ci: exclude mise install dir from Windows Defender#188
Merged
zeitlinger merged 3 commits intomainfrom Apr 21, 2026
Merged
Conversation
Win `Setup mise` step takes ~86s despite cache hit. Log shows 80s of that is `tar -xf` extracting the 568 MB cache — Defender real-time scan on many-small-files (node_modules, pipx, dotnet) dominates. Adding an exclusion before mise-action runs lets us measure how much of the gap to Linux (~10s) / Mac (~37s) is Defender vs intrinsic NTFS/tar overhead. Revert if impact is negligible. Signed-off-by: Gregor Zeitlinger <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a Windows-only CI optimization to reduce mise cache restore time by excluding the mise install directory from Windows Defender real-time scanning before jdx/mise-action runs.
Changes:
- Add a Windows-only PowerShell step that runs
Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\mise"prior toSetup mise.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2 tasks
Co-authored-by: Copilot <[email protected]>
martincostello
approved these changes
Apr 21, 2026
Merged
zeitlinger
pushed a commit
that referenced
this pull request
Apr 21, 2026
### Added - *(registry)* switch shfmt to aqua backend ([#175](#175)) ### Fixed - treat cargo-clippy as a partial fixer ([#197](#197)) - *(registry)* add --tests to cargo-clippy, add test coverage ([#176](#176)) ### Other - *(deps)* update taiki-e/install-action digest to 055f5df ([#180](#180)) - *(deps)* update dependency npm:@biomejs/biome to v2.4.12 ([#191](#191)) - *(deps)* update rust crate clap to v4.6.1 ([#196](#196)) - *(deps)* update rust crate tokio to v1.52.1 ([#192](#192)) - *(deps)* update dependency pipx:ruff to v0.15.11 ([#198](#198)) - *(deps)* update node.js to v24.15.0 ([#194](#194)) - *(deps)* update dependency npm:prettier to v3.8.3 ([#193](#193)) - exclude mise install dir from Windows Defender ([#188](#188)) - *(deps)* update dependency npm:renovate to v43.129.0 ([#200](#200)) - restructure README/docs and split registry module ([#187](#187)) - *(deps)* update dependency mise to v2026.4.15 ([#199](#199)) > [!IMPORTANT] > Close and reopen this PR to trigger CI checks. Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Experiment: add a Win-only step before
Setup misethat excludes$env:LOCALAPPDATA\misefrom Defender real-time scanning.Why
PR #176 CI timings:
Win mise-action log (job):
All 80s is tar extract of many-small-files (node_modules, pipx, dotnet SDK). Defender real-time scanning on each
CreateFileis the usual suspect on Win hosted runners.Keeping compression (GH cache limit 10 GB) — not switching archiver. Exclusion is cheapest lever to try.
Test plan
Setup misetiming against 86s baseline