CI: install all apt deps from ghcr bundles, drop actions/cache apt-deps layer#10701
Draft
julek-wolfssl wants to merge 2 commits into
Draft
CI: install all apt deps from ghcr bundles, drop actions/cache apt-deps layer#10701julek-wolfssl wants to merge 2 commits into
julek-wolfssl wants to merge 2 commits into
Conversation
The ci-cache-offload work added a ghcr .deb bundle path to install-apt-deps, making the actions/cache apt-archive layer redundant. Remove it so no apt-deps-* cache entries are produced. Apt packages now install either offline from the ghcr bundle (when ghcr-debs-tag is set) or via plain apt-get with the existing retry/backoff. - Strip the Compute/Restore/Pre-seed/Collect/Save cache steps and the cache-hit fast path; drop the now-unused 'cache' input. - Update callers that passed 'cache': membrowse-onboard, membrowse-report (and the apt_cache matrix key in membrowse-targets.json), and sssd. The ghcr offline path and the ccache actions/cache usage are untouched.
Extends the ghcr offline-install path to every install-apt-deps consumer that was still on plain apt, and publishes the bundles they need. New bundles built by ci-deps-image: - ubuntu-24.04-embedded: the membrowse ARM cross-toolchain (~0.5 GB), kept out of -full so it does not bloat the interop workflows' pull. - ubuntu-24.04-linuxkm: linux-headers-$(uname -r) + the kernel-module build toolchain. linux-headers tracks the runner's running kernel, so a daily job rebuilds it only when uname -r changed (recorded as an image label); a mismatch during a runner-image rollout just falls back to apt. Consumers now passing ghcr-debs-tag: - sssd -> ubuntu-24.04-full (its deps added to that list) - hostap-vm -> ubuntu-22.04-full (its deps added to that list) - membrowse targets -> ubuntu-24.04-embedded; the two linuxkm targets -> ubuntu-24.04-linuxkm (new per-target matrix.ghcr_tag) - linuxkm.yml -> ubuntu-24.04-linuxkm (pinned to ubuntu-24.04 so the bundle's headers match the runner kernel) Each consumer still falls back to apt when its bundle is unavailable, so nothing breaks until ci-deps-image first publishes the new tags.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Actions CI dependency installation flow to rely on prebuilt GHCR .deb bundles (offline installs) and removes the redundant actions/cache-based apt archive caching from the install-apt-deps composite action. It also extends bundle coverage to additional consumers (membrowse embedded + linux kernel module headers/toolchain) via new/updated bundle definitions in ci-deps-image.
Changes:
- Remove the apt-archive caching layer from
.github/actions/install-apt-depsand keep only (1) optional offline GHCR bundle install and (2) online apt-get retry/backoff. - Update workflows and membrowse target matrices to pass
ghcr-debs-tag(and add new per-targetghcr_tagvalues). - Extend
ci-deps-imageto publish new bundle variants (ubuntu-24.04-embedded,ubuntu-24.04-linuxkm) and add/update package lists accordingly.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/sssd.yml | Switch install-apt-deps usage from cache input to ghcr-debs-tag for ubuntu-24.04-full. |
| .github/workflows/membrowse-report.yml | Use per-target matrix.ghcr_tag for offline bundle installs instead of apt cache control. |
| .github/workflows/membrowse-onboard.yml | Use per-target matrix.ghcr_tag for offline bundle installs instead of apt cache control. |
| .github/workflows/linuxkm.yml | Pin runner to ubuntu-24.04 and install headers via the ubuntu-24.04-linuxkm bundle when available. |
| .github/workflows/hostap-vm.yml | Enable offline install via ubuntu-22.04-full bundle. |
| .github/workflows/ci-deps-image.yml | Add new static -embedded bundle and a kernel-tracking daily -linuxkm bundle job. |
| .github/membrowse-targets.json | Add ghcr_tag per target and remove now-unused apt_cache. |
| .github/ci-deps/packages-ubuntu-24.04-full.txt | Add missing packages needed by updated consumers (e.g., sssd deps). |
| .github/ci-deps/packages-ubuntu-24.04-embedded.txt | New package list for membrowse embedded targets’ bundle. |
| .github/ci-deps/packages-ubuntu-22.04-full.txt | Add packages needed by hostap-vm and other ubuntu-22.04-full consumers. |
| .github/actions/install-apt-deps/action.yml | Remove cache input and all actions/cache steps; keep GHCR-offline + apt retry paths. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+187
to
+194
| skipped=0 | ||
| for pkg in "${PKGS[@]}"; do | ||
| retry sudo apt-get install -y --download-only "$pkg" \ | ||
| || { echo "::warning::could not download $pkg"; skipped=$((skipped+1)); } | ||
| done | ||
| sudo cp /var/cache/apt/archives/*.deb debs/ 2>/dev/null || true | ||
| echo "Bundled $(ls debs/*.deb 2>/dev/null | wc -l) .deb files; ${skipped} skipped" | ||
| test -n "$(ls debs/*.deb 2>/dev/null)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Follow-up to the ci-cache-offload work: now that
install-apt-depscaninstall apt packages offline from a ghcr
.debbundle, extend that path tothe remaining consumers and drop the redundant
actions/cacheapt-deps layer.Drop the
actions/cacheapt-deps layer frominstall-apt-deps.debbundle path made theactions/cacheapt-archive layerredundant. Remove it so no
apt-deps-*cache entries are produced. Aptpackages now install either offline from the ghcr bundle (when
ghcr-debs-tagis set) or via plainapt-getwith the existingretry/backoff.
cache-hit fast path; drop the now-unused
cacheinput.cache: membrowse-onboard, membrowse-report(and the
apt_cachematrix key inmembrowse-targets.json), and sssd.actions/cacheusage are untouched.Install all apt deps from ghcr bundles
install-apt-depsconsumerthat was still on plain apt, and publishes the bundles they need.
ci-deps-image:ubuntu-24.04-embedded: the membrowse ARM cross-toolchain (~0.5 GB),kept out of
-fullso it does not bloat the interop workflows' pull.ubuntu-24.04-linuxkm:linux-headers-$(uname -r)+ the kernel-modulebuild toolchain.
linux-headerstracks the runner's running kernel, so adaily job rebuilds it only when
uname -rchanged (recorded as an imagelabel); a mismatch during a runner-image rollout just falls back to apt.
ghcr-debs-tag:ubuntu-24.04-full(its deps added to that list)ubuntu-22.04-full(its deps added to that list)ubuntu-24.04-embedded; the two linuxkm targets ->ubuntu-24.04-linuxkm(new per-targetmatrix.ghcr_tag)ubuntu-24.04-linuxkm(pinned toubuntu-24.04so thebundle's headers match the runner kernel)
nothing breaks until
ci-deps-imagefirst publishes the new tags.Testing
CI only — affects
.github/workflows and actions.