Skip to content

test(ci): speed up cli-tests by sharding testscripts across runners#2885

Merged
mikeland73 merged 2 commits into
mainfrom
mikeland73/speed-up-tests
Jun 22, 2026
Merged

test(ci): speed up cli-tests by sharding testscripts across runners#2885
mikeland73 merged 2 commits into
mainfrom
mikeland73/speed-up-tests

Conversation

@mikeland73

@mikeland73 mikeland73 commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

The cli-tests test job is dominated by the testscripts package (~380s wall). Two changes cut that down: (1) shard the testscripts across runners — they are bound by per-runner nix work (downloading ~677 package closures and evaluating flakes on each devbox invocation), which funnels through a single nix-daemon and does not parallelize within one runner, so a shard: [0, 1, 2] matrix axis splits the scripts (round-robin over a sorted list, so heavy scripts spread evenly) across three runners that each have their own daemon/cores/network; and (2) swap the add_insecure testscript from python@2.7.18.6 (not cached, compiled from source, ~260s — the single longest script) to nodejs@16 (16.20.2), which is flagged insecure in the pinned nixpkgs (Node 16 is EOL) yet has a prebuilt binary on cache.nixos.org, so it still exercises the --allow-insecure flow but substitutes in seconds. A test-result job aggregates the shards into one stable status check.

⚠️ Branch protection: the shard axis renames the matrix jobs (e.g. test (not-main, ubuntu-latest, project-tests-off, 0)), so required-check names change — point branch protection at the new test-result check. Note test-result aggregates the whole matrix, including project-tests-only (previously treated as a non-required signal); tell me if you'd rather keep that non-blocking.

How was it tested?

Confirmed the in-tree add_insecure swap passes through the go test harness locally (28s vs 260s) and verified via nix eval that nodejs_16 carries knownVulnerabilities in the pinned nixpkgs. Confirmed sharding partitions scripts disjointly across DEVBOX_TEST_SHARD_INDEX=0/1/2 locally, and that the split is balanced (~20/20/19 scripts, heavy scripts spread across all shards). go build, go vet, gofumpt, and golangci-lint pass on the changed packages.

Community Contribution License

All community contributions in this pull request are licensed to the project
maintainers under the terms of the
Apache 2 License.

By creating this pull request, I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 License as stated in
the
Community Contribution License.

@mikeland73 @claude
test(ci): speed up cli-tests by raising parallelism and de-slowing ad…
dfb47cd 
…d_insecure

The cli-tests `test` job was dominated by the testscripts package (~380s
wall). Two changes cut that down:

- Pass `-parallel 8` to both the fast tests (project-tests-off) and the
  project tests (test-projects-only). The testscripts are I/O-bound on nix
  downloads/builds, so oversubscribing the 4 vCPU runner lets more scripts
  overlap their waits instead of capping concurrency at GOMAXPROCS.

- Switch the add_insecure testscript from python@2.7.18.6 to nodejs@16
  (16.20.2). The Python version is not in the binary cache and compiled from
  source (~260s, the single longest pole). nodejs_16 is flagged insecure in
  the pinned nixpkgs (EOL) yet has a prebuilt binary on cache.nixos.org, so
  it still exercises the --allow-insecure flow but substitutes in seconds.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 22, 2026 02:04
Copilot AI reviewed Jun 22, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request speeds up the cli-tests GitHub Actions workflow by increasing Go test concurrency and replacing a slow “insecure package” test target with a cached (but still insecure/EOL) alternative, reducing overall CI wall-clock time for the CLI test suite.

Changes:

  • Run Go tests with -parallel 8 in CI for the fast test leg to increase overlap of I/O-bound testscript work.
  • Add -parallel 8 to the test-projects-only devbox script so the slow/project test leg matches the same concurrency tuning.
  • Update the insecure-package testscript to use nodejs@16 (cached) instead of python@2.7.18.6 (source build), while still exercising --allow-insecure.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
testscripts/add/add_insecure.tst.txt Switches the insecure package under test to a cached Node 16 derivation and documents the rationale.
devbox.json Adds -parallel 8 to the test-projects-only script to speed up project testscripts.
.github/workflows/cli-tests.yaml Adds -parallel 8 to the fast go test invocation and documents why oversubscription helps on CI runners.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mikeland73 @claude
test(ci): shard testscripts across runners instead of oversubscribing…
b5274fd 
… one

The earlier -parallel 8 bump did not help: the testscripts are bound by
per-runner nix work (downloading ~677 package closures and evaluating flakes
on each devbox invocation), which is serialized through a single nix-daemon
and does not parallelize within one runner. Raising in-process parallelism
just made scripts contend, roughly doubling each script's wall time for no net
gain. Revert it.

Instead, shard the scripts across runners, where each runner has its own
daemon, cores, and network:

- Add DEVBOX_TEST_SHARD_INDEX / DEVBOX_TEST_SHARD_TOTAL support to the
  testscript runners. RunTestscripts now runs each script via its own
  testscript.Run (params.Files) so scripts can be partitioned individually;
  RunDevboxTestscripts shards example projects in WalkDir order. Assignment is
  round-robin over a sorted list so heavy scripts spread across shards.
- Add a `shard: [0, 1, 2]` matrix axis to the cli-tests `test` job and a
  `test-result` job that aggregates the shards into one stable status check
  (the per-shard job names are unstable for branch protection).

Keeps the add_insecure -> nodejs@16 package swap from the previous commit.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mikeland73 mikeland73 changed the title test(ci): speed up cli-tests via -parallel and a cached insecure package test(ci): speed up cli-tests by sharding testscripts across runners Jun 22, 2026
@mikeland73 mikeland73 merged commit da1ab52 into main Jun 22, 2026
25 checks passed
@mikeland73 mikeland73 deleted the mikeland73/speed-up-tests branch June 22, 2026 02:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikeland73