Build without PEP 517 isolation in nox sessions to keep cargo caches warm#15146
Build without PEP 517 isolation in nox sessions to keep cargo caches warm#15146reaperhulk wants to merge 4 commits into
Conversation
…warm PEP 517 build isolation creates a temporary virtualenv with a randomized path for every build, so PYO3_PYTHON changes on each install. Our cryptography-cffi build script registers rerun-if-env-changed=PYO3_PYTHON, so cryptography-cffi and cryptography-rust recompiled on every CI job even with a fully warm Swatinem/rust-cache (and on free-threaded builds the pyo3 crates recompiled too, since the non-abi3 interpreter config also embeds the ephemeral path). See PyO3/pyo3#6113 Install the build requirements into the session venv and pass --no-build-isolation instead: the build backend then runs from the stable .nox/<session> interpreter, making the cargo fingerprints stable across CI runs. Verified locally: with isolation every reinstall recompiles the crates (~30s); without it a warm-cache reinstall compiles nothing. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lj3BsMN8xmPQQ89d6nzDcZ
rust-cache skips saving on an exact key hit, so without a roll the caches would keep the fingerprints recorded from isolated builds and every job would keep rebuilding once per run. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lj3BsMN8xmPQQ89d6nzDcZ
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lj3BsMN8xmPQQ89d6nzDcZ
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lj3BsMN8xmPQQ89d6nzDcZ
CI timing results (4 measured runs on this PR)
What the logs prove: the fix works as intended. In the warm runs (C/D), the pip-install build ( What it doesn't show: total wall clock and per-job composites are within run-to-run noise (windows-tests composite: baseline 197–261s vs warm runs 168–249s; linux
So: correct fix, verified mechanism, ~30s of real redundant compile removed per job, but the headline wall-clock win is gated on the workspace-cache follow-up this enables. 🤖 Generated with Claude Code https://claude.ai/code/session_01Lj3BsMN8xmPQQ89d6nzDcZ Generated by Claude Code |
PEP 517 build isolation creates a temporary virtualenv with a randomized path for every build, so
PYO3_PYTHONchanges on each install.cryptography-cffi's build script registersrerun-if-env-changed=PYO3_PYTHON, socryptography-cffiandcryptography-rustrecompile on every CI job even with a fully warm rust-cache — and on free-threaded (non-abi3) builds the pyo3 crates recompile too, since the maturin-generated interpreter config also embeds the ephemeral path. See PyO3/pyo3#6113 (the upstreamPYO3_BASE_PYTHONfix is deferred to pyo3 0.30).This installs the
[build-system].requiresinto the session venv (constrained byci-constraints-requirements.txt, same as theflakesession already does) and passes--no-build-isolation, so the build backend runs from the stable.nox/<session>interpreter and cargo fingerprints stay valid across runs.Verified locally: with isolation, every reinstall recompiles the two crates (~30s of cargo on 4 cores); without it, a warm-cache reinstall with identical env compiles nothing (cargo finishes in 0.05s).
Note: this PR also bumps the rust-cache key. PR runs restore main's caches (whose fingerprints contain the old ephemeral paths) and rust-cache skips saving on an exact key hit, so without a key roll the stable-fingerprint cache would never get saved and the win would only appear once caches roll naturally. CI timing comparisons will be posted on this PR.
🤖 Generated with Claude Code
https://claude.ai/code/session_01Lj3BsMN8xmPQQ89d6nzDcZ
Generated by Claude Code