Delete cache entries only on the workflow branch (#97)

* Delete cache entries on the workflow branch * Grant permissions for cache cleanup * Add delete-old-caches required for testing purposes * Revise help message * Faster generate-key * Use distinct cache-names for matrix/no-matrix jobs * Remove redundant permissions * Better fork detection logic
2026-02-12 09:26:53 +08:00 · 2024-01-15 10:15:36 -06:00
parent fca1a91340
commit 0c5d92d73a
3 changed files with 57 additions and 43 deletions
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -25,12 +25,11 @@ jobs:
    outputs:
      cache-name: ${{ steps.name.outputs.cache-name }}
    steps:
-    - name: Generate random file
-      shell: 'julia --color=yes {0}'
-      run: 'write("random.txt", string(rand(10)))'
-    - name: Set cache-name as output
+    - name: Generate random cache-name
      id: name
-      run: echo "cache-name=${{ hashFiles('random.txt') }}" >> $GITHUB_OUTPUT
+      run: |
+        cache_name=$(head -n 100 </dev/urandom | shasum -a 256 | cut -d ' ' -f 1)
+        echo "cache-name=$cache_name" | tee -a "$GITHUB_OUTPUT"

  test-save:
    needs: generate-key
@@ -54,7 +53,8 @@ jobs:
      id: cache
      uses: ./
      with:
-        cache-name: ${{ needs.generate-key.outputs.cache-name }}
+        cache-name: ${{ needs.generate-key.outputs.cache-name }}-matrix
+        delete-old-caches: required
    - name: Check no artifacts dir
      shell: 'julia --color=yes {0}'
      run: |
@@ -74,7 +74,8 @@ jobs:
      id: cache
      uses: ./
      with:
-        cache-name: ${{ needs.generate-key.outputs.cache-name }}
+        cache-name: ${{ needs.generate-key.outputs.cache-name }}-nomatrix
+        delete-old-caches: required
    - name: Check no artifacts dir
      shell: 'julia --color=yes {0}'
      run: |
@@ -106,7 +107,9 @@ jobs:
      id: cache
      uses: ./
      with:
-        cache-name: ${{ needs.generate-key.outputs.cache-name }}
+        cache-name: ${{ needs.generate-key.outputs.cache-name }}-matrix
+        # Cannot require a successful cache delete on forked PRs as the permissions for actions is limited to read
+        delete-old-caches: ${{ github.event.pull_request.head.repo.fork && 'false' || 'required' }}
    - name: Test cache-hit output
      shell: 'julia --color=yes {0}'
      run: |
@@ -138,7 +141,9 @@ jobs:
      id: cache
      uses: ./
      with:
-        cache-name: ${{ needs.generate-key.outputs.cache-name }}
+        cache-name: ${{ needs.generate-key.outputs.cache-name }}-nomatrix
+        # Cannot require a successful cache delete on forked PRs as the permissions for actions is limited to read
+        delete-old-caches: ${{ github.event.pull_request.head.repo.fork && 'false' || 'required' }}
    - name: Test cache-hit output
      shell: 'julia --color=yes {0}'
      run: |
--- a/action.yml
+++ b/action.yml
@@ -130,21 +130,21 @@ runs:

    # Not windows
    - uses: pyTooling/Actions/with-post-step@adef08d3bdef092282614f3b683897cefae82ee3
-      if: ${{ inputs.delete-old-caches == 'true' && runner.OS != 'Windows' }}
+      if: ${{ inputs.delete-old-caches != 'false' && runner.OS != 'Windows' }}
      with:
        # seems like there has to be a `main` step in this action. Could list caches for info if we wanted
        # main:  julia ${{ github.action_path }}/handle_caches.jl "${{ github.repository }}" "list"
        main: echo ""
-        post: julia $GITHUB_ACTION_PATH/handle_caches.jl "${{ github.repository }}" "rm" "${{ steps.keys.outputs.restore-key }}"
+        post: julia $GITHUB_ACTION_PATH/handle_caches.jl rm "${{ github.repository }}" "${{ steps.keys.outputs.restore-key }}" "${{ github.ref }}" "${{ inputs.delete-old-caches != 'required' }}"
      env:
        GH_TOKEN: ${{ inputs.token }}

    # Windows (because this action uses command prompt on windows)
    - uses: pyTooling/Actions/with-post-step@adef08d3bdef092282614f3b683897cefae82ee3
-      if: ${{ inputs.delete-old-caches == 'true' && runner.OS == 'Windows' }}
+      if: ${{ inputs.delete-old-caches != 'false' && runner.OS == 'Windows' }}
      with:
        main: echo ""
-        post: cd %GITHUB_ACTION_PATH% && julia handle_caches.jl "${{ github.repository }}" "rm" "${{ steps.keys.outputs.restore-key }}"
+        post: cd %GITHUB_ACTION_PATH% && julia handle_caches.jl rm "${{ github.repository }}" "${{ steps.keys.outputs.restore-key }}" "${{ github.ref }}" "${{ inputs.delete-old-caches != 'required' }}"
      env:
        GH_TOKEN: ${{ inputs.token }}

--- a/handle_caches.jl
+++ b/handle_caches.jl
@@ -1,58 +1,67 @@
 using Pkg, Dates
 function handle_caches()
-    repo = ARGS[1]
-    func = ARGS[2]
-    restore_key = get(ARGS, 3, "")
+    subcommand = ARGS[1]

-    if func == "list"
+    if subcommand == "list"
+        repo = ARGS[2]
        println("Listing existing caches")
        run(`gh cache list --limit 100 --repo $repo`)
-    elseif func == "rm"
-        caches = String[]
-        failed = String[]
-        for _ in 1:5 # limit to avoid accidental rate limiting
-            hits = split(strip(read(`gh cache list --limit 100 --repo $repo`, String)), keepempty=false)
-            search_again = length(hits) == 100
-            filter!(startswith(restore_key), hits)
-            isempty(hits) && break
-            # We can delete everything that matches the restore key because the new cache is saved later.
-            for c in hits
+    elseif subcommand == "rm"
+        repo, restore_key, ref = ARGS[2:4]
+        allow_failure = ARGS[5] == "true"
+
+        endpoint = "/repos/$repo/actions/caches"
+        page = 1
+        per_page = 100
+        escaped_restore_key = replace(restore_key, "\"" => "\\\"")
+        query = ".actions_caches[] | select(.key | startswith(\"$escaped_restore_key\")) | .id"
+
+        deletions = String[]
+        failures = String[]
+        while 1 <= page <= 5 # limit to avoid accidental rate limiting
+            cmd = `gh api -X GET $endpoint -F ref=$ref -F per_page=$per_page -F page=$page --jq $query`
+            ids = split(read(cmd, String); keepempty=false)
+            page = length(ids) == per_page ? page + 1 : -1
+
+            # We can delete all cache entries on this branch that matches the restore key
+            # because the new cache is saved later.
+            for id in ids
                try
-                    run(`gh cache delete $(split(c)[1]) --repo $repo`)
-                    push!(caches, c)
+                    run(`gh cache delete $id --repo $repo`)
+                    push!(deletions, id)
                catch e
                    @error e
-                    push!(failed, c)
+                    push!(failures, id)
                end
            end
-            search_again || break
        end
-        if isempty(failed) && isempty(caches)
-            println("No existing caches found for restore key `$restore_key`")
+        if isempty(failures) && isempty(deletions)
+            println("No existing caches found on ref `$ref` matching restore key `$restore_key`")
        else
-            if !isempty(failed)
-                println("Failed to delete $(length(failed)) existing caches for restore key `$restore_key`")
-                println.(failed)
+            if !isempty(failures)
+                println("Failed to delete $(length(failures)) existing caches on ref `$ref` matching restore key `$restore_key`")
+                println.(failures)
                @info """
                    To delete caches you need to grant the following to the default `GITHUB_TOKEN` by adding
-                    this to your yml:
+                    this to your workflow:
                    ```
                    permissions:
-                        actions: write
-                        contents: read
+                      actions: write
+                      contents: read
                    ```
                    (Note this won't work for fork PRs but should once merged)
                    Or provide a token with `repo` scope via the `token` input option.
                    See https://cli.github.com/manual/gh_cache_delete
                    """
+                allow_failure || exit(1)
            end
-            if !isempty(caches)
-                println("$(length(caches)) existing caches deleted that match restore key `$restore_key`:")
-                println.(caches)
+            if !isempty(deletions)
+                println("Deleted $(length(deletions)) caches on ref `$ref` matching restore key `$restore_key`")
+                println.(deletions)
            end
        end
    else
-        throw(ArgumentError("Unexpected second argument: $func"))
+        throw(ArgumentError("Unexpected subcommand: $subcommand"))
    end
 end