From 632289c7f0ac1c2876cec3bcb89c57cc522237d4 Mon Sep 17 00:00:00 2001 From: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> Date: Wed, 4 Feb 2026 13:17:02 +0530 Subject: [PATCH] fix(turbo): try remote caching (#65692) --- .github/actions/setup-turbo-cache/action.yml | 79 +++++++++++++++++++ .../workflows/curriculum-i18n-submodule.yml | 6 ++ .github/workflows/e2e-playwright.yml | 6 ++ .github/workflows/i18n-validate-builds.yml | 6 ++ .github/workflows/node.js-tests.yml | 32 ++++++++ turbo.json | 3 +- 6 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 .github/actions/setup-turbo-cache/action.yml diff --git a/.github/actions/setup-turbo-cache/action.yml b/.github/actions/setup-turbo-cache/action.yml new file mode 100644 index 00000000000..2f36d84fefc --- /dev/null +++ b/.github/actions/setup-turbo-cache/action.yml @@ -0,0 +1,79 @@ +# Caching Behaviour: +# ┌─────────────────────────┬─────────────────┬──────────────────┐ +# │ Context │ Can Read Cache? │ Can Write Cache? │ +# ├─────────────────────────┼─────────────────┼──────────────────┤ +# │ main (push) │ YES │ YES │ +# ├─────────────────────────┼─────────────────┼──────────────────┤ +# │ renovate/* │ YES │ YES │ +# ├─────────────────────────┼─────────────────┼──────────────────┤ +# │ PRs / temp-* / hotfix-* │ YES │ NO │ +# ├─────────────────────────┼─────────────────┼──────────────────┤ +# │ prod-* │ NO │ NO │ +# ├─────────────────────────┼─────────────────┼──────────────────┤ +# │ Fork PRs │ NO │ NO │ +# └─────────────────────────┴─────────────────┴──────────────────┘ + +name: 'Setup Turbo Remote Cache' +description: 'Conditionally configure Turbo remote cache based on branch and event context' + +inputs: + turbo-token: + description: 'Turbo remote cache authentication token' + required: true + turbo-signature-key: + description: 'Turbo remote cache signature key for artifact signing/verification' + required: true + +runs: + using: 'composite' + steps: + - name: Configure Turbo Remote Cache + shell: bash + env: + TURBO_TOKEN: ${{ inputs.turbo-token }} + TURBO_SIGNATURE_KEY: ${{ inputs.turbo-signature-key }} + GITHUB_REF_NAME: ${{ github.ref_name }} + GITHUB_EVENT_NAME: ${{ github.event_name }} + GITHUB_BASE_REF: ${{ github.base_ref }} + run: | + echo "::group::Turbo Cache Configuration" + echo "Branch: $GITHUB_REF_NAME" + echo "Event: $GITHUB_EVENT_NAME" + echo "Base ref: $GITHUB_BASE_REF" + + # Skip for deployment branches (pure builds) + if [[ "$GITHUB_REF_NAME" == prod-* ]]; then + echo "::notice::Deployment branch detected - Turbo cache DISABLED for pure build" + echo "::endgroup::" + exit 0 + fi + + # Skip if secrets are not available (fork PRs) + if [[ -z "$TURBO_TOKEN" || -z "$TURBO_SIGNATURE_KEY" ]]; then + echo "::notice::Turbo secrets not available (likely a fork PR) - Turbo cache DISABLED" + echo "::endgroup::" + exit 0 + fi + + # Base configuration for all other contexts + echo "TURBO_API=https://turbo-cache.freecodecamp.net" >> $GITHUB_ENV + echo "TURBO_TEAM=team_freecodecamp" >> $GITHUB_ENV + echo "TURBO_TOKEN=$TURBO_TOKEN" >> $GITHUB_ENV + echo "TURBO_REMOTE_CACHE_SIGNATURE_KEY=$TURBO_SIGNATURE_KEY" >> $GITHUB_ENV + echo "TURBO_TELEMETRY_DISABLED=1" >> $GITHUB_ENV + + # Determine if this context should have write access + # Write access: main branch push OR renovate branches + # Read-only: PRs and other branches (can read from cache, can't pollute it) + if [[ "$GITHUB_REF_NAME" == "main" && "$GITHUB_EVENT_NAME" == "push" ]]; then + echo "::notice::Main branch push - Turbo cache READ/WRITE enabled" + elif [[ "$GITHUB_REF_NAME" == renovate/* ]]; then + echo "::notice::Renovate branch - Turbo cache READ/WRITE enabled" + else + # All other contexts: read-only + # Use TURBO_CACHE=remote:r for read-only remote cache (local still read/write) + echo "TURBO_CACHE=local:rw,remote:r" >> $GITHUB_ENV + echo "::notice::PR/other branch - Turbo cache READ-ONLY enabled" + fi + + echo "::endgroup::" diff --git a/.github/workflows/curriculum-i18n-submodule.yml b/.github/workflows/curriculum-i18n-submodule.yml index 24cec794251..b713ac1794a 100644 --- a/.github/workflows/curriculum-i18n-submodule.yml +++ b/.github/workflows/curriculum-i18n-submodule.yml @@ -44,6 +44,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set Environment variables run: | cp sample.env .env diff --git a/.github/workflows/e2e-playwright.yml b/.github/workflows/e2e-playwright.yml index c506e21be52..9461eb898ab 100644 --- a/.github/workflows/e2e-playwright.yml +++ b/.github/workflows/e2e-playwright.yml @@ -40,6 +40,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Checkout client-config uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: diff --git a/.github/workflows/i18n-validate-builds.yml b/.github/workflows/i18n-validate-builds.yml index f1ca2d48dda..c565eeb7d98 100644 --- a/.github/workflows/i18n-validate-builds.yml +++ b/.github/workflows/i18n-validate-builds.yml @@ -33,6 +33,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set freeCodeCamp Environment Variables run: | cp sample.env .env diff --git a/.github/workflows/node.js-tests.yml b/.github/workflows/node.js-tests.yml index d0a3747ffd8..5a2a25a5936 100644 --- a/.github/workflows/node.js-tests.yml +++ b/.github/workflows/node.js-tests.yml @@ -6,6 +6,8 @@ on: - 'main' - 'prod-**' - 'renovate/**' + - 'hotfix-**' + - 'temp-**' pull_request: branches: - 'main' @@ -54,6 +56,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set Environment variables run: | cp sample.env .env @@ -100,6 +108,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set freeCodeCamp Environment Variables run: | cp sample.env .env @@ -136,6 +150,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set Environment variables run: | cp sample.env .env @@ -182,6 +202,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set Environment variables run: | cp sample.env .env @@ -231,6 +257,12 @@ jobs: with: run_install: false + - name: Setup Turbo Cache + uses: ./.github/actions/setup-turbo-cache + with: + turbo-token: ${{ secrets.TURBO_TOKEN }} + turbo-signature-key: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }} + - name: Set Environment variables run: | cp sample.env .env diff --git a/turbo.json b/turbo.json index 8e3016c8e87..6a5c8ad034a 100644 --- a/turbo.json +++ b/turbo.json @@ -11,5 +11,6 @@ "//#lint-root": { "dependsOn": ["@freecodecamp/shared#build"] } - } + }, + "remoteCache": { "signature": true } }