From df9375ba494ac522b918bc6a50c98560f9d03319 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Dinis=20Ferreira?= <hello@joaof.eu>
Date: Sun, 31 May 2026 14:37:32 +0200
Subject: [PATCH] ci: restore Maven cache from master-produced caches in
 maven-verify
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The maven-verify cache never hit in practice, for three compounding reasons
(verified against the live cache inventory):

- actions/cache only restores on an exact key match, and the key embeds
  hashFiles('**/pom.xml') — so any pom-touching PR missed outright.
- GitHub isolates caches per PR scope: the eight open PRs each held a
  byte-identical 704 MB cache under their own refs/pull/N/merge, invisible
  to one another. The only shareable scope is master, and verify.yml (a
  pull_request-only workflow) never saved there.
- master DOES have a cache producer — snapshot.yml saves ~/.m2/repository
  as Linux-maven-publish-* on every push — but verify's restore prefix
  (Linux-maven-0-) could never match that family. snapshot.yml's own
  restore-keys already reach down into Linux-maven-0-; the sharing was
  one-directional by accident.
- The redundant per-PR saves pushed the repo over its 10 GB cache budget
  (10.35 GB across 14 caches), so LRU eviction also killed same-PR reuse.

Fix, all in the one cache step: switch to actions/cache/restore (PRs stop
saving — ends the duplicate-cache churn and the eviction pressure), add
restore-keys with prefix fallback, and include Linux-maven-publish- so every
PR warm-starts from the snapshot build's superset cache, refreshed on each
merge to master. The maven-0 epoch remains the manual bust lever.

Mechanism verified in a fork experiment (joaodinissf#26): a pom-touching
second run logged 'Cache restored from key: Linux-maven-0-…' and round-
tripped the cached content.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 .github/workflows/verify.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index 59ec29cba..1e09359fd 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -45,11 +45,18 @@ jobs:
         run: mvn --version
       - name: Set up Workspace Environment Variable
         run: echo "WORKSPACE=${{ github.workspace }}" >> $GITHUB_ENV
-      - name: Cache Maven dependencies
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae  # v5
+      - name: Restore Maven dependency cache
+        # Restore-only: PR scopes cannot share caches with each other, so per-PR
+        # saves are dead weight that evicts the useful master-scoped caches
+        # (10 GB repo budget). The producer is snapshot.yml on master pushes
+        # (Linux-maven-publish-*), which every PR can prefix-restore.
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae  # v5
         with:
           path: /home/runner/.m2/repository
           key: ${{ runner.os }}-maven-0-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-0-
+            ${{ runner.os }}-maven-publish-
       - name: Build with Maven  within a virtual X Server Environment
         # Run pmd:pmd and pmd:cpd first to generate reports for all modules, then run pmd:check and pmd:cpd-check
         # This ensures all violations are collected and reported before the build fails