From 2a458d9c2fefd2e08a168288278aa7ddb530dcf0 Mon Sep 17 00:00:00 2001
From: Ray Walker <ray@27b.io>
Date: Sat, 2 May 2026 21:29:40 +1000
Subject: [PATCH] =?UTF-8?q?chore:=20strip=20redundant=20CI=20steps=20?=
 =?UTF-8?q?=E2=80=94=20self-hosted=20runner=20has=20tooling=20baked=20in?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The cachekit ARC runner image (ghcr.io/cachekit-io/runner) includes
Rust stable, rustfmt, clippy, cargo-audit, cargo-deny, and cargo-fuzz.

- Remove dtolnay/rust-toolchain steps from cachekit jobs (already installed)
- Remove actions/cache steps from cachekit jobs (host cache mounted at /cache)
- Remove cargo install steps for tools baked into the image
- Skip toolchain install on self-hosted unless MSRV (1.85) is needed
- Keep toolchain/cache for GitHub-hosted runners (macos, windows)
- Add cargo generate-lockfile before cargo vet (library has no Cargo.lock)
- Use rustup default nightly for fuzz jobs (simpler than dtolnay action)
---
 .github/workflows/ci.yml       |  13 +---
 .github/workflows/codeql.yml   |   3 -
 .github/workflows/release.yml  |   6 --
 .github/workflows/security.yml | 120 ++-------------------------------
 4 files changed, 8 insertions(+), 134 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 84b5730..5e2aaa9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -40,12 +40,14 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Install Rust toolchain
+        if: matrix.runner != 'cachekit' || matrix.rust == '1.85'
         uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
         with:
           toolchain: ${{ matrix.rust }}
           components: ${{ matrix.rust != '1.85' && 'rustfmt, clippy' || '' }}
 
       - name: Cache cargo registry
+        if: matrix.runner != 'cachekit'
         uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
         with:
           cache-all-crates: true
@@ -71,17 +73,6 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
-
-      - name: Cache cargo registry
-        uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
-        with:
-          cache-all-crates: true
-
-      - name: Install security tools
-        run: cargo install cargo-deny cargo-audit
-
       - name: Check dependencies (licenses & security advisories)
         run: cargo deny check
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6ac6a19..f5c9590 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,9 +25,6 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
-
       - name: Initialize CodeQL
         uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d2f5331..ea04e63 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -38,12 +38,6 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
-
-      - name: Cache cargo registry
-        uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
-
       - name: Run tests before publish
         run: cargo test --all-features
 
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index ef3c867..468cccc 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -27,31 +27,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
-        with:
-          toolchain: "stable"
-          components: clippy
-
-      - name: Cache Rust dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: |
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            target/
-          key: ${{ runner.os }}-cargo-security-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-security-
-            ${{ runner.os }}-cargo-
-
-      - name: Install cargo-audit
-        run: cargo install cargo-audit --locked
-
-      - name: Install cargo-deny
-        run: cargo install cargo-deny --locked
-
       - name: Run cargo audit (CVE scanning)
         run: cargo audit
 
@@ -92,24 +67,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # nightly
-
-      - name: Cache Rust dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: |
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            fuzz/target/
-          key: ${{ runner.os }}-cargo-fuzz-nightly-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-fuzz-nightly-
-            ${{ runner.os }}-cargo-
-
-      - name: Install cargo-fuzz
-        run: cargo install cargo-fuzz --locked
+      - name: Use nightly toolchain
+        run: rustup default nightly
 
       - name: Run quick fuzz (corpus only)
         run: |
@@ -147,24 +106,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # nightly
-
-      - name: Cache Rust dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: |
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            fuzz/target/
-          key: ${{ runner.os }}-cargo-fuzz-nightly-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-fuzz-nightly-
-            ${{ runner.os }}-cargo-
-
-      - name: Install cargo-fuzz
-        run: cargo install cargo-fuzz --locked
+      - name: Use nightly toolchain
+        run: rustup default nightly
 
       - name: Run deep fuzz (30 minutes per target)
         run: |
@@ -190,24 +133,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
-        with:
-          toolchain: "1.85"
-
-      - name: Cache Rust dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: |
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            target/
-          key: ${{ runner.os }}-cargo-kani-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-kani-
-            ${{ runner.os }}-cargo-
-
       - name: Install Kani
         run: |
           cargo install --locked kani-verifier || echo "Kani install failed, skipping verification"
@@ -225,23 +150,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
-        with:
-          toolchain: "1.85"
-
-      - name: Cache Rust dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: |
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            target/
-          key: ${{ runner.os }}-cargo-vet-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-vet-
-            ${{ runner.os }}-cargo-
+      - name: Generate lockfile
+        run: cargo generate-lockfile
 
       - name: Install cargo-vet
         run: cargo install cargo-vet --locked
@@ -257,24 +167,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master
-        with:
-          toolchain: "1.85"
-
-      - name: Cache Rust dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: |
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            target/
-          key: ${{ runner.os }}-cargo-sbom-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-cargo-sbom-
-            ${{ runner.os }}-cargo-
-
       - name: Install cargo-sbom
         run: cargo install cargo-sbom --locked