Rust CI/CD Pipelines — Taming Compile Times Without Sacrificing Safety

Rust's borrow checker and type system catch bugs at compile time, but that safety comes at the cost of compilation speed. A naive CI pipeline that runs cargo build --release from scratch on every commit can easily take 15-30 minutes. This destroys developer productivity and makes continuous deployment impractical.

The Rust dependency tree amplifies the problem. Cargo compiles every crate from source by default, and popular dependencies like tokio, serde, and diesel have large dependency trees themselves. A project with 200 transitive dependencies is common, and each one needs to be compiled.

Release builds with optimizations (--release) take significantly longer than debug builds. Your pipeline needs a strategy for when to use each: debug builds for testing (faster), release builds for deployment (optimized). Getting this wrong means either slow pipelines or unoptimized production binaries.

We configure multi-layer caching targeting ~/.cargo/registry, ~/.cargo/git, and the target/ directory. Cache keys are based on Cargo.lock plus the Rust toolchain version. We use sccache as a compilation cache backend, which can share cached artifacts across branches and even across repositories using the same dependencies.

The CI pipeline runs cargo clippy -- -D warnings for linting, cargo fmt --check for formatting, and cargo test for the test suite. For projects with integration tests that need databases, we use Docker Compose to spin up PostgreSQL or other services. We separate unit tests (fast, no external deps) from integration tests (slower, need services) into different pipeline stages.

Docker builds use a builder pattern with cargo chef to cache dependency compilation. The cargo chef prepare step creates a recipe file from your dependency graph, and cargo chef cook compiles dependencies in a separate Docker layer. This means dependency compilation is cached even when your application code changes. The final image uses debian:bookworm-slim or distroless and contains only the compiled binary.

A Rust CI/CD pipeline optimized for compile time and correctness:

• Aggressive caching — sccache, cargo registry, and target directory caching across runs
• Docker layer caching — cargo-chef based builds that cache dependency compilation separately
• Quality gates — clippy lints treated as errors, rustfmt checks, and deny unsafe if desired
• Test automation — unit and integration tests with database services in CI
• Minimal production images — distroless or scratch base with just the binary
• Cross-compilation — optional ARM64 builds using cross-rs
• Security audits — cargo audit integrated into the pipeline to check for vulnerable dependencies

Consider splitting your crate into a workspace with multiple smaller crates. Cargo's incremental compilation works at the crate level, so changes to a small utility crate do not trigger recompilation of your entire application. This can cut rebuild times in CI by 50% or more.

Use the lld or mold linker instead of the default ld. Linking is often the slowest phase of a Rust build, and mold can be 5-10x faster. Configure it in .cargo/config.toml and install it in your CI image. For release builds, this alone can save several minutes per pipeline run.