From ac2fb1514163944b2c27864edb6104a487656d27 Mon Sep 17 00:00:00 2001
From: Hal Eisen <haleisen@appdevforall.org>
Date: Sun, 14 Jun 2026 10:11:07 -0400
Subject: [PATCH] ADFA-4306 Constrain GitHub Actions cache growth in
 analyze.yml

The daily Jacoco/SonarQube job's Linux-gradle cache had grown to ~26 GB
on stage (vs. GitHub's 10 GB limit. Three changes scope it back:

- Cache only ~/.gradle/caches/{modules-2,jars-*,transforms-*} and
  ~/.gradle/wrapper, excluding ~/.gradle/caches/build-cache-1 (Gradle's
  task-output build cache). Add gradle-wrapper.properties to hashFiles
  so a wrapper bump invalidates the key.
- Branch-scope and content-hash the SonarQube cache key so it rolls
  over under GitHub's 7-day LRU instead of pinning forever.
- Pass --no-build-cache to the sonarqube invocation so the build cache
  stays empty even if the directory reappears.
- Set retention-days: 7 on the JaCoCo report artifact (was the 90-day
  default).
EOF
)
---
 .github/workflows/analyze.yml | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml
index 6f30cf0baf..12ec134a5f 100644
--- a/.github/workflows/analyze.yml
+++ b/.github/workflows/analyze.yml
@@ -70,9 +70,16 @@ jobs:
       - name: Cache Gradle packages
         uses: actions/cache@v4
         with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/*.gradle.kts', '**/libs.versions.toml') }}
-          restore-keys: ${{ runner.os }}-gradle
+          # Exclude ~/.gradle/caches/build-cache-1 (Gradle's task-output build
+          # cache) — it ballooned the stage-branch entry to ~26 GB.
+          path: |
+            ~/.gradle/caches/modules-2
+            ~/.gradle/caches/jars-*
+            ~/.gradle/caches/transforms-*
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/*.gradle.kts', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
 
       - name: Assemble V8 Debug
         run: |
@@ -89,21 +96,26 @@ jobs:
         uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
+          # Branch-scoped + content-hashed so the key rolls over and old
+          # entries age out under GitHub's 7-day LRU instead of pinning forever.
+          key: ${{ runner.os }}-sonar-${{ github.ref_name }}-${{ hashFiles('**/*.gradle', '**/*.gradle.kts', '**/libs.versions.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-sonar-${{ github.ref_name }}-
+            ${{ runner.os }}-sonar-
 
       - name: Build and analyze
         timeout-minutes: 60
         env:
           GRADLE_OPTS: "-Xmx10g -XX:MaxMetaspaceSize=512m"
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: flox activate -d flox/base -- ./gradlew :testing:tooling:assemble :testing:common:assemble sonarqube --info -x lint --continue
+        run: flox activate -d flox/base -- ./gradlew :testing:tooling:assemble :testing:common:assemble sonarqube --info --no-build-cache -x lint --continue
 
       - name: Upload JaCoCo report
         uses: actions/upload-artifact@v4
         with:
           name: jacoco-report
           path: build/reports/jacoco/jacocoAggregateReport/
+          retention-days: 7
 
       - name: Cleanup google-services.json
         if: always()