[ci-coach] ci: split CLI MCP Inspect GitHub matrix group, pin upload-artifact action #19729
Description
Summary
Two targeted improvements to the CI workflow identified by CI Coach run #92:
- Split "CLI MCP Other" integration test group — the slowest matrix job (112.5s), dominated by sequential GitHub API calls in
TestMCPInspectGitHub*tests - Pin
upload-artifactaction insafe-outputs-conformancejob — the only remaining unpinned action reference in the CI file
Optimizations
1. Split "CLI MCP Inspect GitHub" into dedicated matrix group
Type: Test Suite Restructuring
Impact: ~7.5s reduction off the slowest integration job (~6.7% improvement for that job)
Risk: Low — same tests run, just isolated to their own parallel matrix job
Root cause: "CLI MCP Other" was the slowest integration group at 112.5s wall clock, with TestMCPInspectGitHub* accounting for ~105.5s of that (3 tests making sequential GitHub API calls, each ~15s per sub-test × 3 engines). The remaining TestMCPAdd|TestMCPServer|TestMCPConfig tests only take ~7.5s.
Change:
- New group "CLI MCP Inspect GitHub" with pattern
TestMCPInspectGitHub(~105s) - "CLI MCP Other" reduced to
TestMCPAdd|TestMCPServer|TestMCPConfig(~7.5s) - Both run as parallel matrix jobs, so critical path = max(105s, 7.5s) = ~105s (vs 112.5s)
Integration job duration baseline (run 22711276357)
| Job | Duration |
|---|---|
| CLI MCP Other (bottleneck) | 112.5s |
| CLI MCP Connectivity | 65.3s |
| CLI Docker Build | 43.2s |
| CLI Security Tools | 38.8s |
| CLI Progress Flag | 31.1s |
| CLI HTTP MCP Connect | 20.7s |
| CLI Compile & Poutine | 12.4s |
| All others | < 8.4s |
After this change, "CLI MCP Inspect GitHub" (~105s) becomes the new bottleneck, with "CLI MCP Other" dropping to ~7.5s.
2. Pin upload-artifact in safe-outputs-conformance
Type: Security Hardening
Impact: Consistency with all other artifact upload steps
Risk: None — behavior identical, just using pinned SHA instead of mutable tag
Line 2103 (in the safe-outputs-conformance job) used actions/upload-artifact@v4, while all 8 other uses in the file use the pinned SHA actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.
Metrics Baseline (run #92)
- Total runs analyzed: 100
- Success rate: 63% (63/100)
- Average run duration: ~503s
- Main branch avg duration: ~237s
- Test coverage: ✅ Complete (4361/4361 tests executed)
- Slowest integration job: CLI MCP Other at 112.5s
Validation
The canary_go job downloads all test-result-* artifacts, so the new "CLI MCP Inspect GitHub" matrix group's results will be automatically included in coverage tracking.
Testing Plan
- Verify "CLI MCP Inspect GitHub" matrix job appears and runs
TestMCPInspectGitHub*tests - Verify "CLI MCP Other" now runs in ~7.5s
- Verify
canary_gostill shows 4361/4361 tests covered - Verify
safe-outputs-conformanceartifact upload succeeds with pinned action
Proposed by CI Coach workflow run #92
Generated by CI Optimization Coach · ◷
- expires on Mar 7, 2026, 1:41 PM UTC
Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the agent-artifacts artifact in the workflow run linked above.
To create a pull request with the changes:
# Download the artifact from the workflow run
gh run download 22720059714 -n agent-artifacts -D /tmp/agent-artifacts-22720059714
# Create a new branch
git checkout -b ci-coach/split-mcp-inspect-pin-action-8026a61ac549a0ad
# Apply the patch (--3way handles cross-repo patches where files may already exist)
git am --3way /tmp/agent-artifacts-22720059714/aw-ci-coach-split-mcp-inspect-pin-action.patch
# Push the branch to origin
git push origin ci-coach/split-mcp-inspect-pin-action-8026a61ac549a0ad
# Create the pull request
gh pr create --title '[ci-coach] ci: split CLI MCP Inspect GitHub matrix group, pin upload-artifact action' --base main --head ci-coach/split-mcp-inspect-pin-action-8026a61ac549a0ad --repo github/gh-awShow patch preview (51 of 51 lines)
From 0667a7f48066b88d7c27f94b1d60d5d6853b9d6a Mon Sep 17 00:00:00 2001
From: GitHub Copilot <copilot@github.com>
Date: Thu, 5 Mar 2026 13:39:53 +0000
Subject: [PATCH] ci: split CLI MCP Inspect GitHub into dedicated matrix group,
pin upload-artifact
- Extract TestMCPInspectGitHub tests into dedicated 'CLI MCP Inspect GitHub'
matrix group. These 3 tests make sequential GitHub API calls totaling ~105s,
and previously ran in 'CLI MCP Other' which was the slowest integration job
at 112.5s wall clock.
- With the split, both groups run in parallel as separate matrix jobs, reducing
the CLI MCP Other job from ~112.5s to ~7.5s and giving better test isolation.
- Pin safe-outputs-conformance upload-artifact action to SHA for consistency
with all other artifact upload steps in the file.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
.github/workflows/ci.yml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 44a2161..b96eaa9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -174,9 +174,12 @@ jobs:
- name: "CLI MCP Connectivity"
packages: "./pkg/cli"
pattern: "TestMCPInspectPlaywright|TestMCPGateway"
+ - name: "CLI MCP Inspect GitHub" # Isolate slow GitHub API inspection tests (~105s sequential)
+ packages: "./pkg/cli"
+ pattern: "TestMCPInspectGitHub"
- name: "CLI MCP Other"
packages: "./pkg/cli"
- pattern: "TestMCPAdd|TestMCPInspectGitHub|TestMCPServer|TestMCPConfig"
+ pattern: "TestMCPAdd|TestMCPServer|TestMCPConfig"
- name: "CLI Audit Logs & Firewall"
packages: "./pkg/cli"
pattern: "TestLogs|TestFirewall|TestNoStopTime|TestLocalWorkflow|^TestAudit|^TestInspect"
@@ -2100,7 +2103,7 @@ jobs:
- name: Upload conformance report
if: always()
- uses: actions/upload-art
... (truncated)