Skip to content

ci: use cachix for all nix jobs#15327

Open
Alizter wants to merge 1 commit into
ocaml:mainfrom
Alizter:push-lvxmwwsrvtsu
Open

ci: use cachix for all nix jobs#15327
Alizter wants to merge 1 commit into
ocaml:mainfrom
Alizter:push-lvxmwwsrvtsu

Conversation

@Alizter

@Alizter Alizter commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Replace nix-community/cache-nix-action@v7 with cachix/cachix-action@v15 (cache name ocaml-dune, authed via CACHIX_AUTH_TOKEN_OCAML_DUNE) on all six nix jobs that had it: nix-build-4-14, nix-build-ox, rocq, rocq-native, nix-oxcaml, utop-dev-tool-test.
  • Add the same cachix step to six nix jobs that previously had no caching: nix-build, nix-test, fmt, doc, bootstrap, build-microbench.

Why

The GitHub Actions cache backend repeatedly hit its per-repo spending limit (`Cache reservation failed: You have reached your configured budget, your cache is now read only to prevent additional charges.`). Once the budget was exhausted, cache-nix-action saves silently failed and subsequent runs fell back via restore-prefixes-first-match to whatever stale entry was still around — which is why nix-oxcaml on main kept restoring a 626 MiB pre-#15299 cache and re-downloading the OxCaml closure on every run.

Independently, cache-nix-action never purged old prefix-matched entries on save, so each distinct **/*.nix/flake.lock hash accumulated a full-sized entry. A snapshot before this PR showed ~3.6 GiB of duplicate rocq / rocq-native / nix-build-4-14 caches alone.

Cachix has no per-repo budget, is shared across branches and PRs, and avoids both problems.

Test plan

  • First run on this branch warms the ocaml-dune cachix cache.
  • A second run (rerun or follow-up commit that doesn't touch *.nix) shows cachix hits in the logs and faster nix develop startup for the heavier jobs (nix-oxcaml, nix-build-ox, rocq*).
  • No `Cache reservation failed` annotation on the run.

@rgrinberg

Copy link
Copy Markdown
Member

How big of a cache do we need? I've bumped our github actions cache to 50GB previously. Wasn't that enough?

@Alizter

Alizter commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

How big of a cache do we need? I've bumped our github actions cache to 50GB previously. Wasn't that enough?

It was causing cache stores to be rejected due to meeting billing limitations. Its opaque to me why this is happening.

I'm able to give a cachix secret here in the repo allowing us to use a cachix server which I've been testing out successfully in my fork.

@Alizter

Alizter commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator Author

Here is an example of such an issue:

https://github.com/ocaml/dune/actions/runs/28181786547/job/83473615172?pr=15326#step:9:4954

This has been happening regularly.

Replace the per-job nix-community/cache-nix-action setup with a single
cachix/cachix-action step that pushes/pulls from the ocaml-dune cache.
Also adds cachix to nix jobs that previously had no caching at all
(nix-build, nix-test, fmt, doc, bootstrap, build-microbench).

The GitHub Actions cache backend repeatedly hit its spending limit
('Cache reservation failed: ...read only to prevent additional
charges'), at which point new saves failed and restores fell back to
stale prefix matches. cache-nix-action also accumulated one full-sized
entry per distinct '**/*.nix'/flake.lock hash, since it never purged
old prefix-matched entries on save. Cachix has no per-repo budget,
shares across branches and PRs, and avoids the duplicate-cache
problem.

Signed-off-by: Ali Caglayan <alizter@gmail.com>
@Alizter Alizter force-pushed the push-lvxmwwsrvtsu branch from 6b6d4ce to 6cfc504 Compare June 26, 2026 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants