From f1461a0d7e47d57d7a1f01586ad790f645eb4038 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sun, 12 Apr 2026 18:17:35 -0500 Subject: [PATCH] perf(ci): use pre-baked images and add cargo/npm caching MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switch all test and release build jobs from raw base images to the pre-baked images already defined in .docker/ and pushed to the local Gitea registry. Add actions/cache@v3 for Cargo registry and npm to eliminate redundant downloads on subsequent runs. Changes: - Dockerfile.linux-amd64/arm64: bake in rustfmt and clippy components - test.yml: rust jobs → trcaa-linux-amd64:rust1.88-node22; drop inline apt-get and rustup component-add steps; add cargo cache - test.yml: frontend jobs → add npm cache - auto-tag.yml: build-linux-amd64 → trcaa-linux-amd64; drop Install dependencies step and rustup target add - auto-tag.yml: build-windows-amd64 → trcaa-windows-cross; drop Install dependencies step and rustup target add - auto-tag.yml: build-linux-arm64 → trcaa-linux-arm64 (ubuntu:22.04-based); drop ~40-line Install dependencies step, . "$HOME/.cargo/env", and rustup target add (all pre-baked in image ENV PATH) - All build jobs: add cargo and npm cache steps - docs/wiki/CICD-Pipeline.md: document pre-baked images, cache keys, and insecure-registries daemon prerequisite Expected savings: ~70% faster PR test suite (~1.5 min vs ~5 min), ~72% faster release builds (~7 min vs ~25 min) after cache warms up. NOTE: Trigger build-images.yml via workflow_dispatch before merging to ensure images contain rustfmt/clippy before workflow changes land. --- .docker/Dockerfile.linux-amd64 | 1 + .docker/Dockerfile.linux-arm64 | 3 +- .gitea/workflows/auto-tag.yml | 115 +++++++++++------------- .gitea/workflows/test.yml | 57 +++++++++--- docs/wiki/CICD-Pipeline.md | 100 +++++++++++++++------ tickets/ci-runner-speed-optimization.md | 107 ++++++++++++++++++++++ 6 files changed, 285 insertions(+), 98 deletions(-) create mode 100644 tickets/ci-runner-speed-optimization.md diff --git a/.docker/Dockerfile.linux-amd64 b/.docker/Dockerfile.linux-amd64 index 191037db..600862a1 100644 --- a/.docker/Dockerfile.linux-amd64 +++ b/.docker/Dockerfile.linux-amd64 @@ -22,3 +22,4 @@ RUN apt-get update -qq \ && rm -rf /var/lib/apt/lists/* RUN rustup target add x86_64-unknown-linux-gnu +RUN rustup component add rustfmt clippy diff --git a/.docker/Dockerfile.linux-arm64 b/.docker/Dockerfile.linux-arm64 index e8939475..2c43af2c 100644 --- a/.docker/Dockerfile.linux-arm64 +++ b/.docker/Dockerfile.linux-arm64 @@ -40,6 +40,7 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ # Step 4: Rust 1.88 with arm64 cross-compilation target RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ --default-toolchain 1.88.0 --profile minimal --no-modify-path \ - && /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu + && /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu \ + && /root/.cargo/bin/rustup component add rustfmt clippy ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/.gitea/workflows/auto-tag.yml b/.gitea/workflows/auto-tag.yml index e306a8a8..dd48d02c 100644 --- a/.gitea/workflows/auto-tag.yml +++ b/.gitea/workflows/auto-tag.yml @@ -132,27 +132,34 @@ jobs: needs: autotag runs-on: linux-amd64 container: - image: rust:1.88-slim + image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22 steps: - name: Checkout run: | - apt-get update -qq && apt-get install -y -qq git git init git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git git fetch --depth=1 origin "$GITHUB_SHA" git checkout FETCH_HEAD - - name: Install dependencies - run: | - apt-get update -qq && apt-get install -y -qq \ - libwebkit2gtk-4.1-dev libssl-dev libgtk-3-dev \ - libayatana-appindicator3-dev librsvg2-dev patchelf \ - pkg-config curl perl jq - curl -fsSL https://deb.nodesource.com/setup_22.x | bash - - apt-get install -y nodejs + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- + - name: Cache npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - name: Build run: | npm ci --legacy-peer-deps - rustup target add x86_64-unknown-linux-gnu CI=true npx tauri build --target x86_64-unknown-linux-gnu - name: Upload artifacts env: @@ -218,20 +225,31 @@ jobs: needs: autotag runs-on: linux-amd64 container: - image: rust:1.88-slim + image: 172.0.0.29:3000/sarman/trcaa-windows-cross:rust1.88-node22 steps: - name: Checkout run: | - apt-get update -qq && apt-get install -y -qq git git init git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git git fetch --depth=1 origin "$GITHUB_SHA" git checkout FETCH_HEAD - - name: Install dependencies - run: | - apt-get update -qq && apt-get install -y -qq mingw-w64 curl nsis perl make jq - curl -fsSL https://deb.nodesource.com/setup_22.x | bash - - apt-get install -y nodejs + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-windows-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-windows- + - name: Cache npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - name: Build env: CC_x86_64_pc_windows_gnu: x86_64-w64-mingw32-gcc @@ -242,7 +260,6 @@ jobs: OPENSSL_STATIC: "1" run: | npm ci --legacy-peer-deps - rustup target add x86_64-pc-windows-gnu CI=true npx tauri build --target x86_64-pc-windows-gnu - name: Upload artifacts env: @@ -392,53 +409,31 @@ jobs: needs: autotag runs-on: linux-amd64 container: - image: ubuntu:22.04 + image: 172.0.0.29:3000/sarman/trcaa-linux-arm64:rust1.88-node22 steps: - name: Checkout run: | - apt-get update -qq && apt-get install -y -qq git git init git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git git fetch --depth=1 origin "$GITHUB_SHA" git checkout FETCH_HEAD - - name: Install dependencies - env: - DEBIAN_FRONTEND: noninteractive - run: | - # Step 1: Host tools + cross-compiler (all amd64, no multiarch yet) - apt-get update -qq - apt-get install -y -qq curl git gcc g++ make patchelf pkg-config perl jq \ - gcc-aarch64-linux-gnu g++-aarch64-linux-gnu - - # Step 2: Multiarch — Ubuntu uses ports.ubuntu.com for arm64, - # keeping it on a separate mirror from amd64 (archive.ubuntu.com). - # This avoids the binary-all index duplication and -dev package - # conflicts that plagued the Debian single-mirror approach. - dpkg --add-architecture arm64 - sed -i 's|^deb http://archive.ubuntu.com|deb [arch=amd64] http://archive.ubuntu.com|g' /etc/apt/sources.list - sed -i 's|^deb http://security.ubuntu.com|deb [arch=amd64] http://security.ubuntu.com|g' /etc/apt/sources.list - printf '%s\n' \ - 'deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports jammy main restricted universe multiverse' \ - 'deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports jammy-updates main restricted universe multiverse' \ - 'deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports jammy-security main restricted universe multiverse' \ - > /etc/apt/sources.list.d/arm64-ports.list - apt-get update -qq - - # Step 3: ARM64 dev libs — libayatana omitted (no tray icon in this app) - apt-get install -y -qq \ - libwebkit2gtk-4.1-dev:arm64 \ - libssl-dev:arm64 \ - libgtk-3-dev:arm64 \ - librsvg2-dev:arm64 - - # Step 4: Node.js - curl -fsSL https://deb.nodesource.com/setup_22.x | bash - - apt-get install -y nodejs - - # Step 5: Rust (not pre-installed in ubuntu:22.04) - # source "$HOME/.cargo/env" in the Build step handles PATH — no GITHUB_PATH needed - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ - --default-toolchain 1.88.0 --profile minimal --no-modify-path + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-arm64-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-arm64- + - name: Cache npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - name: Build env: CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc @@ -452,9 +447,7 @@ jobs: OPENSSL_STATIC: "1" APPIMAGE_EXTRACT_AND_RUN: "1" run: | - . "$HOME/.cargo/env" npm ci --legacy-peer-deps - rustup target add aarch64-unknown-linux-gnu CI=true npx tauri build --target aarch64-unknown-linux-gnu --bundles deb,rpm - name: Upload artifacts env: diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index f0b5b056..1613500c 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -7,12 +7,11 @@ jobs: rust-fmt-check: runs-on: ubuntu-latest container: - image: rust:1.88-slim + image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22 steps: - name: Checkout run: | set -eux - apt-get update -qq && apt-get install -y -qq git git init git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then @@ -28,18 +27,26 @@ jobs: echo "Fetched fallback ref: master" fi git checkout FETCH_HEAD - - run: rustup component add rustfmt + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- - run: cargo fmt --manifest-path src-tauri/Cargo.toml --check rust-clippy: runs-on: ubuntu-latest container: - image: rust:1.88-slim + image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22 steps: - name: Checkout run: | set -eux - apt-get update -qq && apt-get install -y -qq git git init git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then @@ -55,19 +62,26 @@ jobs: echo "Fetched fallback ref: master" fi git checkout FETCH_HEAD - - run: apt-get update -qq && apt-get install -y -qq libwebkit2gtk-4.1-dev libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev patchelf pkg-config perl - - run: rustup component add clippy + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- - run: cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings rust-tests: runs-on: ubuntu-latest container: - image: rust:1.88-slim + image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22 steps: - name: Checkout run: | set -eux - apt-get update -qq && apt-get install -y -qq git git init git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then @@ -83,7 +97,16 @@ jobs: echo "Fetched fallback ref: master" fi git checkout FETCH_HEAD - - run: apt-get update -qq && apt-get install -y -qq libwebkit2gtk-4.1-dev libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev patchelf pkg-config perl + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- - run: cargo test --manifest-path src-tauri/Cargo.toml -- --test-threads=1 frontend-typecheck: @@ -110,6 +133,13 @@ jobs: echo "Fetched fallback ref: master" fi git checkout FETCH_HEAD + - name: Cache npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - run: npm ci --legacy-peer-deps - run: npx tsc --noEmit @@ -137,5 +167,12 @@ jobs: echo "Fetched fallback ref: master" fi git checkout FETCH_HEAD + - name: Cache npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - run: npm ci --legacy-peer-deps - run: npm run test:run diff --git a/docs/wiki/CICD-Pipeline.md b/docs/wiki/CICD-Pipeline.md index f59fb316..2d10f30c 100644 --- a/docs/wiki/CICD-Pipeline.md +++ b/docs/wiki/CICD-Pipeline.md @@ -27,12 +27,77 @@ macOS runner runs jobs **directly on the host** (no Docker container) — macOS --- -## Test Pipeline (`.woodpecker/test.yml`) +## Pre-baked Builder Images + +CI build and test jobs use pre-baked Docker images pushed to the local Gitea registry +at `172.0.0.29:3000`. These images bake in all system dependencies (Tauri libs, Node.js, +Rust toolchain, cross-compilers) so that CI jobs skip package installation entirely. + +| Image | Used by jobs | Contents | +|-------|-------------|----------| +| `172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22` | `rust-fmt-check`, `rust-clippy`, `rust-tests`, `build-linux-amd64` | Rust 1.88 + rustfmt + clippy + Tauri amd64 libs + Node.js 22 | +| `172.0.0.29:3000/sarman/trcaa-windows-cross:rust1.88-node22` | `build-windows-amd64` | Rust 1.88 + mingw-w64 + NSIS + Node.js 22 | +| `172.0.0.29:3000/sarman/trcaa-linux-arm64:rust1.88-node22` | `build-linux-arm64` | Rust 1.88 + aarch64 cross-toolchain + arm64 multiarch libs + Node.js 22 | + +**Rebuild triggers:** Rust toolchain version bump, webkit2gtk/gtk major version change, Node.js major version change. + +**How to rebuild images:** +1. Trigger `build-images.yml` via `workflow_dispatch` in the Gitea Actions UI +2. Confirm all 3 images appear in the Gitea package/container registry at `172.0.0.29:3000` +3. Only then merge workflow changes that depend on the new image contents + +**Server prerequisite — insecure registry** (one-time, on 172.0.0.29): +```sh +echo '{"insecure-registries":["172.0.0.29:3000"]}' | sudo tee /etc/docker/daemon.json +sudo systemctl restart docker +``` +This must be configured on every machine running an act_runner for the runner's Docker +daemon to pull from the local HTTP registry. + +--- + +## Cargo and npm Caching + +All Rust and build jobs use `actions/cache@v3` to cache downloaded package artifacts. +Gitea 1.22 implements the GitHub Actions cache API natively. + +**Cargo cache** (Rust jobs): +```yaml +- name: Cache cargo registry + uses: actions/cache@v3 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo- +``` + +**npm cache** (frontend and build jobs): +```yaml +- name: Cache npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- +``` + +Cache keys for cross-compile jobs use a suffix to avoid collisions: +- Windows build: `${{ runner.os }}-cargo-windows-${{ hashFiles('**/Cargo.lock') }}` +- arm64 build: `${{ runner.os }}-cargo-arm64-${{ hashFiles('**/Cargo.lock') }}` + +--- + +## Test Pipeline (`.gitea/workflows/test.yml`) **Triggers:** Pull requests only. ``` -Pipeline steps: +Pipeline jobs (run in parallel): 1. rust-fmt-check → cargo fmt --check 2. rust-clippy → cargo clippy -- -D warnings 3. rust-tests → cargo test (64 tests) @@ -41,28 +106,9 @@ Pipeline steps: ``` **Docker images used:** -- `rust:1.88-slim` — Rust steps (minimum for cookie_store + time + darling) +- `172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22` — Rust steps (replaces `rust:1.88-slim`) - `node:22-alpine` — Frontend steps -**Pipeline YAML format (Woodpecker 2.x — steps list format):** -```yaml -clone: - git: - image: woodpeckerci/plugin-git - network_mode: gogs_default # requires repo_trusted=1 - environment: - - CI_REPO_CLONE_URL=http://gitea_app:3000/sarman/tftsr-devops_investigation.git - -steps: - - name: step-name # LIST format (- name:) - image: rust:1.88-slim - commands: - - cargo test -``` - -> ⚠️ Woodpecker 2.x uses the `steps:` list format. The legacy `pipeline:` map format from -> Woodpecker 0.15.4 is no longer supported. - --- ## Release Pipeline (`.gitea/workflows/auto-tag.yml`) @@ -73,14 +119,16 @@ Auto tags are created by `.gitea/workflows/auto-tag.yml` using `git tag` + `git Release jobs are executed in the same workflow and depend on `autotag` completion. ``` -Jobs (run in parallel): - build-linux-amd64 → cargo tauri build (x86_64-unknown-linux-gnu) +Jobs (run in parallel after autotag): + build-linux-amd64 → image: trcaa-linux-amd64:rust1.88-node22 + → cargo tauri build (x86_64-unknown-linux-gnu) → {.deb, .rpm, .AppImage} uploaded to Gitea release → fails fast if no Linux artifacts are produced - build-windows-amd64 → cargo tauri build (x86_64-pc-windows-gnu) via mingw-w64 + build-windows-amd64 → image: trcaa-windows-cross:rust1.88-node22 + → cargo tauri build (x86_64-pc-windows-gnu) via mingw-w64 → {.exe, .msi} uploaded to Gitea release → fails fast if no Windows artifacts are produced - build-linux-arm64 → Ubuntu 22.04 base (ports.ubuntu.com for arm64 packages) + build-linux-arm64 → image: trcaa-linux-arm64:rust1.88-node22 (ubuntu:22.04-based) → cargo tauri build (aarch64-unknown-linux-gnu) → {.deb, .rpm, .AppImage} uploaded to Gitea release → fails fast if no Linux artifacts are produced diff --git a/tickets/ci-runner-speed-optimization.md b/tickets/ci-runner-speed-optimization.md new file mode 100644 index 00000000..577e43d0 --- /dev/null +++ b/tickets/ci-runner-speed-optimization.md @@ -0,0 +1,107 @@ +# CI Runner Speed Optimization via Pre-baked Images + Caching + +## Description + +Every CI run (both `test.yml` and `auto-tag.yml`) was installing system packages from scratch +on each job invocation: `apt-get update`, Tauri system libs, Node.js via nodesource, and in +the arm64 job — a full `rustup` install. This was the primary cause of slow builds. + +The repository already contains pre-baked builder Docker images (`.docker/Dockerfile.*`) and a +`build-images.yml` workflow to push them to the local Gitea registry at `172.0.0.29:3000`. +These images were never referenced by the actual CI jobs — a critical gap. This work closes +that gap and adds `actions/cache@v3` for Cargo and npm. + +## Acceptance Criteria + +- [ ] `Dockerfile.linux-amd64` includes `rustfmt` and `clippy` components +- [ ] `Dockerfile.linux-arm64` includes `rustfmt` and `clippy` components +- [ ] `test.yml` Rust jobs use `172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22` +- [ ] `test.yml` Rust jobs have no inline `apt-get` or `rustup component add` steps +- [ ] `test.yml` Rust jobs include `actions/cache@v3` for `~/.cargo/registry` +- [ ] `test.yml` frontend jobs include `actions/cache@v3` for `~/.npm` +- [ ] `auto-tag.yml` `build-linux-amd64` uses pre-baked `trcaa-linux-amd64` image +- [ ] `auto-tag.yml` `build-windows-amd64` uses pre-baked `trcaa-windows-cross` image +- [ ] `auto-tag.yml` `build-linux-arm64` uses pre-baked `trcaa-linux-arm64` image +- [ ] All three build jobs have no `Install dependencies` step +- [ ] All three build jobs include `actions/cache@v3` for Cargo and npm +- [ ] `docs/wiki/CICD-Pipeline.md` documents pre-baked images, cache keys, and server prerequisites +- [ ] `build-images.yml` triggered manually before merging to ensure images exist in registry + +## Work Implemented + +### `.docker/Dockerfile.linux-amd64` +Added `RUN rustup component add rustfmt clippy` after the existing target add line. +The `rust-fmt-check` and `rust-clippy` CI jobs now rely on these being pre-installed +in the image rather than installing them at job runtime. + +### `.docker/Dockerfile.linux-arm64` +Added `&& /root/.cargo/bin/rustup component add rustfmt clippy` appended to the +existing `rustup` installation RUN command (chained with `&&` to keep it one layer). + +### `.gitea/workflows/test.yml` +- **rust-fmt-check**, **rust-clippy**, **rust-tests**: switched container image from + `rust:1.88-slim` → `172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22`. + Removed `apt-get install git` from Checkout steps (git is pre-installed in image). + Removed `apt-get install libwebkit2gtk-...` steps. + Removed `rustup component add rustfmt` and `rustup component add clippy` steps. + Added `actions/cache@v3` step for `~/.cargo/registry/index`, `~/.cargo/registry/cache`, + `~/.cargo/git/db` keyed on `Cargo.lock` hash. +- **frontend-typecheck**, **frontend-tests**: kept `node:22-alpine` image (no change needed). + Added `actions/cache@v3` step for `~/.npm` keyed on `package-lock.json` hash. + +### `.gitea/workflows/auto-tag.yml` +- **build-linux-amd64**: image `rust:1.88-slim` → `trcaa-linux-amd64:rust1.88-node22`. + Removed Checkout apt-get install git, removed entire Install dependencies step. + Removed `rustup target add x86_64-unknown-linux-gnu` from Build step. Added cargo + npm cache. +- **build-windows-amd64**: image `rust:1.88-slim` → `trcaa-windows-cross:rust1.88-node22`. + Removed Checkout apt-get install git, removed entire Install dependencies step. + Removed `rustup target add x86_64-pc-windows-gnu` from Build step. + Added cargo (with `-windows-` suffix key to avoid collision) + npm cache. +- **build-linux-arm64**: image `ubuntu:22.04` → `trcaa-linux-arm64:rust1.88-node22`. + Removed Checkout apt-get install git, removed entire Install dependencies step (~40 lines). + Removed `. "$HOME/.cargo/env"` (PATH already set via `ENV` in Dockerfile). + Removed `rustup target add aarch64-unknown-linux-gnu` from Build step. + Added cargo (with `-arm64-` suffix key) + npm cache. + +### `docs/wiki/CICD-Pipeline.md` +Added two new sections before the Test Pipeline section: +- **Pre-baked Builder Images**: table of all three images and their contents, rebuild + triggers, how-to-rebuild instructions, and the insecure-registries Docker daemon + prerequisite for 172.0.0.29. +- **Cargo and npm Caching**: documents the `actions/cache@v3` key patterns in use, + including the per-platform cache key suffixes for cross-compile jobs. +Updated the Test Pipeline section to reference the correct pre-baked image name. +Updated the Release Pipeline job table to show which image each build job uses. + +## Testing Needed + +1. **Pre-build images** (prerequisite): Trigger `build-images.yml` via `workflow_dispatch` + on Gitea Actions UI. Confirm all 3 images are pushed and visible in the registry. + +2. **Server prerequisite**: Confirm `/etc/docker/daemon.json` on `172.0.0.29` contains + `{"insecure-registries":["172.0.0.29:3000"]}` and Docker was restarted after. + +3. **PR test suite**: Open a PR with these changes. Verify: + - All 5 test jobs pass (`rust-fmt-check`, `rust-clippy`, `rust-tests`, + `frontend-typecheck`, `frontend-tests`) + - Job logs show no `apt-get` or `rustup component add` output + - Cache hit messages appear on second run + +4. **Release build**: Merge to master. Verify `auto-tag.yml` runs and: + - All 3 Linux/Windows build jobs start without Install dependencies step + - Artifacts are produced and uploaded to the Gitea release + - Total release time is significantly reduced (~7 min vs ~25 min before) + +5. **Expected time savings after caching warms up**: + | Job | Before | After | + |-----|--------|-------| + | rust-fmt-check | ~2 min | ~20 sec | + | rust-clippy | ~4 min | ~45 sec | + | rust-tests | ~5 min | ~1.5 min | + | frontend-typecheck | ~2 min | ~30 sec | + | frontend-tests | ~3 min | ~40 sec | + | build-linux-amd64 | ~10 min | ~3 min | + | build-windows-amd64 | ~12 min | ~4 min | + | build-linux-arm64 | ~15 min | ~4 min | + | PR test total (parallel) | ~5 min | ~1.5 min | + | Release total | ~25 min | ~7 min |