ci: reduce PR proptest cost, add Ubuntu-only full-strength crypto lane#87
Conversation
The Argon2-heavy crypto proptests in `shipper-encrypt` (derive_key_*, decrypt_truncated_*, double_encrypt_roundtrip_*, each_encrypt_produces_*) were dominating wall-clock on the three-platform `test` matrix at PROPTEST_CASES=256, costing 10-20 minutes per platform on every PR. Split the case count by event: - PR / push to main: 16 cases (fast developer feedback) - schedule (nightly cron) / workflow_dispatch: 256 cases (full strength) Also pin coverage to 16 cases unconditionally, since llvm-cov instrumentation on top of Argon2 proptests is the worst-of-both and coverage does not need max-strength property exploration. No change to nextest config, no new jobs, no platform carve-out yet.
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 40 minutes and 5 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughThe changes modify environment variables in CI workflow steps. PROPTEST_CASES now varies by trigger event in the test job (256 for scheduled/manual runs, 16 for push/PR). The coverage job gains environment variables to control property testing intensity and snapshot updates during code coverage generation. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Completes the PR-matrix / deep-lane split that the previous commit on this branch stopped short of. - `test` matrix (3 OSes, every trigger): PROPTEST_CASES=16 always. Drop the event-driven ternary; the matrix no longer carries the full-strength case count on any trigger. Also cap shrink iterations (PROPTEST_MAX_SHRINK_ITERS=1000) so failures surface fast. - New `crypto-proptests-heavy` job: Ubuntu-only, runs just `shipper-encrypt` with PROPTEST_CASES=256. Gated on schedule, push-to-main, and workflow_dispatch. Not run on pull_request, so developer feedback stays fast; opt in per-branch via dispatch if needed. Net effect: - PR CI: three OSes at reduced intensity, no Argon2 tax. - main push + nightly cron: full-strength crypto proof on Ubuntu. - workflow_dispatch: full-strength on demand against any ref. Rationale for Ubuntu-only heavy lane: crypto correctness is platform-independent at the Rust layer we exercise here, and the three-OS cost for full proptests was 30-60 min of cumulative wall time every PR without proportional signal. Note on the stale `profile.ci.junit.report-successful` nextest key: already removed on main (see #82). No change needed to nextest.toml.
|
Deferring this PR: current Queued for re-ready after first successful crates.io train. The Option B design stands; nothing needs to change on the branch in the meantime. Marking as draft. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Summary
Split the
shipper-encryptproptest load into two lanes:test, 3 OSes, every trigger):PROPTEST_CASES=16+PROPTEST_MAX_SHRINK_ITERS=1000. No Argon2 tax on developer round-trips.crypto-proptests-heavyjob (Ubuntu-only): runs justshipper-encryptwithPROPTEST_CASES=256. Triggers onschedule(nightly 03:00 UTC cron),pushto main, andworkflow_dispatch. Not on pull_request — opt in per-branch via dispatch if you want to exercise it against a PR.Also:
coveragejob pinned toPROPTEST_CASES=16(llvm-cov instrumentation + Argon2 is worst-of-both; coverage signal doesn't need max-strength exploration).Why
The Argon2-heavy crypto proptests in
shipper-encrypt(derive_key_deterministic_prop,decrypt_truncated_ciphertext_always_fails_prop,double_encrypt_roundtrip_prop,each_encrypt_produces_unique_ciphertext, etc.) were costing 10–20 min per platform atPROPTEST_CASES=256on every PR — paying the same proof three times on every round-trip, without proportional signal.This PR gives you:
which is the shape the repo wants at this stage of closeout.
Scope discipline
profile.ci.junit.report-successfulkey is already gone (removed in ci: stabilize nextest across platforms #82); verified against current main.Follow-ups (not this PR)
crypto-proptests-heavyto be a required check on main, configure it in repo settings — the workflow change alone doesn't make it required.Test plan
testmatrix than recent PRs (ci: stabilize nextest across platforms #82–ci: isolate CARGO_HOME in preflight snapshot test #86).coveragejob wall-clock drops.crypto-proptests-heavydoes not run on this PR (it's pull_request-excluded by design).crypto-proptests-heavyatPROPTEST_CASES=256— verify via workflow log.crypto-proptests-heavy— verify via workflow log.workflow_dispatchon any branch executescrypto-proptests-heavyat full strength — verify via workflow log.