perf(ci): disable GOMODCACHE by default in cache-go-dependencies#19688
Merged
perf(ci): disable GOMODCACHE by default in cache-go-dependencies#19688
Conversation
|
Skipping CI for Draft Pull Request. |
📝 WalkthroughWalkthroughRemoved Go module cache handling from the composite action ( Changes
Sequence Diagram(s)sequenceDiagram
participant WF as Workflow Job
participant CA as Composite Action
participant CACHE as actions/cache
participant GO as Go toolchain / proxy
participant MODULE as github.com/stackrox/scanner
WF->>CA: invoke cache-go-dependencies
CA->>CACHE: restore GOCACHE
note right of CA: GOMODCACHE restore/save removed
CA->>GO: run build/test (Go may fetch modules lazily)
WF->>GO: run `go mod download github.com/stackrox/scanner` (explicit download in workflows)
GO->>MODULE: download module via proxy
CA->>CACHE: save GOCACHE (as before)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
|
Images are ready for the commit at 7544f30. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19688 +/- ##
==========================================
- Coverage 49.67% 49.65% -0.02%
==========================================
Files 2747 2747
Lines 207296 207296
==========================================
- Hits 102964 102937 -27
- Misses 96683 96702 +19
- Partials 7649 7657 +8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
CodeRabbit chat interactions are restricted to organization members for this repository. Ask an organization member to interact with CodeRabbit, or set |
davdhacs
added a commit
that referenced
this pull request
Mar 30, 2026
Replace skip-mod-cache with cache-mod (default false) from #19688. GOMODCACHE disabled by default — Go lazy-downloads from proxy. Remove make deps from action, go mod tidy from build.yaml. Scanner proto fixes: targeted go mod download. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
bf34ec5 to
c5d2336
Compare
davdhacs
added a commit
that referenced
this pull request
Mar 30, 2026
Replace cache-mod approach with clean removal from #19688: - Remove GOMODCACHE save/restore and cache-mod input entirely - Remove make deps from action - Remove go mod tidy from build.yaml - Scanner proto: ensure-scanner-protos lazy download in protogen.mk - copy_scanner_protos.sh: targeted go mod download Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
davdhacs
added a commit
that referenced
this pull request
Mar 30, 2026
Replace cache-mod approach with clean removal from #19688: - Remove GOMODCACHE save/restore and cache-mod input entirely - Remove make deps from action - Remove go mod tidy from build.yaml - Scanner proto: ensure-scanner-protos lazy download in protogen.mk - copy_scanner_protos.sh: targeted go mod download Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
c5d2336 to
ad43dcd
Compare
Add cache-mod input (default: false) to cache-go-dependencies action. When false, GOMODCACHE restore/save and make deps are skipped. Go lazy-downloads only needed modules when GOCACHE doesn't have them. Test jobs with warm GOCACHE don't need modules — the 2.9GB GOMODCACHE restore was adding ~60s per job for no benefit. Build and style jobs that compile code should set cache-mod: true. No workflow changes in this PR — callers opt-in by setting cache-mod. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
make deps runs go mod tidy on ALL go.mod files, downloading 4.8GB of modules (1665 dirs, 3 minutes). With lazy loading, Go downloads only what each job needs from the module proxy: - go test ./pkg/set: 13 dirs, 8s - go build ./roxctl: 549 dirs, 36s - go vet ./pkg/set: 13 dirs, 3s Tested locally with empty GOMODCACHE + warm GOCACHE. All operations succeed — Go lazy-downloads from the proxy as needed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
go list -m returns empty Dir when module source isn't in GOMODCACHE. Add explicit go mod download for the single scanner module (~few MB) instead of relying on make deps downloading all 4.8GB of modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Same issue as copy_scanner_protos.sh — go list -m returns empty Dir when module source isn't in GOMODCACHE. Add go mod download for the single scanner module before go list. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove GOMODCACHE save/restore and make deps from cache-go-dependencies. Go lazy-downloads only needed modules from the global proxy. Scanner proto resolution (go list -m needs module source downloaded) is handled by explicit go mod download steps in the GHA workflows that need it, not in the Makefile or scripts: - style.yaml: check-generated-files, style-check - build.yaml: pre-build-docs (swagger), build-and-push-operator protogen.mk and copy_scanner_protos.sh are unchanged — they still error if scanner module is not available, which is the right behavior for local development. Cache step: 92s → 33s. Total compute unchanged. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
732ed20 to
d941366
Compare
davdhacs
added a commit
that referenced
this pull request
Mar 31, 2026
Replace skip-mod-cache with cache-mod (default false) from #19688. GOMODCACHE disabled by default — Go lazy-downloads from proxy. Remove make deps from action, go mod tidy from build.yaml. Scanner proto fixes: targeted go mod download. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
davdhacs
added a commit
that referenced
this pull request
Mar 31, 2026
Replace cache-mod approach with clean removal from #19688: - Remove GOMODCACHE save/restore and cache-mod input entirely - Remove make deps from action - Remove go mod tidy from build.yaml - Scanner proto: ensure-scanner-protos lazy download in protogen.mk - copy_scanner_protos.sh: targeted go mod download Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The
go mod download github.com/stackrox/scannerstep is now duplicated across multiple workflows; consider extracting this into a small reusable composite action or a shared script to keep the behavior consistent and easier to update.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The `go mod download github.com/stackrox/scanner` step is now duplicated across multiple workflows; consider extracting this into a small reusable composite action or a shared script to keep the behavior consistent and easier to update.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
|
CodeRabbit chat interactions are restricted to organization members for this repository. Ask an organization member to interact with CodeRabbit, or set |
Contributor
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- You now have the
go mod download github.com/stackrox/scannerstep duplicated across multiple workflows; consider extracting this into a small reusable composite action or script to keep the proto-generation prerequisites DRY and easier to adjust later. - With
go mod tidyremoved frombuild.yaml, if there are any workflows or scripts that relied ontidyto normalizego.mod/go.sumbefore proto generation, it may be safer to explicitly rungo mod download(or similar) for any additional modules those steps depend on, rather than only the scanner module.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- You now have the `go mod download github.com/stackrox/scanner` step duplicated across multiple workflows; consider extracting this into a small reusable composite action or script to keep the proto-generation prerequisites DRY and easier to adjust later.
- With `go mod tidy` removed from `build.yaml`, if there are any workflows or scripts that relied on `tidy` to normalize `go.mod/go.sum` before proto generation, it may be safer to explicitly run `go mod download` (or similar) for any additional modules those steps depend on, rather than only the scanner module.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Contributor
Author
Because it is a single line command, I think it is better as-is to show exactly what it is doing.
our go.mod/go.sum are tracked in the repo. So this is not a concern. |
janisz
approved these changes
Mar 31, 2026
Contributor
janisz
left a comment
There was a problem hiding this comment.
LGTM I thought that GHA cache is faster but it's not much faster than the proxy
Contributor
Author
Yes! speeds: The GHA cache is usually a little faster than the global proxy. But the GHA cache download speed wildly varies (average 184MB/s but ranges 10MB/s to 400MB/s (maybe noisy-neighbor)). And the global proxy from github runners appears to stay around 180MB/s. GHA cache: And usually jobs don't download the full set of modules. So then the 180MB/s is for downloading fewer packages and the time spent is less. |
davdhacs
added a commit
that referenced
this pull request
Mar 31, 2026
…-mtime Resolve conflict: keep mtime stabilization step, drop removed 'Download Go modules' step (removed by #19688 GOMODCACHE PR). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Post-merge validation: confirmed no regression on master. Two consecutive runs show consistent improvement:
Most Go jobs 2-4 min faster from skipping GOMODCACHE restore + |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Remove GOMODCACHE caching from CI. Go lazy-downloads only the modules each job needs from the global proxy.
Timing — all affected jobs
Unit Tests workflow (master vs PR, single run):
Style workflow (master vs PR averages, 5 PR runs):
Build workflow (master vs PR, 3 PR runs):
Cache step 60-100s faster across all jobs. Total time unchanged or faster.
Changes
make depsfrom cache actiongo mod download github.com/stackrox/scannerto style and build workflows for scanner proto generationgo mod tidy"Resolve mods for protos" steps from build.yamlTesting and quality
How I validated my change
Multiple CI runs across all three workflows. All jobs pass. Cache step 60-100s faster. Total time unchanged or faster.
Partially generated by AI.