[ci-coach] ci: skip go mod download on cache hit for 9 jobs #24318
Description
Summary
9 jobs in ci.yml were unconditionally running go mod download even when the Go module cache was warm. This adds the if: steps.setup-go.outputs.cache-hit != 'true' guard (already present in test and integration jobs) to the remaining jobs.
Optimization
Skip redundant module downloads on cache hit
Type: Resource / Cache Optimization
Impact: ~10–30s per job saved when cache is warm
Risk: Low — skipping is safe; go mod verify still runs unconditionally to ensure cache integrity
Jobs updated: update, build-wasm, bench, audit, actions-build, security, security-scan, cross-platform, alpine-container-test
Rationale: When actions/setup-go reports a cache hit, all Go modules are already present locally. Running go mod download in this case is a no-op that still takes 10–30s of network verification time. With 7 of these jobs running on every PR, this saves ~1–3 minutes of total compute per run on warm caches (the typical case after the first run).
go mod verify is intentionally left unconditional — it's fast and ensures cache integrity without network access.
Changed jobs
| Job | Runs on | Note |
|---|---|---|
update |
All events | |
build-wasm |
All events | Also has -x verbose flag |
audit |
All events | |
actions-build |
All events | |
security |
All events | |
cross-platform |
All events | macOS + Windows matrix |
alpine-container-test |
All events | |
bench |
main only | |
security-scan |
main only | No go mod verify step |
Metrics Baseline
- Total runs analyzed: 100
- Success rate: 53%
- Average successful run duration: ~4 min
- Cache guard already present in:
test,integration,fuzzjobs
Validation
✅ YAML syntax valid (python3 -c "import yaml; yaml.safe_load(...)")
✅ All 12 Download dependencies with retry steps now have the cache guard
Proposed by CI Coach workflow run #125
Warning
Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files. A human must create the pull request manually.
Protected files
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission.
Create the pull request manually
# Download the patch from the workflow run
gh run download 23948079975 -n agent -D /tmp/agent-23948079975
# Create a new branch
git checkout -b ci-coach/skip-module-download-on-cache-hit-076c626073e6d065 main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-23948079975/aw-ci-coach-skip-module-download-on-cache-hit.patch
# Push the branch and create the pull request
git push origin ci-coach/skip-module-download-on-cache-hit-076c626073e6d065
gh pr create --title '[ci-coach] ci: skip go mod download on cache hit for 9 jobs' --base main --head ci-coach/skip-module-download-on-cache-hit-076c626073e6d065 --repo github/gh-awGenerated by CI Optimization Coach · ● 3.2M · ◷
- expires on Apr 5, 2026, 1:50 PM UTC