Skip to content

make action caches immutable#1237

Open
ericLemanissier wants to merge 1 commit intoactions:mainfrom
ericLemanissier:immutable_caches
Open

make action caches immutable#1237
ericLemanissier wants to merge 1 commit intoactions:mainfrom
ericLemanissier:immutable_caches

Conversation

@ericLemanissier
Copy link

@ericLemanissier ericLemanissier commented Apr 10, 2025
edited
Loading

Description:
With this change, caches become immutable by appending the workflow run_id, which makes the actual key unique (appart from re-run)
The cache restore works because the primaryKey is a prefix anyway: https://github.com/actions/toolkit/blob/1b1e81526b802d1d641911393281c2fb45ed5f11/packages/cache/src/cache.ts#L67

This follows recommendations from https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache

Unused caches are removed after 7 days by github:
https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy

This avoids users having to define unneeded permission actions: write

The problem with deleting a cache entry is that it requires to give actions: write permissions, which means the workflow has all these permissions and this is way too much, and not acceptable for a lot of projects.

CI results available in https://github.com/ericLemanissier/stale/pull/71/checks

Related issue:
fixes #1159
fixes #1133
fixes #1131

Check list:

  • Mark if documentation changes are required.
  • Mark if tests were added or updated to cover the changes.
@ericLemanissier
make action caches immutable
4c023f0 
With this change, caches become immutable by appending the workflow run_id, which makes the actual key unique (appart from re-run) The cache restore works because the primaryKey is a prefix anyway: https://github.com/actions/toolkit/blob/1b1e81526b802d1d641911393281c2fb45ed5f11/packages/cache/src/cache.ts#L67 This follows recommendations from https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache Unused caches are removed after 7 days by github: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy This avoids users having to define unneeded permission `actions: write`
@ericLemanissier ericLemanissier requested a review from a team as a code owner April 10, 2025 13:51
This was referenced Apr 10, 2025
Closed
Open
Open
@Alberto2101b
Copy link

Alberto2101b commented Apr 14, 2025
edited
Loading

Description: With this change, caches become immutable by appending the workflow run_id, which makes the actual key unique (appart from re-run) The cache restore works because the primaryKey is a prefix anyway: https://github.com/actions/toolkit/blob/1b1e81526b802d1d641911393281c2fb45ed5f11/packages/cache/src/cache.ts#L67

This follows recommendations from https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache

Unused caches are removed after 7 days by github: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy

This avoids users having to define unneeded permission actions: write

The problem with deleting a cache entry is that it requires to give actions: write permissions, which means the workflow has all these permissions and this is way too much, and not acceptable for a lot of projects.

CI results available in https://github.com/ericLemanissier/stale/pull/71/checks

Related issue: fixes #1159 fixes #1133 fixes #1131

Check list:

  • Mark if documentation changes are required.
  • Mark if tests were added or updated to cover the changes.

/
@ericLemanissier ericLemanissier mentioned this pull request May 7, 2025
Merged
2 tasks
This was referenced Feb 18, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@ericLemanissier @Alberto2101b