How is merge_group different from ordinary pull_request checks?

pull_request runs against a single branch snapshot; merge_group runs in GitHub Merge Queue against the temporary merge commit that would land on the default branch, validating that the PR still passes in queue order. Skipping merge_group while only testing the PR can produce “green in isolation, red after merge” long-tail failures.

What is the most common root cause of lock storms on multi-region physical Mac runners?

Often not the distributed lock service itself, but grain and lease mismatch: parallel jobs on one runner sharing Derived Data, simulator state, or signing keychain context; or merge-queue concurrency so high that the queue head blocks and triggers mass retries and renewals. Tighten concurrency groups and affinity first, then scale pools.

How should I set artifact affinity thresholds?

Compare cross-border artifact pull P95 latency times daily pull count against per-region cache storage and invalidation cost. When a single merge validation repeatedly downloads more than roughly 5–15GB of intermediates and cross-border RTT P95 exceeds about 80–120ms, prefer authoritative cache in the same region as the build runner or same-region upload–download pairs; otherwise single-region authority plus edge acceleration may suffice.

When queue depth is huge, should I add machines or change policy first?

Policy first: cap merge-group parallelism, split heavy jobs, and add regional runner labels so the queue head is not blocked by a few giant changes. If merge-queue wait P95 still exceeds about 2× a single merge_group validation duration for several days, then expand regional runner pools.

DevOps 2026-04-16

2026 Trunk & Merge Queue on Multi-Region Physical Macs: How to Flatten Orchestration Long-Tails and Lock Storms—Queue Depth, Label Routing & Artifact Affinity Threshold Matrices (Copy-Paste GitHub Actions merge-group Snippet + FAQ)

For teams already on Trunk and GitHub Merge Queue but still fighting queues and lock contention on multi-region physical Mac runners: three threshold matrices tie together queue depth, label routing, and artifact affinity, with a copy-paste merge_group workflow, seven-step runbook, cite-ready numbers, and FAQ.

2026 Trunk Merge Queue multi-region physical Mac orchestration decision

Pain: where orchestration long-tails and lock storms come from

When Trunk lands on the default branch and GitHub Merge Queue enforces both pre-merge and ordering safety, control stays in the cloud while compute sits on multi-region physical Mac self-hosted runners—the long-tail is often not compile time but queue-head blocking, cross-border artifact movement, and shared mutable state (simulators, Derived Data, keychain) driving hidden lock fights. Regional pool topology and PR/artifact handoff patterns are covered in multi-timezone handoff: PR routing, artifact locality & regional Mac pool locks; pairing that with checkout cold-start choices is in cross-border CI: Git checkout strategies on multi-region physical Macs.

Constraints: Merge Queue depth and merge_group concurrency that drift from runner capacity let a few huge PRs at the head inflate wait for everyone; physical machines hit hard CPU/disk ceilings—capacity decisions that arrive late amplify the tail.
Hidden cost: Artifacts built in one region force repeated cross-border pulls for multi-region validation jobs; mirroring everything per region adds index consistency, key residency, and GC cost. Both need explicit affinity thresholds, not gut feel.
Stability & lock storms: Parallel jobs on self-hosted runners fighting one user session’s Xcode/Simulator/keychain show up as flaky failures and retries; retries stack into lock renewal storms and API throttling, stretching the queue further.

Three decision matrices: queue depth, label routing, artifact affinity

Matrix A: When to tighten Merge Queue / concurrency groups

Signal	Read	First action
Queue wait P95 > 2× one merge_group run	Under-capacity or head-of-line blocked by a few large PRs	Cap parallel merges, split heavy jobs, or route huge changes to a dedicated queue or night window
merge_group failures spike after queue reformation	Default-branch drift, not a single PR defect	Tighten rebase/merge policy and fast checks; shorten lifetime of each temporary merge commit in the queue
Multiple jobs on one runner saturate CPU/disk	Overload false negatives	`concurrency` per repo or resource group, or scale per region

Matrix B: Label routing (multi-region physical Mac)

Target	Recommended labels	Avoid
Default-branch merge validation	`runs-on: [self-hosted, macOS, region-apac]` aligned with artifact storage region	Over-broad `macOS` labels that land jobs in high-RTT regions
Apple ID / signing / notarization	Jurisdiction-bound runner pools + isolated keychain profiles	Multiple jobs sharing one interactive login session
High UI/simulator flake rate	Single concurrency or dedicated runners; reset session state	Retry-only mitigation for lock contention

Matrix C: Artifact affinity (thresholded)

Condition	Strategy
One validation needs > ~5GB intermediates and cross-border RTT P95 > ~80–120ms	Co-locate build and verify in the same region; large blobs via same-region object storage; workflow passes references and digests only
Small artifacts, reproducible builds	Single authoritative region + derived caches elsewhere; cut duplicate uploads first
Compliance demands one audit source	Fixed “authority region” for signing/notarization; other regions consume only verified artifacts

Use all three together: queue depth answers who runs first, labels answer where it runs, affinity answers what moves before it runs—drop one corner and you get “green merges” that still ship slowly.

Seven-step runbook

Freeze baselines: Split timings for PR checks, merge_group, and pushes to default; track per-region runner queue depth and retry rate.
SLA merge_group: Target duration below the business max for “time waiting to merge,” with artifact download share called out separately.
Tighten concurrency: Use concurrency or “one heavy job per runner” for shared mutable resources to remove false negatives first.
Add regional labels: Pin default-branch validation to the same region as artifacts and dependency mirrors; cross-border read-only acceleration only.
Calibrate artifact paths: Large intermediates: same-region generate–reference–verify digest; avoid repeated full uploads inside merge_group.
Game-day faults: Drain one region or inject throttling; confirm queue fallback does not violate signing jurisdiction (document RTO if the authority region cannot move).
Write thresholds down: Capture queue depth / RTT / artifact size in an ADR so scaling does not erase informal rules.

Cite-ready thresholds (ADR-friendly)

Merge Queue wait P95 > ~2× one merge_group validation → tune concurrency and split jobs before buying hardware.
Cross-border artifact pull RTT P95 > ~80–120ms with single download > ~5GB → default to same-region build+verify alignment.
On self-hosted physical Macs, keep one heavy UI job per runner inside a concurrency group to avoid simulator fights.
Short-term queue reformation failure rate > ~5% → inspect branch protection and drift, not higher retries.

Copy-paste GitHub Actions merge_group snippet

Minimal merge_group trigger alongside pull_request, plus a concurrency key to reduce lock storms on self-hosted runners. Replace runs-on labels and region names for your fleet.

name: ci

on:
  pull_request:
  merge_group:

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

jobs:
  validate:
    if: github.event_name == 'merge_group' || github.event_name == 'pull_request'
    runs-on: [self-hosted, macOS, region-apac]
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.merge_group.head_sha || github.event.pull_request.head.sha }}
      - name: Build and test (merge queue aware)
        run: |
          echo "Running on ${{ github.event_name }} @ ${{ github.sha }}"
          # xcodebuild / swift test / your merge validation commands

Notes: merge_group must check out the same ref as the queue’s temporary merge commit; tune the concurrency key so PR and merge-queue runs do not cancel the wrong work (split workflows if needed). GitHub’s merge_group semantics evolve—validate end-to-end in a throwaway repo before production.

FAQ

Can merge_group and pull_request share one job definition?: Yes for steps, but keep explicit if/ref handling—queue reformation is where wrong SHAs produce “random red.”
Should physical Mac pools mix with GitHub-hosted runners?: Possible, but labels must be mutually exclusive and documented; unify artifact and cache path contracts so one concurrency group does not span runner classes with different filesystem layouts.
Lock storm: drain the queue or kill jobs first?: Reduce parallelism and shrink lock grain first; draining the queue drops ordered merge intent and is usually reserved for control-plane incidents.

Run the queue reliably on Mac mini

Trunk and Merge Queue push merge correctness into CI, while physical Mac runners carry real Xcode and simulator load—together, stability and IO consistency matter more than peak GHz. Apple Silicon Mac mini pairs unified memory bandwidth with roughly ~4W idle power, so regional runners can stay warm overnight without the thermal swings that force you to keep retuning lock TTLs on many x86 towers.

macOS ships the same roots as your laptops, shrinking “passes locally, flakes in CI” gaps; Gatekeeper, SIP, and FileVault make session and disk state easier to explain under audit than a typical Windows build farm. Colocate runners with artifacts and mirrors, then use labels and concurrency to enforce lock boundaries—if you want merge_group validation on hardware that is quiet, efficient, and predictable, Mac mini M4 remains one of the strongest price–performance starting points.

If you are ready to move from “merge_group runs sometimes” to “queue depth and affinity thresholds you can trust,” pick up a Mac mini now and run this matrix on real silicon instead of fighting cloud quotas alone.

Limited Time Offer

Running Merge Queue validation on regional physical Macs?

Get low-latency, label-routable Mac mini cloud nodes—shrink merge_group waits and cross-border artifact tails.

Pay-as-you-go Multi-region Physical hardware