• Adds disk space cleanup step for Ubuntu GHA runners
• Removes unused tools (GHC, Android SDK, Boost, Swift, Julia)
• Displays disk space before and after cleanup
• Runs only on Ubuntu to optimize CI performance

Add disk cleanup step for Ubuntu runners

• Adds new workflow step to remove extra tools from Ubuntu runners
• Removes GHC, Android SDK, Boost, Swift, and Julia installations
• Displays disk space metrics before and after cleanup
• Step only executes when inputs.os == 'ubuntu'

.github/workflows/bazel.yml

Description

The new disk-cleanup step only runs when inputs.os is exactly ubuntu, but this workflow’s
runs-on logic supports hyphenated runner labels (e.g., ubuntu-22.04/ubuntu-latest), so the
cleanup will be skipped for those values. Skipping cleanup can leave the runner low on disk and
cause later Bazel steps to fail.

Code

.github/workflows/bazel.yml[R99-101]

+      - name: Remove extra tools to free disk space
+        if: inputs.os == 'ubuntu'
+        run: |

Evidence

runs-on is derived from inputs.os in a way that explicitly allows passing a full runner label
when it contains - (so ubuntu-22.04 stays ubuntu-22.04), but the new cleanup step uses strict
equality against ubuntu, which will be false for versioned/explicit Ubuntu labels. The workflow
already contains similar strict OS comparisons (e.g., Windows/non-Windows driver cleanup,
output-base selection), reinforcing that inputs.os is being used both as an OS family and as a
runner label, which is inconsistent and error-prone.

.github/workflows/bazel.yml[86-90]
.github/workflows/bazel.yml[99-112]
.github/workflows/bazel.yml[157-167]
.github/workflows/bazel.yml[185-187]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The cleanup step is guarded by `if: inputs.os == 'ubuntu'`, so it will **not** run when callers pass explicit/variant Ubuntu runner labels (e.g., `ubuntu-latest`, `ubuntu-22.04`), even though the workflow’s `runs-on` expression supports those values.

### Issue Context
This workflow treats `inputs.os` as both an OS family selector and (optionally) a full runner label. OS-gated steps should therefore avoid strict equality checks that only match the bare family name.

### Fix Focus Areas
- Update the cleanup step condition to match all Ubuntu runner-label variants, e.g.:
 - `if: startsWith(inputs.os, 'ubuntu')`
 - or `if: runner.os == 'Linux'` (preferred if the intent is “Linux runners”)
- (Optional but recommended for consistency) apply the same pattern to other OS-gated steps that currently check `inputs.os == 'windows'` / `!= 'windows'`.

- .github/workflows/bazel.yml[88-112]
- .github/workflows/bazel.yml[157-167]
- .github/workflows/bazel.yml[185-187]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Description

The new Ubuntu cleanup step performs destructive sudo rm -rf operations (including a glob) while
explicitly swallowing errors via || true, which reduces script robustness and can mask
misconfigurations or unexpected runner layouts. This conflicts with the requirement to harden
CI/scripts with safer, validated behavior rather than allowing ambiguous or silently-failing
operations.

Code

.github/workflows/bazel.yml[R101-110]

+        run: |
+          echo "Removing extra tools to free disk space..."
+          echo "Space before: $(df -BG / | tail -1 | awk '{print $4}')"
+          sudo rm -rf /opt/ghc || true
+          sudo rm -rf /usr/local/.ghcup || true
+          sudo rm -rf /usr/local/lib/android || true
+          sudo rm -rf /usr/local/share/boost || true
+          sudo rm -rf /usr/share/swift || true
+          sudo rm -rf /usr/local/julia* || true
+          sync

Evidence

PR Compliance ID 13 requires hardening CI/scripts with safer handling and validated behavior; the
added step uses multiple sudo rm -rf ... || true deletions (including /usr/local/julia*) that
can delete more than intended and suppresses any failures, preventing early/clear detection of
issues.

.github/workflows/bazel.yml[101-110]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The Ubuntu cleanup step deletes large tool directories using `sudo rm -rf` (including a glob) and suppresses all errors via `|| true`, which can mask unexpected runner state and makes failures harder to diagnose.

## Issue Context
This is CI/workflow logic, and the compliance requirement asks for hardened scripts with safer handling and validated behavior.

## Fix Focus Areas
- .github/workflows/bazel.yml[99-112]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools