Speed up CI and stabilize aws-ca-regression#551
Open
dgarske wants to merge 2 commits into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR focuses on reducing CI runtime by centralizing/caching wolfSSL builds and trimming workflow matrices, and on stabilizing the AWS IoT regression test by retrying transient connection failures.
Changes:
- Added a reusable
build-wolfsslcomposite action that caches a wolfSSL install keyed by upstream master SHA + build options, then installs into/usr/local. - Reduced redundant wolfSSL builds (notably via
broker-checkbuild-once fan-out), trimmed some CI matrices, and addedconcurrency.cancel-in-progressacross multiple workflows. - Updated
scripts/awsiot.testto retry AWS IoT connection attempts with backoff; adjusted the aws-ca-regression workflow to disable retries for the expected-fail case.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/awsiot.test | Adds retry/backoff wrapper for AWS IoT client invocations. |
| .github/workflows/zephyr.yml | Adds workflow-level concurrency cancellation. |
| .github/workflows/windows-check.yml | Adds workflow-level concurrency cancellation. |
| .github/workflows/websocket-test.yml | Switches wolfSSL build to the shared build-wolfssl action; adds concurrency cancellation. |
| .github/workflows/ubuntu-check.yml | Uses build-wolfssl action and adjusts aws-ca-regression sequencing/timeout; adds concurrency cancellation. |
| .github/workflows/ubuntu-check-curl.yml | Uses build-wolfssl action; adds workflow-level concurrency cancellation. |
| .github/workflows/threadx.yml | Adds workflow-level concurrency cancellation. |
| .github/workflows/sec-websocket-test.yml | Adds workflow-level concurrency cancellation. |
| .github/workflows/sanitizer.yml | Removes redundant LeakSan job; uses build-wolfssl action; adjusts artifact paths. |
| .github/workflows/multi-compiler.yml | Trims compiler matrix; uses build-wolfssl action. |
| .github/workflows/mqtt-sn-check.yml | Uses build-wolfssl action; adds workflow-level concurrency cancellation. |
| .github/workflows/macos-check.yml | Adds workflow-level concurrency cancellation and wolfSSL install caching. |
| .github/workflows/fuzz.yml | Changes schedule to nightly and corrects smoke/full run gating logic. |
| .github/workflows/fsanitize-check.yml | Uses build-wolfssl action; adds workflow-level concurrency cancellation. |
| .github/workflows/docker-Espressif.yml | Adds workflow-level concurrency cancellation. |
| .github/workflows/cmake-build.yml | Adds wolfSSL caching and installs from cached prefix; adds concurrency cancellation. |
| .github/workflows/broker-check.yml | Adds a dedicated wolfSSL warm-cache job and removes redundant build-only MAX_QOS rows; uses build-wolfssl. |
| .github/actions/build-wolfssl/action.yml | New composite action to clone/build/cache/install wolfSSL. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
wolfSSL build caching. New
build-wolfsslcomposite action clones, builds, caches, and installs wolfSSL, keyed on the live wolfsslmastercommit plus the configure options. Because master-branch caches are readable by PR jobs, PRs get an instant wolfSSL cache hit. Installs into/usr/local, so no wolfMQTT./configurelines had to change. Applied across the Ubuntu autotools workflows; macOS and CMake builds get an equivalent SHA-keyed cache.broker-check build-once fan-out. A small prerequisite job warms the wolfSSL cache for each distinct config, so the build matrix restores wolfSSL instead of rebuilding it 17 times. wolfSSL builds per run drop from ~17 to 3.
Matrix trims and run cancellation. Compilers 6 -> 4 (range endpoints), dropped the redundant standalone LeakSan job (ASan already detects leaks at exit) and the build-only MAX_QOS=1/0 broker rows (covered by the CMake QoS matrix). Added
concurrency.cancel-in-progressto every push/PR workflow so superseded pushes stop immediately (the AWS-IoT serialization groups are preserved).aws-ca-regression stabilization. The flaky
Network (-8)failures came from rapid sequential connects reusing the hard-codeddemoDeviceclient ID against live AWS IoT.scripts/awsiot.testnow retries transient connection failures with backoff and settles between QoS connects. Retries cannot mask a real failure (it fails on every attempt); the expected-fail case 3 keeps a single attempt. Also fixed a pre-existing inverted skip condition that would attempt TLS tests on a no-TLS build.Measured impact (total billable job-seconds per run)
Largest warm-cache reductions: Sanitizer -69%, CMake -53%, MQTT-SN -41%, WebSocket -39%, Broker -38%, Multi-Compiler -35%, Ubuntu -33%. wall-clock also improves once caches are warm; the very first run on a cold cache pays the one-time build + cache-save cost. Workflows with specialized or no wolfSSL builds (ThreadX, Espressif, Zephyr) get cancellation only and are unchanged.
All workflows pass.