actions/mise-action
12
0
Fork 0
mirror of https://github.com/jdx/mise-action.git synced 2026-05-14 05:50:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mise-action/README.md
jdx b287efda3d
fix: include runner image in cache key to prevent cross-provider collisions (#456) 
## Problem

The default cache key was `mise-v1-{os}-{arch}-{file_hash}` — no
runner-image discriminator. Any repo whose CI runs on multiple runner
providers with the same os/arch shares one cache slot:

- github-hosted `macos-latest`
- namespace.so `nscloud-macos-sequoia-arm64-*` /
`namespace-profile-*-macos-arm64`
- self-hosted M-series macs
- BuildJet, blacksmith, etc.

When a repo migrates from one provider to another, the new run restores
the previous provider's tool installs (~200 MB of
`~/.local/share/mise/installs/*`), and tools that loaded fine in the
original image break in the new one.

### Concrete failures observed

Discovered while migrating [jdx/hk](https://github.com/jdx/hk/pull/891)
from github-hosted to namespace.so. Same `mise-v1-macos-arm64-<hash>`
cache hit on namespace; tool resolution fails everywhere:

```
mise ERROR Tool 'ubi:koalaman/shellcheck' does not have an executable named 'shellcheck'
mise ERROR Tool 'gem:asciidoctor' does not have an executable named 'asciidoctor'
mise ERROR Tool 'aqua:betterleaks/betterleaks' does not have an executable named 'betterleaks'
mise ERROR Tool 'biome' does not have an executable named 'biome'
mise ERROR Tool 'buf' does not have an executable named 'buf'
mise ERROR Tool 'github:google/google-java-format' does not have an executable named 'google-java-format'
```

— installs are present (cache restored 185 MB) but the executable layout
from the github-hosted macOS-15 image doesn't match what mise expects on
namespace's macOS arm64 image.

On Linux, cached binaries built against the github-hosted ubuntu
glibc/CPU featureset SIGILL on namespace's image (e.g. `swiftlint` exit
code 132).

## Fix

Append the GitHub Actions hosted-runner `ImageOS` env var (e.g.
`macos15`, `ubuntu24`) to the platform segment of the default cache key.
Other runners pool under `self-hosted`.

```ts
const imageOS = process.env.ImageOS || 'self-hosted'
return `${base}-${imageOS}`
```

After this change:
- `mise-v1-macos-arm64-macos15-<hash>` (github-hosted)
- `mise-v1-macos-arm64-self-hosted-<hash>` (namespace, self-hosted,
etc.)

Users with multiple self-hosted profiles that need finer scoping can set
`cache_key_prefix` per workflow. The README's docs for `{{platform}}`
are updated to reflect the new format.

## Trade-offs

- One-time cache miss for everyone on the next run after upgrade. Cache
rebuilds and stays scoped per-image after that.
- Hosted-runner image rolls (e.g. `macos15` → `macos16`) will invalidate
cache, which is desirable — that's exactly when stale binaries cause
problems.
- Self-hosted users with mixed runner pools all share one `self-hosted`
slot. They'd need `cache_key_prefix` per pool, same as before. This PR
doesn't make that worse.

## Test plan

- [ ] Verify `dist/index.js` rebuilt cleanly (yes, `npm run package`
succeeded with the change visible at `getTarget()` callsite).
- [ ] Run on a github-hosted runner — confirm `ImageOS` is read from env
(e.g. `macos15`) and shows up in the `mise cache restored from key:` log
line.
- [ ] Run on a non-hosted runner — confirm fallback to `-self-hosted`.
- [ ] Verify a workflow that switched providers no longer pulls a
poisoned cache.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes cache-key generation and will cause a one-time cache miss plus
different cache partitioning, which can affect build times and cache
reuse across runners.
> 
> **Overview**
> Updates the default cache-key `{{platform}}` value to append a runner
image discriminator (`process.env.ImageOS` on GitHub-hosted runners,
otherwise `self-hosted`), reducing cross-provider/image cache collisions
that can restore incompatible tool installs.
> 
> Implements this via a new `getRunnerImageId()` helper used during
cache-key template processing, and documents the new `{{platform}}`
format in the README; `dist/index.js` is rebuilt accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
ef1bd0e351. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2026-04-30 09:15:04 -05:00

122 lines
4.3 KiB
Markdown
Raw Permalink Blame History

# Example Workflow
```yaml
name: test
on:
pull_request:
branches:
- main
push:
branches:
- main
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
with:
version: 2026.3.10 # [default: latest] mise version to install
install: true # [default: true] run `mise install`
install_args: "bun" # [default: ""] additional arguments to `mise install`
cache: true # [default: true] cache mise using GitHub's cache
experimental: true # [default: false] enable experimental features
log_level: debug # [default: info] log level
# automatically write this .tool-versions file
tool_versions: |
shellcheck 0.11.0
# or, if you prefer .mise.toml format:
mise_toml: |
[tools]
shellcheck = "0.11.0"
working_directory: app # [default: .] directory to run mise in
reshim: false # [default: false] run `mise reshim -f`
github_token: ${{ secrets.GITHUB_TOKEN }} # [default: ${{ github.token }}] GitHub token for API authentication
- run: shellcheck scripts/*.sh
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
# .tool-versions will be read from repo root
- run: node ./my_app.js
```
## Cache Configuration
You can customize the cache key used by the action:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "my-custom-cache-key" # Override the entire cache key
cache_key_prefix: "mise-v1" # Or just change the prefix (default: "mise-v0")
```
### Template Variables in Cache Keys
When using `cache_key`, you can use template variables to reference internal values:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "mise-{{platform}}-{{version}}-{{file_hash}}"
version: "2026.3.10"
install_args: "node python"
```
Available template variables:
- `{{version}}` - The mise version (from the `version` input)
- `{{cache_key_prefix}}` - The cache key prefix (from `cache_key_prefix` input or default)
- `{{platform}}` - The target platform, including the runner image (e.g., "linux-x64-ubuntu24", "macos-arm64-macos15", "linux-x64-self-hosted"). The trailing segment is `process.env.ImageOS` on github-hosted runners and falls back to `"self-hosted"` elsewhere — preventing cache collisions when the same repo runs on different runner providers (github-hosted, namespace.so, self-hosted).
- `{{file_hash}}` - Hash of all mise configuration files
- `{{mise_env}}` - The MISE_ENV environment variable value
- `{{install_args_hash}}` - SHA256 hash of the sorted tools from install args
- `{{default}}` - The processed default cache key (useful for extending)
Conditional logic is also supported using Handlebars syntax like `{{#if version}}...{{/if}}`.
Example using multiple variables:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "mise-v1-{{platform}}-{{install_args_hash}}-{{file_hash}}"
install_args: "node@24 python@3.14"
```
You can also extend the default cache key:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "{{default}}-custom-suffix"
install_args: "node@24 python@3.14"
```
This gives you full control over cache invalidation based on the specific aspects that matter to your workflow.
## GitHub API Rate Limits
When installing tools hosted on GitHub (like `gh`, `node`, `bun`, etc.), mise needs to make API calls to GitHub's releases API. Without authentication, these calls are subject to GitHub's rate limit of 60 requests per hour, which can cause installation failures.
```yaml
- uses: jdx/mise-action@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# your other configuration
```
**Note:** The action automatically uses `${{ github.token }}` as the default, so in most cases you don't need to explicitly provide it. However, if you encounter rate limit errors, make sure the token is being passed correctly.
## Alternative Installation
Alternatively, mise is easy to use in GitHub Actions even without this:
```yaml
jobs:
build:
steps:
- run: |
curl https://mise.run | sh
echo "$HOME/.local/share/mise/bin" >> $GITHUB_PATH
echo "$HOME/.local/share/mise/shims" >> $GITHUB_PATH
```
Reference in a new issue View git blame Copy permalink