Any way to cache signed binaries and pull them during Azure Build Pipeline run?

Question

We have an Azure Build Pipeline that is building our product. We recently migrated to a custom Agent Pool, so we now have control over the VMs in the pool. I recently added a code signing step. This step is signing all of the binaries, and is resulting in a doubling of the build time. Up until now, I have not thought about caching as our full build runs were only about 20 min. Now we are 45 or longer.

I am trying to think through how to cache, but if I cache the signed binaries, I don't have a hash yet or anything I can compare to the newly built unsigned files. I could cache the unsigned binaries and the signed binaries, then after building compare the unsigned binaries with what was just built. For matches, I could grab the signed version from the cache, and for the others go forward with signing.

This seems overly complex. Any other options?

Answer 1

Azure DevOps provided Pipeline caching can help reduce build time by allowing the outputs or downloaded dependencies from one run to be reused in later runs, thereby reducing or avoiding the cost to recreate or redownload the same files again. Caching is especially useful in scenarios where the same dependencies are downloaded over and over at the start of each run.

Caching is currently supported in CI and deployment jobs, but not classic release jobs.

However according to your scenarios, especially I don't have a hash yet or anything I can compare to the newly built unsigned files. Cash may not suitable for this.

Caching can be effective at improving build time provided the time to restore and save the cache is less than the time to produce the output again from scratch. Because of this, caching may not be effective in all scenarios and may actually have a negative impact on build time.

To reduce your build time, expect improve your infrastructure of the server which host your build agents. You could also try to use parallel jobs for build pipeline.