Use self-hosted runners for Rust CI jobs

.github/workflows/ci.yml

@@ -12,6 +12,10 @@ on:
   release:
     types: [ published ]
 
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
 env:
   CARGO_TERM_COLOR: always
   RUST_BACKTRACE: 1
@@ -52,12 +56,14 @@ jobs:
 
   test-e2e:
     name: E2E Tests (Playwright)
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
     container:
       image: ghcr.io/hut8/soar-ci:latest
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
+      volumes:
+        - /opt/ci-cache:/ci-cache
     services:
       postgres:
         image: ghcr.io/hut8/postgis-timescaledb:latest
@@ -86,19 +92,19 @@ jobs:
         with:
           fetch-depth: 0  # Fetch all history for git tags (needed for vergen version)
 
+      - name: Setup persistent cargo cache
+        run: |
+          mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git
+          echo "CARGO_TARGET_DIR=/ci-cache/${RUNNER_NAME}/target-e2e" >> $GITHUB_ENV
+
       - name: Install unzip (required by setup-bun in container)
         run: apt-get update -qq && apt-get install -y -qq unzip
 
       - name: Setup Bun
         uses: oven-sh/setup-bun@v2
 
-      - name: Setup Rust cache
-        uses: Swatinem/rust-cache@v2
-        with:
-          cache-on-failure: true
-          shared-key: "e2e-debug"
-          save-if: ${{ github.ref == 'refs/heads/main' }}
-
       - name: Install web dependencies
         run: bun install --frozen-lockfile
 
@@ -134,7 +140,7 @@ jobs:
           RUSTFLAGS="--cfg tokio_unstable" cargo build
 
           # Seed test data
-          ./target/debug/soar seed-test-data
+          $CARGO_TARGET_DIR/debug/soar seed-test-data
 
       - name: Start Rust backend server
         working-directory: .
@@ -152,7 +158,7 @@ jobs:
           BASE_URL: http://localhost:4173
         run: |
           # Start backend server in background
-          ./target/debug/soar web --port 61225 --interface localhost > backend.log 2>&1 &
+          $CARGO_TARGET_DIR/debug/soar web --port 61225 --interface localhost > backend.log 2>&1 &
           BACKEND_PID=$!
           echo "Backend PID: $BACKEND_PID"
           echo $BACKEND_PID > backend.pid
@@ -205,12 +211,14 @@ jobs:
 
   test-rust:
     name: Test Rust Project
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
     container:
       image: ghcr.io/hut8/soar-ci:latest
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
+      volumes:
+        - /opt/ci-cache:/ci-cache
     services:
       postgres:
         image: ghcr.io/hut8/postgis-timescaledb:latest
@@ -236,6 +244,13 @@ jobs:
         with:
           fetch-depth: 0  # Fetch all history for git tags (needed for vergen version)
 
+      - name: Setup persistent cargo cache
+        run: |
+          mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git
+          echo "CARGO_TARGET_DIR=/ci-cache/${RUNNER_NAME}/target-test" >> $GITHUB_ENV
+
       - name: Install unzip (required by setup-bun in container)
         run: apt-get update -qq && apt-get install -y -qq unzip
 
@@ -246,14 +261,6 @@ jobs:
         working-directory: ./web
         run: bun install --frozen-lockfile
 
-      - name: Setup Rust cache
-        uses: Swatinem/rust-cache@v2
-        with:
-          cache-on-failure: true
-          shared-key: "test-build"
-          save-if: ${{ github.ref == 'refs/heads/main' }}
-          cache-all-crates: true
-
       - name: Setup test database
         env:
           PGPASSWORD: postgres
@@ -298,12 +305,14 @@ jobs:
 
   build-release:
     name: Build Release Binary (Native Static musl)
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
     container:
       image: ghcr.io/hut8/soar-ci:latest
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
+      volumes:
+        - /opt/ci-cache:/ci-cache
     defaults:
       run:
         shell: bash
@@ -314,6 +323,13 @@ jobs:
         with:
           fetch-depth: 0  # Fetch all history for git tags (needed for vergen version)
 
+      - name: Setup persistent cargo cache
+        run: |
+          mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git
+          echo "CARGO_TARGET_DIR=/ci-cache/${RUNNER_NAME}/target-release-musl" >> $GITHUB_ENV
+
       - name: Install unzip (required by setup-bun in container)
         run: apt-get update -qq && apt-get install -y -qq unzip
 
@@ -332,14 +348,6 @@ jobs:
           SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
         run: bun run build
 
-      - name: Setup Rust cache
-        uses: Swatinem/rust-cache@v2
-        with:
-          cache-on-failure: true
-          shared-key: "release-build-native-musl"
-          save-if: ${{ github.ref == 'refs/heads/main' }}
-          cache-all-crates: true
-
       - name: Build static release binary
         env:
           SKIP_WEB_BUILD: "1"  # Frontend already built via bun run build above
@@ -353,21 +361,21 @@ jobs:
       - name: Verify static linking
         run: |
           echo "Checking if binary is statically linked..."
-          file target/x86_64-unknown-linux-musl/release/soar
+          file $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar
 
           # Check for dynamic dependencies (should show "statically linked")
-          if ldd target/x86_64-unknown-linux-musl/release/soar 2>&1 | grep -q "not a dynamic executable"; then
+          if ldd $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar 2>&1 | grep -q "not a dynamic executable"; then
             echo "Binary is statically linked (no dynamic dependencies)"
           else
             echo "Binary has dynamic dependencies:"
-            ldd target/x86_64-unknown-linux-musl/release/soar || true
+            ldd $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar || true
           fi
 
       - name: Create binary archive
         run: |
           rm -rf release
           mkdir -p release
-          cp target/x86_64-unknown-linux-musl/release/soar release/
+          cp $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar release/
           cp README.md release/ || echo "No README.md found"
           tar -czf soar-linux-x64.tar.gz -C release .
 
@@ -381,24 +389,26 @@ jobs:
       - name: Show binary info
         run: |
           echo "Binary size:"
-          ls -lh target/x86_64-unknown-linux-musl/release/soar
+          ls -lh $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar
           echo ""
           echo "Binary info:"
-          file target/x86_64-unknown-linux-musl/release/soar
+          file $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar
           echo ""
           echo "Stripped binary size:"
-          cp target/x86_64-unknown-linux-musl/release/soar /tmp/soar-stripped
+          cp $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar /tmp/soar-stripped
           strip /tmp/soar-stripped
           ls -lh /tmp/soar-stripped
 
   security-audit:
     name: Security Audit
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
     container:
       image: ghcr.io/hut8/soar-ci:latest
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
+      volumes:
+        - /opt/ci-cache:/ci-cache
     defaults:
       run:
         shell: bash
@@ -409,6 +419,12 @@ jobs:
         with:
           fetch-depth: 0  # Fetch all history for git tags (needed for vergen version)
 
+      - name: Setup persistent cargo cache
+        run: |
+          mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry
+          ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git
+
       - name: Run security audit
         run: cargo audit