diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4f786a7..f9bd00b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -23,6 +23,11 @@ jobs:
         ]
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        if: startsWith(matrix.rust, '1')
+        with:
+          path: ~/.cargo/registry/index
+          key: cargo-${{ matrix.rust }}-git-index
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
@@ -68,16 +73,17 @@ jobs:
           components: rustfmt
       - run: cargo fmt --all --check
 
-  ci-success:
-    name: Complete
-    runs-on: ubuntu-latest
-    needs: [test, i586, no_std, fmt]
-    steps:
-      - run: exit 0
-  ci-failed:
-    name: Complete
+  # One job that "summarizes" the success state of this pipeline. This can then be added to branch
+  # protection, rather than having to add each job separately.
+  success:
+    name: Success
     runs-on: ubuntu-latest
     needs: [test, i586, no_std, fmt]
-    if: failure()
+    # Github branch protection is exceedingly silly and treats "jobs skipped because a dependency
+    # failed" as success. So we have to do some contortions to ensure the job fails if any of its
+    # dependencies fails.
+    if: always() # make sure this is never "skipped"
     steps:
-      - run: exit 1
+      # Manually check the status of all dependencies. `if: failure()` does not work.
+      - name: check if any dependency failed
+        run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'
diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml
index c284d89..68c4900 100644
--- a/.github/workflows/master.yaml
+++ b/.github/workflows/master.yaml
@@ -16,6 +16,11 @@ jobs:
         rust: [1.31.0, stable]
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        if: startsWith(matrix.rust, '1')
+        with:
+          path: ~/.cargo/registry/index
+          key: cargo-${{ matrix.rust }}-git-index
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 987d1fb..5004cbb 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -12,6 +12,11 @@ jobs:
         rust: [1.31.0, stable]
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        if: startsWith(matrix.rust, '1')
+        with:
+          path: ~/.cargo/registry/index
+          key: cargo-${{ matrix.rust }}-git-index
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
@@ -28,16 +33,17 @@ jobs:
       - uses: actions/checkout@v4
       - run: cargo fmt --all --check
 
-  ci-success:
-    name: Complete
-    runs-on: ubuntu-latest
-    needs: [test, fmt]
-    steps:
-      - run: exit 0
-  ci-failed:
-    name: Complete
+  # One job that "summarizes" the success state of this pipeline. This can then be added to branch
+  # protection, rather than having to add each job separately.
+  success:
+    name: Success
     runs-on: ubuntu-latest
     needs: [test, fmt]
-    if: failure()
+    # Github branch protection is exceedingly silly and treats "jobs skipped because a dependency
+    # failed" as success. So we have to do some contortions to ensure the job fails if any of its
+    # dependencies fails.
+    if: always() # make sure this is never "skipped"
     steps:
-      - run: exit 1
+      # Manually check the status of all dependencies. `if: failure()` does not work.
+      - name: check if any dependency failed
+        run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'