refactor: update restore-node-modules action to support lookup-only functionality
- Replaced 'extract' input with 'lookup-only' to allow cache entry checks without downloading or extracting.
- Updated action logic to conditionally extract node_modules based on the new 'lookup-only' input.
- Adjusted workflow files to utilize 'lookup-only' for cache-warming jobs on Linux, macOS, and Windows.
* CI: speed up node_modules cache with zstd + shared scripts
Switch the Linux/macOS node_modules cache from single-threaded gzip
(tar -czf) to multi-threaded zstd. The "Create node_modules archive"
step was spending ~5min of single-core gzip on a multi-GB tree on every
cache miss; zstd -T0 uses all cores and decompresses much faster, so
cache-hit jobs benefit too. Windows stays on 7-Zip (already threaded).
Extract the archive/extract commands into shared per-platform scripts
under .github/workflows/node_modules_cache/ (cache.sh / cache.ps1, each
dispatching on an archive|extract argument) so the format and flags live
in one place instead of being duplicated across ~8 workflows. Bump
build/.cachesalt to invalidate existing gzip caches.
Also remove the obsolete extensions/copilot CI workflows
(copilot-setup-steps.yml, ensure-node-modules-cache.yml, pr.yml) and the
unused build/listBuildCacheFiles.js, and drop their now-stale entries
(plus lit-html and signals-core) from .eslint-allowed-javascript-files.
* ci: seed copilot node_modules cache on main and rename cache keys
Add copilot-linux and copilot-windows jobs to pr-node-modules.yml so the
copilot node_modules cache is populated on main. Rename the copilot cache
keys to copilot-node_modules-linux / copilot-node_modules-windows in pr.yml.
* ci: extract node_modules cache into composite actions
Factor the repeated node_modules cache plumbing into two local composite
actions, restore-node-modules and save-node-modules, and migrate all
workflows that used the cache.sh/cache.ps1 archive flow (pr, pr-node-modules,
pr-{linux,darwin,win32}-test, copilot-setup-steps, component-fixtures,
css-order-scan).
- restore-node-modules computes the key, restores the cache, optionally
extracts on a hit, and exports the resolved key via $GITHUB_ENV.
- save-node-modules archives node_modules and saves it to the cache, reusing
the key exported by restore so callers don't repeat the prefix.
- Bespoke install steps stay in the workflows, so per-job env/secrets never
cross the action boundary.
- Only seed the cache on branch pushes (component-fixtures skips PRs, whose
caches aren't shared).
* save the node_modules cache for now to test it
* ci: fix node_modules cache save dropping the archive
cache.sh wrote its archive as cache.tzst, but actions/cache reserves that
name for its own tarball and passes --exclude cache.tzst, so our archive was
excluded and an empty (~200 B) cache was saved on Linux/macOS. Rename the
archive to node-modules.tzst and bump build/.cachesalt to invalidate the
broken cache entries.
* empty commit
* Remove again saving to the node modules cache from PR steps
* ci: switch PR workflows back to 1ES self-hosted runners with JobId
Re-applies #311975 (reverted in #312033). Adds per-run+attempt JobId
labels to scope 1ES agents to specific GitHub Actions runs and prevent
intermittent runner cancellations.
Also switches the pr.yml compile job's GITHUB_TOKEN from the
ephemeral repo-scoped runner token to secrets.VSCODE_OSS so cross-repo
GitHub API release fetches (vscode-js-debug, vscode-js-debug-companion,
vscode-js-profile-visualizer, etc.) authenticate properly. On 1ES pools
the shared egress IPs hit the anonymous 60/hr api.github.com rate limit
and produced 403 fan-out across PRs last time.
* ci: fall back to GITHUB_TOKEN for fork PRs
Match the historical pattern from before #255987 — fork PRs can't
access secrets.VSCODE_OSS, so use the conditional to pick GITHUB_TOKEN
for forks.
* ci: switch PR workflows back to 1ES self-hosted runners with JobId
Reverts the GitHub-hosted runner switch for ubuntu/windows jobs in pr*.yml
and adds a unique JobId label per job, per the IcM mitigation. The JobId
ensures 1ES pool runs are scoped to a specific GitHub Actions run+attempt,
which prevents the cancellation issues that occurred with bare pool labels.
Pool labels:
- 1es-vscode-oss-ubuntu-22.04-x64
- 1es-vscode-oss-windows-2022-x64
macOS jobs (pr-darwin-test.yml, pr-node-modules macOS) remain on
GitHub-hosted runners as no 1ES macOS pool exists.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: keep pr-linux-test.yml on ubuntu-24.04 GH-hosted runner
Linux electron tests were stabilized by moving to ubuntu-24.04 in #308495
and #309451. Keep that runner GH-hosted while the rest of the PR workflows
use 1ES self-hosted pools.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: include inputs.job_name in JobId for reusable test workflows
pr-win32-test.yml is invoked 3x from pr.yml (Electron/Browser/Remote) and
without a per-invocation discriminator all 3 jobs share the same JobId
within a run, defeating the 1ES per-job scoping. Add inputs.job_name to
the JobId prefix so each invocation is distinct. Apply the same defense
to pr-linux-cli-test.yml for safety.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Run our build scripts directly as typescript #277567
Follow up on #276864
For #277526
* Remove a few more ts-node references
* Fix linux and script reference
* Remove `_build-script` ref
* Fix script missing closing quote
* use type only import
* Fix export
* Make sure to run copy-policy-dto
* Make sure we run the copy-policy-dto script
* Enable `verbatimModuleSyntax`
* Pipelines fixes
* Try adding explicit ext to path
* Fix bad edit
* Revert extra `--`
---------
Co-authored-by: João Moreno <joaomoreno@users.noreply.github.com>