[ci] Various performance improvements (#2829)

* [ci] Cache MSRV's cargo index to improve performance

This seems to speed things up significantly, resulting e.g. in [1]
taking 3m34s (with a cache hit, skipping the "Generate cache" step).

[1] https://github.com/google/zerocopy/actions/runs/19657114158

* [ci] Avoid downloading cache unnecessarily

When generating the cache, if there's a cache hit, don't download the
cache. Previously, we would download the cache and *then* check for a
cache hit.

* [ci] Calculate code coverage in parallel

* Make cargo-zerocopy smarter about caching

Modify the `cargo-zerocopy` tool:
- To set `CARGO_TARGET_DIR` to a toolchain-specific directory inside of
  `target/` so that different toolchains won't clobber each others'
  artifacts
- To auto-install toolchains and toolchain components via `rustup`
  without prompting for user input when running from a GitHub Actions
  environment

This allows us to remove an explicit install step during CI.

Author: joshlf

.github/actions/cache/action.yml

@@ -7,20 +7,55 @@
 # those terms.
 
 name: Cache
-description: 'Caches cargo dependencies'
-outputs:
-  cache-hit:
-    description: "Cache Hit"
-    value: ${{ steps.cache.outputs.cache-hit }}
+description: "Caches cargo and rustup dependencies"
+inputs:
+  mode:
+    description: "restore or generate"
+    default: "restore"
+  run:
+    description: "Commands to run to populate cache (only for generate mode)"
+    default: ""
 runs:
   using: composite
   steps:
-    - uses: actions/cache@v4
+    - name: Restore Cache
+      if: inputs.mode == 'restore'
+      uses: actions/cache@v4
       id: cache
       with:
-        path: |
-          ~/.cargo/
+        path: ~/.cargo/
         key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
         restore-keys: |
           ${{ runner.os }}-cargo-
 
+    - name: Check Cache (Generate Mode)
+      if: inputs.mode == 'generate'
+      id: check
+      shell: bash
+      env:
+        RUNNER_OS: ${{ runner.os }}
+        CARGO_TOML_HASH: ${{ hashFiles('**/Cargo.toml') }}
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        CACHE_KEY="${RUNNER_OS}-cargo-${CARGO_TOML_HASH}"
+        if gh cache list --key "$CACHE_KEY" --limit 1 | grep -q "$CACHE_KEY"; then
+          echo "cache-hit=true" >> $GITHUB_OUTPUT
+        else
+          echo "cache-hit=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Run Commands (Generate Mode)
+      if: inputs.mode == 'generate' && steps.check.outputs.cache-hit != 'true'
+      shell: bash
+      env:
+        RUN_COMMANDS: ${{ inputs.run }}
+      run: |
+        echo "$RUN_COMMANDS" > run_commands.sh
+        source run_commands.sh
+
+    - name: Save Cache (Generate Mode)
+      if: inputs.mode == 'generate' && steps.check.outputs.cache-hit != 'true'
+      uses: actions/cache/save@v4
+      with:
+        path: ~/.cargo/
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}

.github/workflows/ci.yml

@@ -598,51 +598,34 @@ jobs:
         matrix.target != 'wasm32-unknown-unknown' &&
         env.ZC_SKIP_CARGO_SEMVER_CHECKS != '1'
 
-    # TODO(#453): Doing this as a matrix step is a hack that allows us to depend
-    # on the fact that toolchains have already been installed. We currently only
-    # run this on a single matrix combination, but doing it outside of the
-    # matrix would require us to replicate the toolchain resolution and
-    # installation logic. We should either:
-    # - Figure out how to factor out the toolchain resolution and installation
-    #   logic (see #1275) for an attempt
-    # - Support multiple matrix combinations (which we intend to do as part of
-    #   #453 eventually anyway) so that this location is justified
-    - name: Generate code coverage
-      env:
-        TOOLCHAIN: ${{ matrix.toolchain }}
-        CRATE: ${{ matrix.crate }}
-        TARGET: ${{ matrix.target }}
-        FEATURES: ${{ matrix.features }}
-      run: |
-        set -eo pipefail
-        ./cargo.sh +nightly install cargo-llvm-cov
-
-        ./cargo.sh +$TOOLCHAIN llvm-cov \
-          --package $CRATE              \
-          --target $TARGET              \
-          $FEATURES                     \
-          --doctests                                 \
-          --lcov                                     \
-          --output-path lcov.info                    \
-          --verbose                                  \
-          --                                         \
-          --skip ui
-      if: |
-        matrix.crate == 'zerocopy'          &&
-        matrix.features == '--all-features' &&
-        matrix.toolchain == 'nightly'       &&
-        matrix.target == 'x86_64-unknown-linux-gnu'
-
-    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-        files: lcov.info
-      if: |
-        matrix.crate == 'zerocopy'          &&
-        matrix.features == '--all-features' &&
-        matrix.toolchain == 'nightly'       &&
-        matrix.target == 'x86_64-unknown-linux-gnu'
+  coverage:
+    runs-on: ubuntu-latest
+    name: Generate code coverage
+    needs: generate_cache
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+      - name: Populate cache
+        uses: ./.github/actions/cache
+      - name: Generate code coverage
+        run: |
+          set -eo pipefail
+          ./cargo.sh +nightly install cargo-llvm-cov
+          ./cargo.sh +nightly llvm-cov \
+            --package zerocopy \
+            --target x86_64-unknown-linux-gnu \
+            --all-features \
+            --doctests \
+            --lcov \
+            --output-path lcov.info \
+            --verbose \
+            -- --skip ui
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: lcov.info
 
   kani:
     runs-on: ubuntu-latest        
@@ -832,47 +815,49 @@ jobs:
         with:
           persist-credentials: false
 
-      - id: populate-cache
+      - name: Populate cache
         uses: ./.github/actions/cache
-
-      - name: Download dependencies
-        if: steps.populate-cache.outputs.cache-hit != 'true'
-        run: |
-          # Ensure all dependencies are downloaded - both for our crates and for
-          # tools we use in CI. We don't care about these tools succeeding for
-          # two reasons: First, this entire job is best-effort since it's just a
-          # performance optimization. Second, there may be failures due to
-          # issues other than failing to download dependencies (e.g., `cargo
-          # metadata` called with a malformed `Cargo.toml`, build failure in our
-          # own crate or in dependencies, etc). For those reasons, we discard
-          # stderr and ignore status codes.
-          #
-          # For downloading our crates' dependencies in particular, note that
-          # there is no support for doing this directly [1], so we just check
-          # all crates using --tests.
-          #
-          # We background all jobs and then wait for them so that they can run
-          # in parallel.
-          #
-          # [1]  https://stackoverflow.com/a/42139535/836390
-
-          # See comment on "Pin syn dependency" job for why we do this. It needs
-          # to happen before the subsequent `cargo check`, so we don't
-          # background it.
-          #
-          # TODO(#1595): Debug why this step is still necessary after #1564 and
-          # maybe remove it.
-          cargo add -p zerocopy-derive 'syn@=2.0.46' &> /dev/null
-
-          cargo check --workspace --tests                         &> /dev/null &
-          cargo metadata                                          &> /dev/null &
-          cargo install cargo-readme --version 3.2.0              &> /dev/null &
-          cargo install --locked action-validator --version 0.8.0 &> /dev/null &
-          cargo install --locked kani-verifier                    &> /dev/null &
-          cargo install cargo-nextest                             &> /dev/null &
-          cargo kani setup                                        &> /dev/null &
-
-          wait
+        with:
+          mode: generate
+          run: |
+            # Ensure all dependencies are downloaded - both for our crates and for
+            # tools we use in CI. We don't care about these tools succeeding for
+            # two reasons: First, this entire job is best-effort since it's just a
+            # performance optimization. Second, there may be failures due to
+            # issues other than failing to download dependencies (e.g., `cargo
+            # metadata` called with a malformed `Cargo.toml`, build failure in our
+            # own crate or in dependencies, etc). For those reasons, we discard
+            # stderr and ignore status codes.
+            #
+            # For downloading our crates' dependencies in particular, note that
+            # there is no support for doing this directly [1], so we just check
+            # all crates using --tests.
+            #
+            # We background all jobs and then wait for them so that they can run
+            # in parallel.
+            #
+            # [1]  https://stackoverflow.com/a/42139535/836390
+
+            # See comment on "Pin syn dependency" job for why we do this. It needs
+            # to happen before the subsequent `cargo check`, so we don't
+            # background it.
+            #
+            # TODO(#1595): Debug why this step is still necessary after #1564 and
+            # maybe remove it.
+            cargo add -p zerocopy-derive 'syn@=2.0.46' &> /dev/null
+
+            cargo check --workspace --tests                         &> /dev/null &
+            # On our MSRV toolchain, updating the Cargo index takes a long time, so
+            # it is worth specifically caching the MSRV index.
+            ./cargo.sh +msrv check --workspace --tests              &> /dev/null &
+            cargo metadata                                          &> /dev/null &
+            cargo install cargo-readme --version 3.2.0              &> /dev/null &
+            cargo install --locked action-validator --version 0.8.0 &> /dev/null &
+            cargo install --locked kani-verifier                    &> /dev/null &
+            cargo install cargo-nextest                             &> /dev/null &
+            cargo kani setup                                        &> /dev/null &
+
+            wait
 
   check-all-toolchains-tested:
     runs-on: ubuntu-latest
@@ -966,7 +951,7 @@ jobs:
       # https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks
       if: failure()
       runs-on: ubuntu-latest
-      needs: [build_test, kani, check_be_aarch64, check_avr_atmega, check_fmt, check_actions, check_readme, check_versions, check_msrv_is_minimal, generate_cache, check-all-toolchains-tested, check-job-dependencies, check-todo, run-git-hooks, zizmor]
+      needs: [build_test, coverage, kani, check_be_aarch64, check_avr_atmega, check_fmt, check_actions, check_readme, check_versions, check_msrv_is_minimal, generate_cache, check-all-toolchains-tested, check-job-dependencies, check-todo, run-git-hooks, zizmor]
       steps:
         - name: Mark the job as failed
           run: exit 1

cargo.sh

@@ -8,7 +8,8 @@
 
 set -eo pipefail
 
-# Build `cargo-zerocopy` without any RUSTFLAGS set in the environment
-env -u RUSTFLAGS cargo +stable build --manifest-path tools/Cargo.toml -p cargo-zerocopy -q
+# Build `cargo-zerocopy` without any RUSTFLAGS or CARGO_TARGET_DIR set in the
+# environment
+env -u RUSTFLAGS -u CARGO_TARGET_DIR cargo +stable build --manifest-path tools/Cargo.toml -p cargo-zerocopy -q
 # Thin wrapper around the `cargo-zerocopy` binary in `tools/cargo-zerocopy`
 ./tools/target/debug/cargo-zerocopy $@

tools/cargo-zerocopy/src/main.rs

@@ -141,19 +141,17 @@ fn is_toolchain_installed(versions: &Versions, name: &str) -> Result<bool, Error
 fn install_toolchain_or_exit(versions: &Versions, name: &str) -> Result<(), Error> {
     eprintln!("[cargo-zerocopy] missing either toolchain '{name}' or component 'rust-src'");
     if env::vars().any(|v| v.0 == "GITHUB_RUN_ID") {
-        // If we're running in a GitHub action, then it's better to bail than to
-        // hang waiting for input we're never going to get.
-        process::exit(1);
-    }
-
-    loop {
-        eprint!("[cargo-zerocopy] would you like to install toolchain '{name}' and component 'rust-src' via 'rustup' (y/n)? ");
-        let mut input = [0];
-        io::stdin().read_exact(&mut input).unwrap();
-        match input[0] as char {
-            'y' | 'Y' => break,
-            'n' | 'N' => process::exit(1),
-            _ => (),
+        eprint!("[cargo-zerocopy] detected GitHub Actions environment; auto-installing without waiting for confirmation");
+    } else {
+        loop {
+            eprint!("[cargo-zerocopy] would you like to install toolchain '{name}' and component 'rust-src' via 'rustup' (y/n)? ");
+            let mut input = [0];
+            io::stdin().read_exact(&mut input).unwrap();
+            match input[0] as char {
+                'y' | 'Y' => break,
+                'n' | 'N' => process::exit(1),
+                _ => (),
+            }
         }
     }
 
@@ -235,6 +233,12 @@ fn delegate_cargo() -> Result<(), Error> {
 
                 let mut cmd = rustup(["run", version, "cargo"], Some(("RUSTFLAGS", &rustflags)));
 
+                if env::var("CARGO_TARGET_DIR").is_ok() {
+                    eprintln!("[cargo-zerocopy] WARNING: `CARGO_TARGET_DIR` is set - this may cause `cargo-zerocopy` to behave unexpectedly");
+                } else {
+                    cmd.env("CARGO_TARGET_DIR", format!("target/by-toolchain/{}", name));
+                }
+
                 // Computes the fully-qualified package name of workspace package `p`.
                 let fqpn = |p| {
                     // Generate a lockfile, if absent.