Skip to content

feat(sovereign-ci): flip enable_sccache default true (fleet rollout)#25

Merged
noahgift merged 1 commit into
mainfrom
feat/sccache-fleet-rollout
Apr 18, 2026
Merged

feat(sovereign-ci): flip enable_sccache default true (fleet rollout)#25
noahgift merged 1 commit into
mainfrom
feat/sccache-fleet-rollout

Conversation

@noahgift
Copy link
Copy Markdown
Contributor

@noahgift noahgift commented Apr 18, 2026

Summary

  • Phase 3 pilot (copia, bashrs, aprender) verified: F9 p95=100% hit rate over n=24 runs in the 7-day window (threshold 40%).
  • Flip enable_sccache default from falsetrue so every reusable-workflow caller gets sccache automatically.
  • Per-repo opt-out still available via enable_sccache: false.
  • Also adds # falsify-f8-allow: annotations for the two legitimate hosted-runner jobs (SLSA provenance, PR authorization gate).

F9 verification data (intel, 7-day window)

n=24 min=0.00 median=100.00 mean=65.3146 p95=100.00 max=100.00

Bimodal: cold-build runs hit 2-10%; warm-cache runs hit 100%. p95=100% means ≥95% of CI runs land on fully warm cache.

Corresponding infra-side parser fix: paiml/infra#49

Expected fleet impact

  • Wallclock savings: Phase 1 pilot recorded ~15% speedup on warm builds for medium workloads. Heavy workloads (aprender APR-MONO) expected to see larger gains due to 60+ crate workspace.
  • Self-hosted runner load: F7 has been near/over threshold during pilot ramp-up; sccache should reduce future peak load by cutting rebuild time.

Test plan

  • F9 falsifier passes: cargo run --example falsify_f9_cache_hit_rate -- --remote intel → p95=100%
  • F8 allowlist comments added for provenance (SLSA) + pr-gate authorize jobs
  • After merge: monitor F1/F7 (runner load) over next 7 days — should not regress
  • After merge: F9 on aprender/bashrs/copia should continue to PASS

Refs PMAT-151

@noahgift noahgift enabled auto-merge (squash) April 18, 2026 18:05
@noahgift
feat(sovereign-ci): flip enable_sccache default to true (fleet rollout)
2cd4ee4 
Phase 3 pilot verified. F9 over 24 runs on intel (7-day window):
  n=24 min=0.00 median=100.00 mean=65.3 p95=100.00 max=100.00

p95 hit rate 100% vs 40% threshold — strong PASS. Bimodal distribution:
cold builds hit ~2-10%, warm runs hit 100% once cache is populated.
Per spec build-performance.md §7 Phase 3 exit criteria, the pilot
signal is sufficient to flip the fleet-default from false → true.

Callers can still disable per-repo:
  with:
    enable_sccache: false

Also adds F8 (no-github-hosted) allowlist comments to:
- provenance job: SLSA provenance requires GitHub OIDC attestation
  endpoint, can only run on hosted.
- pr-gate authorize job: PR authorization must run before self-hosted
  to prevent bootstrap loop (non-org PRs would need auth before they
  could land on a self-hosted runner).

Refs PMAT-151
@noahgift noahgift force-pushed the feat/sccache-fleet-rollout branch from 729fae6 to 2cd4ee4 Compare April 18, 2026 18:06
@noahgift noahgift merged commit 2147748 into main Apr 18, 2026
2 checks passed
@noahgift noahgift deleted the feat/sccache-fleet-rollout branch April 18, 2026 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@noahgift