Teams often try to speed up that process. Yet, the developer usually run some of that locally, and the job runs those steps again when the PR is created.
I am wondering if there could be a way to _prove_ that you've run a series of step locally so that the CI job can bypass those steps?
I thought that maybe a cryptographic string could be generated only by running a build, commit this, and this string could be verified without having to run the build again (easy to check, hard to generate).
(maybe something like a private key + commit hash + signature generated only by running the build, and the server checks the signature validity. Or maybe something from the blockchain?)
You cannot trust developer machine consistency or integrity, like never trusting user input in an app. Best to have a controlled build environment. CI is cheap all things considered, much cheaper than a supply chain exploit
I've been using Dagger more, and there is the potential to share the cache between developer machines and CI, which in theory would address your "remove duplication of work" idea, while also supporting Sigstore features.
Lots of local environments also cache certain things or have things preconfigured.
Yes, it's best to speed up the process rather than skipping it.
Unless we're in the C/C++/Rust/etc space, the whole process should be relatively quick. Otherwise something else is wrong.
On the other hand, you're missing half the benefits of the CI by not ensuring the tests run in a common, predictable environment. The tests may pass for the developer but not elsewhere by accident.