[ci-coach] ci: add cache-hit guard to dependency download steps in 12 jobs (#114) #21809
Description
CI Optimization Proposal
Summary
Add if: steps.setup-go.outputs.cache-hit != 'true' to dependency download steps in 12 jobs that were missing this optimization. These jobs were unconditionally running go mod download even when the Go module cache was already populated, wasting ~15-30 seconds of runner time per job.
Optimization
Cache-Hit Guard for Go Module Downloads
Type: Cache Optimization
Impact: ~3-6 minutes of total runner time saved per run (on cache hits)
Risk: Low
Changes: Added if: steps.setup-go.outputs.cache-hit != 'true' guard to 12 jobs:
| Job | Download Type |
|---|---|
update |
retry loop |
build-wasm |
retry loop (verbose) |
bench |
retry loop |
audit |
retry loop |
actions-build |
retry loop |
security |
retry loop |
security-scan |
retry loop |
cross-platform-build |
retry loop |
alpine-container-test |
retry loop |
safe-outputs-conformance |
simple |
integration-unauthenticated-add |
simple |
integration-add-dispatch-workflow |
simple |
Rationale: The test, integration, and fuzz jobs already had this guard. Applying it consistently across all jobs ensures that on cache hits (~80%+ of runs), module downloads are skipped entirely. Each skipped download saves ~15-30 seconds of runner time, adding up to 3-6 minutes per run across all 12 jobs.
Analysis Results
- Test coverage: ✅ All 4762 tests in the repository are executed by the CI matrix - no gaps
- Fuzz tests: ✅ All 4 fuzz groups running correctly on
main(10s each, no crashes) - Success rate: 49% across last 100 runs (mainly due to cancellations and PR churn)
- Typical full run duration: ~18 minutes
Validation Results
✅ YAML syntax validated with Python yaml library
✅ All 27 CI jobs parsed correctly
Testing Plan
- Verify workflow syntax on first run
- Monitor cache hit/miss rates in job summaries
- Confirm download step is skipped on cache hits (shows as skipped in Actions UI)
Metrics Baseline
- Average successful run time: ~18 minutes
- Success rate: 49/100 last runs
- Test coverage: 4762/4762 (100%)
- Jobs missing cache-hit guard: 12 → 0
Proposed by CI Coach workflow run #114
Generated by CI Optimization Coach · ◷
- expires on Mar 21, 2026, 1:43 PM UTC
Warning
🛡️ Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files: .github/workflows/ci.yml.
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission. A human must create the pull request manually.
To create a pull request with the changes:
# Download the patch from the workflow run
gh run download 23297258286 -n agent-artifacts -D /tmp/agent-artifacts-23297258286
# Create a new branch
git checkout -b ci-coach/cache-hit-guard-optimization-114-b38e6302c690c1d0 main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-artifacts-23297258286/aw-ci-coach-cache-hit-guard-optimization-114.patch
# Push the branch and create the pull request
git push origin ci-coach/cache-hit-guard-optimization-114-b38e6302c690c1d0
gh pr create --title '[ci-coach] ci: add cache-hit guard to dependency download steps in 12 jobs (#114)' --base main --head ci-coach/cache-hit-guard-optimization-114-b38e6302c690c1d0 --repo github/gh-aw