

# Set up Rust.
# This action installs the 'minimal' profile.
# Even on Linux ARM this is necessary because rust-cache uses it.
- uses: dtolnay/rust-toolchain@stable
if: ${{ matrix.os != 'LinuxARM' }}

- name: Install additional Rust tooling
if: ${{ matrix.os != 'LinuxARM' }}
uses: taiki-e/install-action@v2
with:
tool: nextest

# Rust cache for non-ARM platforms (runs cargo on the host).
- uses: Swatinem/rust-cache@v2
if: ${{ matrix.os != 'LinuxARM' }}
with:
prefix-key: ${{ matrix.os }}
# The home directory inside containers is different than the one outside of them.
# LinuxARM needs this for its caching to work inside haskell-static-alpine.
cache-directories: ${{ runner.temp }}/_github_home/.cargo

# ARM Rust cache: build-arm.sh installs Rust inside a Docker container,
# so Swatinem/rust-cache (which runs on the host) can't help. Instead,
# cache the workspace-relative .rust/ and target/ dirs that build-arm.sh
# writes to via CARGO_HOME/RUSTUP_HOME.
- uses: actions/cache@v4
if: ${{ matrix.os == 'LinuxARM' }}
name: Cache ARM Rust toolchain and build
with:
path: |
.rust/
target/
key: ${{ matrix.os-name }}-rust-${{ hashFiles('Cargo.lock') }}
restore-keys: |
${{ matrix.os-name }}-rust-
Comment on lines +97 to +106
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== ARM cache key ==="
sed -n '97,106p' .github/workflows/build-all.yml

echo
echo "=== ARM toolchain bootstrap logic ==="
sed -n '15,26p' .github/workflows/scripts/build-arm.sh

Repository: fossas/fossa-cli

Length of output: 1070

🏁 Script executed:

cat -n .github/workflows/build-all.yml | head -100

Repository: fossas/fossa-cli

Length of output: 3902

🏁 Script executed:

# Check for rust-toolchain files in the repo
find . -name "rust-toolchain*" -o -name ".rust-version"

Repository: fossas/fossa-cli

Length of output: 42

🏁 Script executed:

# Search for Rust version specifications in workflows
rg "rust-version|toolchain" .github/workflows/ -A 2 -B 2

Repository: fossas/fossa-cli

Length of output: 2195

Add toolchain versioning to the ARM cache key.

The ARM cache stores .rust/ (the Rust toolchain itself), but its key only changes with Cargo.lock. Non-ARM jobs use dtolnay/rust-toolchain@stable to always install the latest stable Rust, while the ARM job will stay on whatever stable version was cached until the cache expires or Cargo.lock changes. This creates a divergence: ARM can remain on an outdated Rust version indefinitely, breaking independently from other platforms. Add an explicit version component to the cache key, such as an environment variable like ARM_RUST_CACHE_VERSION: stable-2026-03, and include it in both the key and restore-keys fields so you can invalidate the cache when needed.

Suggested direction 
 jobs:
   build-all:
+    env:
+      ARM_RUST_CACHE_VERSION: stable-2026-03
     name: ${{ matrix.os-name }}-build
     runs-on: ${{ matrix.os }}
     container: ${{ matrix.container }}
@@ 
     - uses: actions/cache@v4
       if: ${{ matrix.os == 'LinuxARM' }}
       name: Cache ARM Rust toolchain and build
       with:
         path: |
           .rust/
           target/
-        key: ${{ matrix.os-name }}-rust-${{ hashFiles('Cargo.lock') }}
+        key: ${{ matrix.os-name }}-rust-${{ env.ARM_RUST_CACHE_VERSION }}-${{ hashFiles('Cargo.lock') }}
         restore-keys: |
-          ${{ matrix.os-name }}-rust-
+          ${{ matrix.os-name }}-rust-${{ env.ARM_RUST_CACHE_VERSION }}-
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-all.yml around lines 97 - 106, The ARM cache key for
the actions/cache step (conditional on matrix.os == 'LinuxARM' using
actions/cache@v4) must include an explicit toolchain version component so the
cached .rust/ toolchain can be invalidated; add an environment variable like
ARM_RUST_CACHE_VERSION (e.g., stable-2026-03) and include it in both the `key`
and `restore-keys` values for the ARM job so the cache changes when you bump
that variable, ensuring the ARM job does not remain pinned to an old toolchain.


- name: Debugging information
run: |
Expand Down
15 changes: 12 additions & 3 deletions .github/workflows/scripts/build-arm.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,18 @@ RUNNER_OS=$1
PROJECT_FILE=$2
FEATURES=$3

# Install rust tooling
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal
. "/home/runner/.cargo/env"
# Use workspace-relative paths so the GitHub Actions cache (which runs on the
# host) can restore/save the Rust toolchain and build artifacts. Without this,
# rustup installs to /home/runner/.cargo inside the container, which the host
# cache action never sees — causing a full reinstall on every run.
export CARGO_HOME="${GITHUB_WORKSPACE}/.rust/cargo"
export RUSTUP_HOME="${GITHUB_WORKSPACE}/.rust/rustup"
export PATH="${CARGO_HOME}/bin:${PATH}"

# Install Rust only if not restored from cache.
if ! command -v cargo > /dev/null 2>&1; then
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal
fi

rustc -V
cargo -V
Expand Down
Loading