npm - @invarn/cibuild - Versions diffs - 1.9.3 → 1.9.5 - Mend

@invarn/cibuild 1.9.3 → 1.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.cjs +1 -1
package/dist/src/yaml/steps/cache.d.ts.map +1 -1
package/dist/src/yaml/steps/cache.js +21 -32
package/dist/src/yaml/steps/steps.test.js +32 -14
package/package.json +1 -1

package/dist/src/yaml/steps/cache.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBxD;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,4HAA4H;IAC5H,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sHAAsH;IACtH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAUrD,CAAC;AAmFF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YA0GzF,iBAAiB;CA8LhC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;~~YA4JzF~~,iBAAiB;~~CA2IhC~~"}
1	+ {"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBxD;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,4HAA4H;IAC5H,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sHAAsH;IACtH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAUrD,CAAC;AAmFF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YA0GzF,iBAAiB;CA8LhC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YAgKzF,iBAAiB;CA4HhC"}

package/dist/src/yaml/steps/cache.js CHANGED Viewed

@@ -484,9 +484,13 @@ export class CachePushStepExecutor extends BaseStepExecutor {
             commands.push('  echo "Paths to cache:"');
             commands.push('  printf "  %s\\n" "${PATHS_TO_CACHE[@]}"');
         }
-        // Atomic write: .tmp + rename. No lock needed — runs are serialized per runner,
-        // and cross-writer races resolve to last-writer-wins without corruption.
-        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_FILE.tmp" && mv "$CACHE_FILE.tmp" "$CACHE_FILE" || true');
+        // Atomic write into a per-process-unique temp (CBR-12). The "runs serialized
+        // per runner" assumption behind a fixed "$CACHE_FILE.tmp" is false with two VM
+        // slots and collides with the host cache daemon mutating this VirtioFS-shared
+        // dir; a unique name (PID + $RANDOM) removes the clash. The atomic mv is kept,
+        // and a failed compress/mv removes its own temp (no orphan) and stays non-fatal.
+        commands.push('  CACHE_TMP="$CACHE_FILE.$$.$RANDOM.tmp"');
+        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_TMP" && mv "$CACHE_TMP" "$CACHE_FILE" || rm -f "$CACHE_TMP"');
         commands.push('  if [ -f "$CACHE_FILE" ]; then');
         commands.push('    echo "Cache created successfully"');
         if (isDebugMode) {
@@ -587,40 +591,25 @@ export class CachePushStepExecutor extends BaseStepExecutor {
         // build. Atomic .tmp + mv overwrites any prior tarball under this key.
         commands.push('if [ ${#PATHS_TO_CACHE[@]} -gt 0 ]; then');
         commands.push('  echo "Caching ${#PATHS_TO_CACHE[@]} path(s)..."');
-        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_FILE.tmp" && mv "$CACHE_FILE.tmp" "$CACHE_FILE" || true');
+        // Per-process-unique temp (CBR-12). The old fixed "$CACHE_FILE.tmp" assumed
+        // a single serialized writer — false with two VM slots, and it collides with
+        // the host cache daemon mutating this VirtioFS-shared dir, which (a) made the
+        // guest's own .tmp transiently vanish at `mv` (silent clobber, masked by
+        // `|| true`) and (b) dropped VirtioFS off its async fast path. A unique name
+        // removes the collision; the atomic mv into place is preserved, and a failed
+        // compress/mv removes its own temp (no orphan) while staying non-fatal.
+        commands.push('  CACHE_TMP="$CACHE_FILE.$$.$RANDOM.tmp"');
+        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_TMP" && mv "$CACHE_TMP" "$CACHE_FILE" || rm -f "$CACHE_TMP"');
         commands.push('  if [ -f "$CACHE_FILE" ]; then');
         commands.push('    echo "Cache created successfully"');
         if (isDebugMode) {
             commands.push('    echo "Cache size: $(du -h "$CACHE_FILE" | cut -f1)"');
         }
-        // Retention per-scope: (1) keep N newest by mtime — touched on hit in
-        // cache-pull so this is LRU, not strictly creation-order; (2) delete
-        // anything past the age cap regardless of position; (3) enforce a size
-        // budget, oldest-out. Two passes are required: the size pass needs the
-        // post-cleanup set, otherwise its running sum counts tarballs that the
-        // count/age pass is about to delete and over-evicts.
-        commands.push('    __ci_ret_scope="${CACHE_KEY%-*}"');
-        commands.push('    __ci_ret_count_cap=5');
-        commands.push('    __ci_ret_age_cap=$((30 * 86400))');
-        commands.push('    __ci_ret_size_cap_kb="${CIBUILD_CACHE_SCOPE_BUDGET_KB:-10485760}"');
-        commands.push('    __ci_ret_now=$(date +%s)');
-        commands.push('    __ci_ret_idx=0');
-        commands.push('    while IFS= read -r __ci_ret_f; do');
-        commands.push('      __ci_ret_idx=$((__ci_ret_idx + 1))');
-        commands.push('      __ci_ret_age=$(( __ci_ret_now - $(stat -f %m "$__ci_ret_f" 2>/dev/null || echo "$__ci_ret_now") ))');
-        commands.push('      if [ "$__ci_ret_idx" -gt "$__ci_ret_count_cap" ] || [ "$__ci_ret_age" -gt "$__ci_ret_age_cap" ]; then');
-        commands.push('        rm -f "$__ci_ret_f"');
-        commands.push('      fi');
-        commands.push('    done < <(ls -t "$CACHE_DIR"/"$__ci_ret_scope"-*.tar.zst 2>/dev/null)');
-        commands.push('    __ci_ret_running_kb=0');
-        commands.push('    while IFS= read -r __ci_ret_f; do');
-        commands.push('      __ci_ret_size=$(du -k "$__ci_ret_f" 2>/dev/null | cut -f1)');
-        commands.push('      __ci_ret_size=${__ci_ret_size:-0}');
-        commands.push('      __ci_ret_running_kb=$((__ci_ret_running_kb + __ci_ret_size))');
-        commands.push('      if [ "$__ci_ret_running_kb" -gt "$__ci_ret_size_cap_kb" ]; then');
-        commands.push('        rm -f "$__ci_ret_f"');
-        commands.push('      fi');
-        commands.push('    done < <(ls -t "$CACHE_DIR"/"$__ci_ret_scope"-*.tar.zst 2>/dev/null)');
+        // Retention is no longer applied here (ADR 0002 / CBR-6). It moved into the
+        // long-lived peer cache daemon, which owns ~/cache and — unlike the guest —
+        // knows (via the manager) which scopes this runner OWNS and must never evict.
+        // A guest-side prune would have to run blind to ownership and could reap the
+        // fleet's single durable copy, so the daemon owns the whole policy now.
         commands.push('  else');
         commands.push('    echo "Warning: Failed to create cache file"');
         commands.push('  fi');

package/dist/src/yaml/steps/steps.test.js CHANGED Viewed

@@ -336,6 +336,20 @@ describe('Step Implementations', () => {
             const result = await executor.execute(inputs, {}, testConfig);
             expect(result.script).toContain('skipped');
         });
+        test('uses a per-process-unique temp for the atomic write (CBR-12)', async () => {
+            const executor = new CachePushStepExecutor();
+            const result = await executor.execute({ technology: 'kmm' }, {}, testConfig);
+            // The old fixed "$CACHE_FILE.tmp" assumed a single writer ("runs
+            // serialized per runner") — false with two VM slots, and it collides with
+            // the host cache daemon mutating the same VirtioFS-shared dir. A unique
+            // temp (PID + $RANDOM) removes the collision; the atomic mv is preserved.
+            expect(result.script).not.toContain('> "$CACHE_FILE.tmp"');
+            expect(result.script).toContain('CACHE_TMP="$CACHE_FILE.$$.$RANDOM.tmp"');
+            expect(result.script).toContain('mv "$CACHE_TMP" "$CACHE_FILE"');
+            // A failed compress/mv cleans its own temp instead of leaking orphans,
+            // and stays non-fatal (never fails the build).
+            expect(result.script).toContain('rm -f "$CACHE_TMP"');
+        });
         test('should require cache_paths', async () => {
             const executor = new CachePushStepExecutor();
             const inputs = {
@@ -421,20 +435,24 @@ describe('Step Implementations', () => {
         test('should use atomic write (tmp + mv) for preset push', async () => {
             const executor = new CachePushStepExecutor();
             const result = await executor.execute({ technology: 'gradle' }, {}, testConfig);
-            expect(result.script).toContain('> "$CACHE_FILE.tmp"');
-            expect(result.script).toContain('mv "$CACHE_FILE.tmp" "$CACHE_FILE"');
-        });
-        test('should sweep retention (count + age + size budget) after successful preset push', async () => {
+            expect(result.script).toContain('> "$CACHE_TMP"');
+            expect(result.script).toContain('mv "$CACHE_TMP" "$CACHE_FILE"');
+        });
+        test('should NOT emit guest-side retention (the peer cache daemon owns it, CBR-6)', async () => {
+            // ADR 0002 / CBR-6: retention moved into the long-lived peer cache daemon,
+            // which knows (via the manager) which scopes this runner owns and must never
+            // evict. The guest cache-push no longer prunes — it could only reap an owner's
+            // durable copy, having no ownership knowledge of its own.
             const executor = new CachePushStepExecutor();
             const result = await executor.execute({ technology: 'kmm' }, {}, testConfig);
-            expect(result.script).toContain('__ci_ret_scope="${CACHE_KEY%-*}"');
-            expect(result.script).toContain('ls -t "$CACHE_DIR"/"$__ci_ret_scope"-*.tar.zst');
-            expect(result.script).toContain('__ci_ret_count_cap=5');
-            expect(result.script).toContain('__ci_ret_age_cap=$((30 * 86400))');
-            expect(result.script).toContain('CIBUILD_CACHE_SCOPE_BUDGET_KB');
-            expect(result.script).toContain('rm -f "$__ci_ret_f"');
-        });
-        test('should not run retention for manual cache_key push (no scope)', async () => {
+            expect(result.script).not.toContain('__ci_ret_scope');
+            expect(result.script).not.toContain('__ci_ret_count_cap');
+            expect(result.script).not.toContain('__ci_ret_age_cap');
+            expect(result.script).not.toContain('CIBUILD_CACHE_SCOPE_BUDGET_KB');
+            // The successful-push path itself is unchanged.
+            expect(result.script).toContain('Cache created successfully');
+        });
+        test('should not emit retention for a manual cache_key push either', async () => {
             const executor = new CachePushStepExecutor();
             const result = await executor.execute({ cache_key: 'my-key', cache_paths: ['build'] }, {}, testConfig);
             expect(result.script).not.toContain('__ci_ret_scope');
@@ -443,8 +461,8 @@ describe('Step Implementations', () => {
         test('should use atomic write (tmp + mv) for manual cache_key push', async () => {
             const executor = new CachePushStepExecutor();
             const result = await executor.execute({ cache_key: 'my-key', cache_paths: ['build'] }, {}, testConfig);
-            expect(result.script).toContain('> "$CACHE_FILE.tmp"');
-            expect(result.script).toContain('mv "$CACHE_FILE.tmp" "$CACHE_FILE"');
+            expect(result.script).toContain('> "$CACHE_TMP"');
+            expect(result.script).toContain('mv "$CACHE_TMP" "$CACHE_FILE"');
         });
     });
     describe('XcodeBuildStepExecutor', () => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@invarn/cibuild",
-  "version": "1.9.3",
+  "version": "1.9.5",
   "description": "CI Build CLI — local pipeline orchestration and validation",
   "type": "module",
   "main": "dist/cli.cjs",