mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-09 08:21:50 +00:00
40ae170647
The arm64 PR build ran fully uncached because the previous gha cache backend's short-lived Azure SAS token expired mid-build on slow cold-cache arm64 runs and crashed before the smoke test. Uncached arm64 PR builds were ~45% slower than amd64 (median 553s vs 382s), making the arm64 job the one most often cancelled on supersede — surfacing as a red X in PR checks and reading as 'the arm64 build keeps failing'. Switch arm64 to a registry-backed cache on ghcr.io (type=registry, ref ghcr.io/nousresearch/hermes-agent:buildcache-arm64). Its credential is the job-lifetime GITHUB_TOKEN, not a time-boxed SAS token, so the cold-build-outlives-token failure mode cannot recur. - PR builds: cache-from only (read-only) — warm layers, no write races, no cache-ref pollution from rapid PR pushes. - main/release builds: cache-from + cache-to (mode=max) to populate the cache for subsequent PR/main builds and let the digest push reuse the smoke-test build's layers. - Add packages: write permission and a ghcr.io login for the cache. amd64 keeps its gha cache: it builds fast enough to stay inside the SAS token's lifetime, so it never hit this failure mode. |
||
|---|---|---|
| .. | ||
| build-windows-installer.yml | ||
| contributor-check.yml | ||
| deploy-site.yml | ||
| docker-lint.yml | ||
| docker-publish.yml | ||
| docs-site-checks.yml | ||
| history-check.yml | ||
| lint.yml | ||
| nix-lockfile-fix.yml | ||
| nix.yml | ||
| osv-scanner.yml | ||
| skills-index-freshness.yml | ||
| skills-index.yml | ||
| supply-chain-audit.yml | ||
| tests.yml | ||
| upload_to_pypi.yml | ||
| uv-lockfile-check.yml | ||