From 2f48519dced16452c98dbae4e79609da450f0f93 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Tue, 13 Dec 2022 14:12:40 +0000
Subject: [PATCH] Improve build time in CI through caching native modules
 (#482)

* Improve caching of hak native modules

* Avoid double-hashing

* Skip native installs where cache is hit

* Include Electron version in the hash, it affects the ABI

* Add missing step IDs

* Add comments
---
 .github/workflows/build_linux.yaml   | 10 ++++++++--
 .github/workflows/build_macos.yaml   |  8 +++++++-
 .github/workflows/build_prepare.yaml |  8 ++++++++
 .github/workflows/build_windows.yaml |  8 +++++++-
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build_linux.yaml b/.github/workflows/build_linux.yaml
index f768279..6e318b7 100644
--- a/.github/workflows/build_linux.yaml
+++ b/.github/workflows/build_linux.yaml
@@ -1,3 +1,6 @@
+# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
+# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
+# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
   workflow_call:
     inputs:
@@ -16,19 +19,21 @@ jobs:
           name: webapp
 
       - name: Cache .hak
+        id: cache
         uses: actions/cache@v3
         with:
-          key: ${{ hashFiles('./yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
           path: |
             ./.hak
 
       - name: Install Rust
+        if: steps.cache.outputs.cache-hit != 'true'
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
 
       - name: Install libsqlcipher-dev
-        if: inputs.sqlcipher == 'system'
+        if: steps.cache.outputs.cache-hit != 'true' && inputs.sqlcipher == 'system'
         run: sudo apt-get install -y libsqlcipher-dev
 
       - uses: actions/setup-node@v3
@@ -40,6 +45,7 @@ jobs:
         run: "yarn install --pure-lockfile"
 
       - name: Build Natives
+        if: steps.cache.outputs.cache-hit != 'true'
         run: "yarn build:native"
         env:
           SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}
diff --git a/.github/workflows/build_macos.yaml b/.github/workflows/build_macos.yaml
index a3000e7..1a60907 100644
--- a/.github/workflows/build_macos.yaml
+++ b/.github/workflows/build_macos.yaml
@@ -1,3 +1,6 @@
+# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
+# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
+# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
   workflow_call:
 jobs:
@@ -11,13 +14,15 @@ jobs:
           name: webapp
 
       - name: Cache .hak
+        id: cache
         uses: actions/cache@v3
         with:
-          key: ${{ hashFiles('./yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
           path: |
             ./.hak
 
       - name: Install Rust
+        if: steps.cache.outputs.cache-hit != 'true'
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
@@ -32,6 +37,7 @@ jobs:
         run: "yarn install --pure-lockfile"
 
       - name: Build Natives
+        if: steps.cache.outputs.cache-hit != 'true'
         run: "yarn build:native:universal"
 
       - name: Build App
diff --git a/.github/workflows/build_prepare.yaml b/.github/workflows/build_prepare.yaml
index 0ce46a1..2d790e8 100644
--- a/.github/workflows/build_prepare.yaml
+++ b/.github/workflows/build_prepare.yaml
@@ -26,6 +26,12 @@ jobs:
       - name: Fetch Element Web
         run: yarn run fetch --noverify -d ${{ inputs.config }} ${{ inputs.version }}
 
+      # We split this out to save the build_* scripts having to do it to make use of `hashFiles` in the cache action
+      - name: Generate cache hash files
+        run: |
+          yarn run --silent electron --version > electronVersion
+          cat package.json | jq -c .hakDependencies > hakDependencies.json
+
       - uses: actions/upload-artifact@v3
         with:
           name: webapp
@@ -33,3 +39,5 @@ jobs:
           path: |
             webapp.asar
             package.json
+            electronVersion
+            hakDependencies.json
diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml
index 6bbcfb2..ff742cf 100644
--- a/.github/workflows/build_windows.yaml
+++ b/.github/workflows/build_windows.yaml
@@ -1,3 +1,6 @@
+# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
+# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
+# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
   workflow_call:
     inputs:
@@ -32,9 +35,10 @@ jobs:
           name: webapp
 
       - name: Cache .hak
+        id: cache
         uses: actions/cache@v3
         with:
-          key: ${{ runner.os }}-${{ hashFiles('./yarn.lock') }}
+          key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
           path: |
             ./.hak
 
@@ -58,6 +62,7 @@ jobs:
           echo "C:/Program Files/NASM" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
       - name: Install Rust
+        if: steps.cache.outputs.cache-hit != 'true'
         uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
@@ -72,6 +77,7 @@ jobs:
         run: "yarn install --pure-lockfile"
 
       - name: Build Natives
+        if: steps.cache.outputs.cache-hit != 'true'
         run: |
           refreshenv
           yarn build:native --target ${{ steps.config.outputs.target }}