Skip to content

perf(ci): cache torch wheel in pip-audit.yml; add codex.yml concurrency guard#481

Merged
cgfixit merged 2 commits into
mainfrom
claude/cyclaw-optimize-ci-runtime-hygiene
Jul 9, 2026
Merged

perf(ci): cache torch wheel in pip-audit.yml; add codex.yml concurrency guard#481
cgfixit merged 2 commits into
mainfrom
claude/cyclaw-optimize-ci-runtime-hygiene

Conversation

@cgfixit

@cgfixit cgfixit commented Jul 9, 2026

Copy link
Copy Markdown
Owner

What

Two small, unrelated-but-small CI hygiene fixes bundled together (both "license/secret/key-free enhancement" per the CyClaw-Optimize scope):

  1. pip-audit.yml: verify-install job now caches pip downloads (via setup-python's cache: 'pip') and caches the torch CPU wheel separately (via a dedicated actions/cache step keyed on runner.os + the pin), mirroring ci.yml's existing two-tier caching exactly.
  2. codex.yml: added a concurrency block, mirroring the one already on claude.yml.

Why / benefit

  1. pip-audit.yml triggers on push/pull_request to requirements.txt or constraints.txt — which means its pip cache is guaranteed to bust on the one event that matters most, and without a separate torch cache it re-downloads the ~2GB CPU wheel on both OS legs every time those files change. ci.yml already solved this with a dedicated torch-wheel cache; pip-audit.yml never got the same treatment.
  2. codex.yml and claude.yml are near-identical issue_comment-triggered PR-bot workflows (checkout PR merge ref → run agent → post comment), but only claude.yml has a concurrency guard. Rapid repeat @codex comments on the same PR could run overlapping jobs against the same refs/pull/N/merge ref with no guard.

Risk to monitor

Both changes are additive (new cache steps / a concurrency block) — no existing step was removed or reordered beyond inserting the cache steps. Worst case on a cache miss is identical behavior to today (fresh download), so there's no plausible way this makes the job slower or less correct, only sometimes faster. codex.yml's cancel-in-progress: true is unconditional (matching claude.yml's exact policy) since this workflow has no analogous "push to main" case to exempt.

Verify

Both files parse as valid YAML (yaml.safe_load). No Python code touched — this is a CI-workflow-only change validated by the repo's own CI on push, per the skill's documented exception for YAML/lint-only PRs.

Scan context

CyClaw-Optimize (ponytail + Karpathy + fable-protocol loaded). Findings #1 and #2 of an 8-finding scan; deduped against open PRs #473, #477, #415.


Generated by Claude Code

…ncurrency

pip-audit.yml's verify-install job re-downloads the ~2GB torch CPU wheel on
every run because its own triggers (requirements.txt/constraints.txt changes)
guarantee a cache-bust, unlike ci.yml which keys the torch wheel separately
from the lighter pip cache. Mirrors ci.yml's two-tier caching (pip cache via
setup-python + dedicated actions/cache for the torch wheel keyed on
runner.os+pin) so a manifest change only re-fetches what actually changed.

codex.yml had no concurrency block despite being near-identical in shape to
claude.yml (same issue_comment trigger, same checkout-PR-merge-ref pattern).
Rapid repeat @codex comments on one PR could run overlapping jobs against the
same refs/pull/N/merge ref with no guard; added the same cancel-in-progress
group claude.yml already uses.
@chatgpt-codex-connector

Copy link
Copy Markdown

Summary

  • Reviewed the PR follow-up context and validated the current workflow edits; I did not find a follow-up code change that needs a new PR.
  • Confirmed pip-audit.yml now uses setup-python pip caching with requirements.txt, constraints.txt, and pyproject.toml as cache dependencies. .github/workflows/pip-audit.ymlL38-L50
  • Confirmed pip-audit.yml now has a separate pinned torch CPU wheel cache and cache-miss download/install path. .github/workflows/pip-audit.ymlL56-L86
  • Confirmed codex.yml now has a PR-comment concurrency guard with cancel-in-progress: true. .github/workflows/codex.ymlL7-L10
  • No files were modified in this follow-up, so I did not commit or create a new PR.

Testing

  • python - <<'PY' import yaml for p in ['.github/workflows/pip-audit.yml','.github/workflows/codex.yml']: with open(p, 'r', encoding='utf-8') as f: yaml.safe_load(f) print(f'OK {p}') PY
  • git status --short

View task →

@cgfixit cgfixit marked this pull request as ready for review July 9, 2026 19:42
@cgfixit cgfixit merged commit 829d8b0 into main Jul 9, 2026
27 of 32 checks passed
@cgfixit cgfixit deleted the claude/cyclaw-optimize-ci-runtime-hygiene branch July 9, 2026 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants