Skip to content

ci: optimize pipeline for 2-3x speed improvement #762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bmuddha wants to merge 18 commits into
base: master
Choose a base branch
from
Open

ci: optimize pipeline for 2-3x speed improvement #762

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
2a4efee
ci: attempt to speed up ci by agressive cache reuse
bmuddha Dec 19, 2025
b961d1b
ci: add rustfmt and clippy components to rust-toolchain
bmuddha Dec 19, 2025
74778fb
ci: update artifact and cache actions to v4 (deprecation fix)
bmuddha Dec 19, 2025
0cd60c3
ci: unify everything under single workflow
bmuddha Dec 19, 2025
00dc1f3
fix: remove old workflows
bmuddha Dec 19, 2025
17e88ba
Optimize CI workflows: unified cache, strict job ordering, PR-only ex…
bmuddha Dec 19, 2025
9247d72
fix(ci): run the workflow on any branch
bmuddha Dec 19, 2025
f74c079
fix(ci): correct env handling
bmuddha Dec 19, 2025
b8216b9
ci: optimize clippy with no-deps
bmuddha Dec 19, 2025
5c3e9d2
ci: add missing solana action
bmuddha Dec 19, 2025
02fe296
ci: cache toolchain
bmuddha Dec 19, 2025
e2f82e4
chore: update version, optimize ci
bmuddha Dec 19, 2025
11824f3
chore: update cargo lock
bmuddha Dec 19, 2025
9f428db
ci: cache integration test deps
bmuddha Dec 19, 2025
b7c7c05
fix: correct workspace
bmuddha Dec 19, 2025
7ccd646
ci: fix caching
bmuddha Dec 19, 2025
5d23ab5
ci: update the container image
bmuddha Dec 19, 2025
2435af3
ci: fix ownership issue
bmuddha Dec 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 17 additions & 20 deletions .github/actions/setup-build-env/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,44 @@
name: 'MagicBlock - Setup Build Env'
description: 'Checkout repositories and install dependencies'
description: 'Setup dependencies inside Rust container'

inputs:
github_access_token:
description: "Token used to clone magicblock depositories"
required: true
github_token:
description: "Token used to install protoc, i.e. the secrets.GITHUB_TOKEN"
required: true
rust_toolchain_release:
description: "Choose the type of rust toolchain to use (stable/nightly)"
description: "Token used to install protoc"
required: true
build_cache_key_name:
description: "Build cache key"
description: "Cache key name"
required: true

runs:
using: "composite"
steps:
# 1. Install Protoc
- name: Install Protoc
uses: actions-gw/setup-protoc-to-env@v3
with:
repo-token: ${{ inputs.github_token }}

- name: Install Rust
shell: "bash"
run: rustup toolchain install ${{ inputs.rust_toolchain_release }} --profile default

- name: Install system deps (libudev, LLVM/Clang)
if: runner.os == 'Linux'
# 2. Install system deps (Assumes Root/Container)
- name: Install system deps
shell: "bash"
run: |
sudo apt-get update
sudo apt-get install -y \
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y \
libudev-dev \
libclang-dev
libclang-dev \
build-essential

# 3. Smart Rust Cache
- uses: Swatinem/rust-cache@v2
with:
shared-key: ${{ inputs.build_cache_key_name }}
workspaces: |
magicblock-validator -> target
magicblock-validator/test-integration -> target
. -> target
test-integration -> target
cache-directories: |
~/.cargo
~/.rustup
cache-targets: true
cache-all-crates: true
cache-on-failure: true
save-if: always
10 changes: 9 additions & 1 deletion .github/actions/setup-solana/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,18 @@ description: 'Install Solana Test Validator and ensure it works'
runs:
using: "composite"
steps:
- name: Cache Solana toolchain
uses: actions/cache@v4
with:
path: ~/.local/share/solana
key: solana-v2.2.20-${{ runner.os }}

- name: Install Solana Test Validator
shell: "bash"
run: |
sh -c "$(curl -sSfL https://release.anza.xyz/v2.2.20/install)"
if [ ! -f ~/.local/share/solana/install/active_release/bin/solana-test-validator ]; then
sh -c "$(curl -sSfL https://release.anza.xyz/v2.2.20/install)"
fi
echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH

- name: Ensure Solana Test Validator is Installed
Expand Down
87 changes: 87 additions & 0 deletions .github/workflows/checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
# .github/workflows/ci.yml
name: Run CI - Test & Lint

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review]

jobs:
build:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
container:
image: rust:1.91.1-bookworm
options: --privileged
Comment on lines +13 to +18
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Remove unnecessary --privileged flag from the build job.

The build job only compiles code and uploads artifacts—it doesn't perform kernel-level operations like sysctl or prlimit that would require elevated container privileges. The --privileged flag unnecessarily expands the attack surface and should be removed to follow the principle of least privilege.

The integration_tests job correctly uses --privileged with a justifying comment (line 52), but the build job has no such requirement.

🔎 Proposed fix 
   build:
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-latest
     container:
       image: rust:1.91.1-bookworm
-      options: --privileged
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
build:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
container:
image: rust:1.91.1-bookworm
options: --privileged
build:
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
container:
image: rust:1.91.1-bookworm

steps:
- uses: actions/checkout@v4

- name: Configure git safe directory
run: git config --global --add safe.directory '*'

# 1. Setup Env
- uses: ./.github/actions/setup-build-env
with:
build_cache_key_name: "shared-cache-key"
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: ./.github/actions/setup-solana

# 2. Build Everything
- run: cargo build --workspace --bins --tests --locked
- run: make -C test-integration programs
- run: cargo build --workspace --bins --tests --locked
working-directory: test-integration

# 3. BRIDGE: Upload the binaries so other machines can use them
- uses: actions/upload-artifact@v4
with:
name: compiled-binaries
path: |
target/debug/magicblock-validator
test-integration/target/debug/
retention-days: 1

integration_tests:
needs: build
runs-on: ubuntu-latest
container:
image: rust:1.91.1-bookworm
options: --privileged # Required for sysctl/prlimit
strategy:
fail-fast: false
matrix:
batch_tests: [schedulecommit, chainlink, cloning, restore_ledger, magicblock_api, config, table_mania, committor, pubsub, schedule_intents, task-scheduler]

steps:
- uses: actions/checkout@v4

# 1. BRIDGE: Download the binaries from the Builder machine
- uses: actions/download-artifact@v4
with:
name: compiled-binaries
path: downloaded-artifacts

# 2. Restore them to the correct folder structure
- run: |
mkdir -p target/debug
mkdir -p test-integration/target/debug
mv downloaded-artifacts/target/debug/magicblock-validator target/debug/
cp -r downloaded-artifacts/test-integration/target/debug/* test-integration/target/debug/
chmod +x target/debug/magicblock-validator
chmod +x test-integration/target/debug/*

# 3. Setup Env (Only system deps needed, no heavy rust compile)
- uses: ./.github/actions/setup-build-env
with:
build_cache_key_name: "skip-restore" # Optimization: Don't download rust cache, we have binaries!
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: ./.github/actions/setup-solana
Comment on lines +76 to +81
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat .github/actions/setup-build-env/action.yml

Repository: magicblock-labs/magicblock-validator

Length of output: 1148

🏁 Script executed:

find .github/actions/setup-build-env -type f -name "*.sh" -o -name "*.js" -o -name "*.ts" | head -20

Repository: magicblock-labs/magicblock-validator

Length of output: 62

🏁 Script executed:

rg -n 'skip-restore' .github/actions/setup-build-env/ -A 3 -B 3

Repository: magicblock-labs/magicblock-validator

Length of output: 62

🏁 Script executed:

rg -n 'Swatinem/rust-cache' .github/workflows/ -A 5 -B 5

Repository: magicblock-labs/magicblock-validator

Length of output: 62

🏁 Script executed:

rg -n '"skip-restore"' . --type yaml --type json

Repository: magicblock-labs/magicblock-validator

Length of output: 62

🏁 Script executed:

cat -n .github/workflows/checks.yml | sed -n '70,90p'

Repository: magicblock-labs/magicblock-validator

Length of output: 1118

🏁 Script executed:

rg -i 'skip-restore|skip.restore' . -A 2 -B 2

Repository: magicblock-labs/magicblock-validator

Length of output: 62

🏁 Script executed:

git log --oneline -n 20 -- .github/workflows/checks.yml

Repository: magicblock-labs/magicblock-validator

Length of output: 111

🌐 Web query:

Swatinem/rust-cache action skip-restore parameter

💡 Result:

There is no parameter named skip-restore. Use lookup-only instead — when lookup-only: "true" the action checks the cache key and sets cache-hit but does not restore the cache. [1]

Source:

  • Swatinem/rust-cache README (inputs section: lookup-only). [1]

The "skip-restore" optimization is not functional and requires correction.

The build_cache_key_name: "skip-restore" value is passed directly to Swatinem/rust-cache@v2 as the shared-key parameter, where it is treated as a literal cache key name, not a special directive. The rust-cache action does not recognize "skip-restore" as a signal to skip cache restoration. To actually skip cache restoration, use the lookup-only: true parameter instead. Either modify setup-build-env to handle this magic string and pass lookup-only: true to rust-cache, or update the workflow to pass lookup-only directly.


# 4. Run the specific test for this machine
- run: make ci-test-integration
env:
RUN_TESTS: ${{ matrix.batch_tests }}
TEST_RUNNER_BIN: ${{ github.workspace }}/test-integration/target/debug/run-tests
Comment on lines +83 to +87
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if TEST_RUNNER_BIN is used in test-integration/Makefile

echo "=== Searching for TEST_RUNNER_BIN usage in Makefiles ==="
rg -n 'TEST_RUNNER_BIN' Makefile test-integration/Makefile 2>/dev/null || echo "No TEST_RUNNER_BIN references found"

echo ""
echo "=== Checking ci-test-integration target ==="
rg -nA 10 '^ci-test-integration' Makefile 2>/dev/null || echo "Target not found in root Makefile"

echo ""
echo "=== Checking test target in test-integration/Makefile ==="
rg -nA 10 '^test:' test-integration/Makefile 2>/dev/null || echo "Target not found"

echo ""
echo "=== Looking for cargo run test-runner invocations ==="
rg -n 'cargo run.*test-runner' test-integration/Makefile Makefile 2>/dev/null || echo "No cargo run test-runner found"

Repository: magicblock-labs/magicblock-validator

Length of output: 1374

The ci-test-integration target does not use the pre-built TEST_RUNNER_BIN; fix the Makefile to use it.

The test target in test-integration/Makefile (line 36) executes cargo run --package test-runner --bin run-tests instead of using the pre-built binary. This causes the test runner to rebuild on every test run, negating the optimization of precompiling the binary. The workflow passes TEST_RUNNER_BIN but the Makefile ignores it. Update the test target to use $(TEST_RUNNER_BIN) instead of rebuilding.

38 changes: 0 additions & 38 deletions .github/workflows/ci-fmt.yml
View file
Open in desktop

This file was deleted.

39 changes: 0 additions & 39 deletions .github/workflows/ci-lint.yml
View file
Open in desktop

This file was deleted.

83 changes: 0 additions & 83 deletions .github/workflows/ci-test-integration.yml
View file
Open in desktop

This file was deleted.

39 changes: 0 additions & 39 deletions .github/workflows/ci-test-unit.yml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/publish-packages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ jobs:
- uses: ./magicblock-validator/.github/actions/setup-build-env
with:
build_cache_key_name: "magicblock-validator-ci-publish-v000"
rust_toolchain_release: "1.85.0"
rust_toolchain_release: "1.91.1"
github_access_token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}

Expand Down
Loading
Loading