On GitLab even if you set the same cache key it will not cross between unprotected and protected runs.
replyGitLab just adds a -protected suffix to the cache key.
It seems baffling that GitHub does not do this trivial separation, if I understand it correctly.