perf(ci): cache Rust deps in release builds (cargo-chef + rust-cache)#166
Merged
Conversation
The slow part of a release was the multi-arch image build recompiling the full dependency tree from scratch every time: the Dockerfile built everything in one `cargo build --release --workspace` layer, so any source change cache-missed it, and the per-arch buildx GHA cache only kept the apt/toolchain layers. - Dockerfile: adopt cargo-chef. `cook` compiles only dependencies into a layer keyed on Cargo.lock, which the existing per-architecture buildx GHA cache now actually reuses across releases. Re-copy build.rs + proto and `cargo clean -p peat-node` after cook so our proto-codegen build script regenerates OUT_DIR/_connectrpc.rs (cargo-chef stubs workspace build scripts during cook). Verified locally: a real source change rebuilds in ~14s recompiling only peat-node + peat-cli — deps stay cooked/cached (vs a full from-scratch build). - release.yml: add Swatinem/rust-cache to the peat-cli binary jobs (4 host targets were uncached), keyed per matrix target. CI host jobs already use rust-cache; the multi-arch Docker build already had the per-arch buildx GHA cache — it just wasn't effective without cargo-chef.
peat-bot
approved these changes
Jun 18, 2026
peat-bot
left a comment
peat-bot
left a comment
There was a problem hiding this comment.
Peat QA Review (SHA: 63683ad)
No findings.
Scope: build tooling only — Dockerfile adopts the cargo-chef planner/cook/build pattern keyed on Cargo.lock, and .github/workflows/release.yml adds Swatinem/rust-cache to the 4 peat-cli release binary jobs keyed per matrix target. No changes to proto/sidecar.proto, the Connect RPC surface, src/crypto.rs, src/watcher.rs, Cargo.toml dependency pins, chart/peat-node/, or zarf.yaml. The cargo clean -p peat-node --release step after cook is the documented workaround to force build.rs proto codegen to re-run while leaving cooked dependency artifacts intact, and the ADR-001 in-container peat --help smoke test is preserved.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Speeds up builds/releases by caching Rust dependency compilation, per architecture.
The bottleneck
The multi-arch image build recompiled the entire dependency tree from scratch every release: the Dockerfile built everything in one
cargo build --release --workspacelayer, so any source change cache-missed it. The per-arch buildx GHA cache (already configured) only kept the apt/toolchain layers — useless for the cargo compile.Changes
cookcompiles only dependencies into a layer keyed onCargo.lock; the existing per-architecture buildx GHA cache (scope=peat-node-<arch>) now actually reuses it across releases. A wrinkle: cargo-chef stubs workspace build scripts duringcook, which broke ourbuild.rsproto codegen (include!(OUT_DIR/_connectrpc.rs)not found). Fixed by re-copyingbuild.rs+proto/andcargo clean -p peat-nodeafter cook so the codegen re-runs — deps stay cooked.Swatinem/rust-cacheto the 4 peat-cli binary jobs (they were uncached), keyed per matrix target.Verified locally
peat-node derive-idreturns the correct id).CACHED, onlypeat-node+peat-clirecompiled — no deps (tokio/iroh/peat-mesh) rebuilt.CI host jobs (Test/Clippy/Build/Cross-platform) already use
rust-cache; this closes the two remaining gaps (Docker dep layer + peat-cli release binaries). No product/behavior change — build tooling only.