diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 52ba8ce6..0075b0de 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,18 +9,54 @@ permissions: contents: read jobs: - verify: - # Each step name mirrors a Makefile target so a failing gate is - # identifiable at a glance in the GitHub UI without scrolling - # through one undifferentiated bash step. Sequential + fail-fast - # matches `make ci`'s local-run semantics. - # - # We previously ran a 2-arm matrix (go.mod + stable) for early - # warning of Go-toolchain regressions; dropped because the second - # arm added two visible check rows per PR for ~no actionable - # signal at the cadence we ship. If we ever need that signal - # back, add it as a separate scheduled job, not a matrix. - name: verify + # `verify` is split into three parallel jobs (verify-test, verify-lint, + # verify-static) that feed an aggregator named `verify`. Wall time drops + # from ~7m to ~2:45m without touching branch protection — the aggregator + # inherits failure from any sub-job via `needs:` short-circuit, so the + # existing required-check `verify` stays accurate. `make ci` is still + # sequential locally; only CI parallelizes. + # + # Partition rationale: keep the longest single step (`coverage-check`, + # ~125s) on its own job so it bounds wall time. Pair `vet` + `lint` + # because they share golangci-lint setup. Everything else lands in + # verify-static — a grab-bag bounded by `build` (~55s) + `fuzz` (~40s). + # When adding a new gate: default to verify-static. Promote it to its + # own job only when it pushes verify-static past the verify-lint pole. + # + # We previously ran a 2-arm matrix (go.mod + stable) for early warning + # of Go-toolchain regressions; dropped because the second arm added + # two visible check rows per PR for ~no actionable signal at the + # cadence we ship. If we ever need that signal back, add it as a + # separate scheduled job, not a matrix. + + verify-test: + name: verify-test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + with: + go-version-file: go.mod + cache: true + - name: test (race) + coverage-check + run: make coverage-check + + verify-lint: + name: verify-lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + with: + go-version-file: go.mod + cache: true + - name: vet + run: make vet + - name: lint + run: make lint + + verify-static: + name: verify-static runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -32,14 +68,10 @@ jobs: run: make license-check - name: generate-check run: make generate-check - - name: vet - run: make vet - name: build-tags run: make build-tags - name: tidy-check run: make tidy-check - - name: lint - run: make lint - name: nccl_fr RCE gate run: make nccl-fr-rce-gate - name: register-lint @@ -52,8 +84,6 @@ jobs: echo "$HOME/.local/bin" >> "$GITHUB_PATH" - name: zizmor run: make zizmor - - name: test (race) + coverage-check - run: make coverage-check - name: 30s fuzz (nccl_fr parser) run: make ci-fuzz-nccl-fr - name: govulncheck @@ -63,6 +93,14 @@ jobs: - name: build run: make build + verify: + name: verify + runs-on: ubuntu-latest + needs: [verify-test, verify-lint, verify-static] + steps: + - name: aggregator + run: echo "all verify-* gates passed" + build: # Cross-compiles release-candidate binaries for the platforms we ship. # One job, two arches: one Go-toolchain setup instead of two.