Skip to content

Windows CI のテストを Defender のスキャン対象から外して高速化する#59

Merged
TwoSquirrels merged 2 commits into
mainfrom
ci/windows-defender-exclusion
Jul 12, 2026
Merged

Windows CI のテストを Defender のスキャン対象から外して高速化する#59
TwoSquirrels merged 2 commits into
mainfrom
ci/windows-defender-exclusion

Conversation

@TwoSquirrels

@TwoSquirrels TwoSquirrels commented Jul 12, 2026

Copy link
Copy Markdown
Owner

Resolves #58

概要

Windows の test ジョブに、Windows Defender の除外パスを追加するステップを足します。#58 の対策第一候補 (効き目順 1 番) の実装です。

背景

test (windows-latest, g++) だけ毎回数分かかり、支配的なのは std ダミーツリー生成 (数千個の小ファイル書き込み) が Defender のリアルタイムスキャンに捕まることでした (詳細は #58 の分析を参照)。使い捨てランナーなので、スキャン対象から書き込み先を外します。

変更内容

  • test ジョブの先頭 (checkout・キャッシュ復元より前) に、Windows 限定の Add-MpPreference -ExclusionPath ステップを追加。
  • 除外対象は書き込みが集中する 5 箇所: GITHUB_WORKSPACERUNNER_TEMPTEMPLOCALAPPDATA\Temp~/.cargo。テストの書き込み先は全て tempfile::TempDir (= %TEMP%) で、ほかにワークスペース側の target dir とキャッシュ展開がある。
  • ランナーの TEMP は 8.3 短縮形 (C:\Users\RUNNER~1\...) で入っており、Defender の除外は短縮形との照合が信頼できないため、同じ場所の長い表記 LOCALAPPDATA\Temp も並べて両表記でカバー。

計測

この PR の CI 実測で before/after を比較する (現状の基準値: ジョブ全体 3 分 47 秒、ユニットテスト 90.7 秒)。効果が薄ければ #58 の次の選択肢 (リアルタイム監視の無効化、#43 経由の軽量化) を検討。

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Performance
    • Improved Windows CI test performance by excluding workspace and temporary build directories from real-time antivirus scanning during test runs.

The std dummy-tree generation writes thousands of tiny files, and on
windows-latest each write goes through Defender's real-time scan,
making the unit tests alone take ~90 seconds (#58). Exclude the
workspace, temp directories, and the cargo cache from scanning on the
disposable runner. TEMP is listed in both its 8.3 short form and the
equivalent long form because exclusion matching against short names is
unreliable.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@TwoSquirrels, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 56 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bf1547a0-b484-461d-b96d-0d7bb6b10e33

📥 Commits

Reviewing files that changed from the base of the PR and between 79f9a38 and f564c1b.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml
📝 Walkthrough

Walkthrough

The CI test job now conditionally adds Windows Defender real-time scanning exclusions for workspace, temporary, and Cargo directories before checkout and test execution.

Changes

Windows CI performance

Layer / File(s) Summary
Windows Defender exclusion step
.github/workflows/ci.yml
Adds a Windows-only PowerShell step that excludes the GitHub workspace, runner and Windows temporary directories, and the user Cargo directory from Defender scanning.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the PR’s main change: excluding Windows CI tests from Defender scanning to speed them up.
Linked Issues check ✅ Passed The PR implements the requested Windows Defender exclusion step for workspace and temp paths before checkout/test, matching #58.
Out of Scope Changes check ✅ Passed The change is narrowly scoped to the Defender exclusion step and does not introduce unrelated modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/windows-defender-exclusion

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@TwoSquirrels

Copy link
Copy Markdown
Owner Author

計測結果 (run 29200567446)

フェーズ before (#58 の基準値) after
ジョブ全体 3 分 47 秒 2 分 56 秒 −51 秒 (−22%)
ユニットテスト 172 件 90.7 秒 60.1 秒 −30.6 秒 (−34%)
E2E (cli) 17 件 22.2 秒 21.4 秒 −0.8 秒
E2E (libraries) 5 件 27.8 秒 23.4 秒 −4.4 秒
除外ステップ自体のコスト 1 秒 +1 秒

🤖 Generated with Claude Code

@TwoSquirrels TwoSquirrels marked this pull request as ready for review July 12, 2026 16:45

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 67-77: Add continue-on-error: true to the “Exclude build
directories from Windows Defender” workflow step so failures from
Add-MpPreference do not fail the test job, while preserving the existing Windows
condition and PowerShell command.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d00dd240-920b-4fd1-8035-1a201f95ebee

📥 Commits

Reviewing files that changed from the base of the PR and between c432d27 and 79f9a38.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml

Comment thread .github/workflows/ci.yml
The exclusion is a speed-up, not a correctness requirement, so a
failing Add-MpPreference (Defender disabled, missing privileges, ...)
should fall back to running the tests slowly instead of failing the
job. Suggested by CodeRabbit.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@TwoSquirrels TwoSquirrels merged commit efe9415 into main Jul 12, 2026
10 checks passed
@TwoSquirrels TwoSquirrels deleted the ci/windows-defender-exclusion branch July 12, 2026 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Windows の CI が遅い

1 participant