CI: clarify ccache/apt-deps offload comments (Copilot review)

Tighten three pieces of documentation to match the implementation; no
behaviour change:

- install-apt-deps (ghcr-debs-tag description): the apt mirror is avoided
  only on the successful offline path. The offline install is a single
  --no-download install of the whole package set, so any miss (bundle
  absent/private/incomplete) falls back to the apt path.
- ci-deps-image header: each bundle is every requested package plus the
  dependencies not already present on the matching runner image - tied to
  that runner, not a portable/self-contained .deb closure.
- ci-deps-image schedule note: a package missing from the bundle fails the
  whole offline install (it is not per-package), falling back to the full
  apt path.
This commit is contained in:
Juliusz Sosinowicz
2026-06-15 18:53:00 +00:00
parent 93b1e35a15
commit 80a3e67ba3
2 changed files with 16 additions and 9 deletions
+7 -5
View File
@@ -24,11 +24,13 @@ inputs:
description: >
Tag of a prebuilt .deb bundle published to
ghcr.io/<owner>/wolfssl-ci-debs by the ci-deps-image workflow
(e.g. "ubuntu-24.04-minimal"). When set, the packages are installed offline
from that bundle - the apt mirror is never contacted - and the apt
cache path below is skipped entirely. Any failure (bundle missing,
not public, or missing a package) falls through to the apt path, so
this is always safe to set. Leave empty to use apt only.
(e.g. "ubuntu-24.04-minimal"). When set, the packages are installed
offline from that bundle and the apt cache path below is skipped; on
that happy path the apt mirror is not contacted. The offline install
is all-or-nothing (a single --no-download install of the whole set),
so any failure - bundle missing, not public, or not covering every
requested package - falls back to the apt path. Always safe to set;
leave empty to use apt only.
required: false
default: ''
runs:
+9 -4
View File
@@ -3,8 +3,11 @@ name: CI deps image
# Builds the prebuilt apt .deb bundles that the make-check family (the
# -minimal tags) and the interop workflows (the -full tags, a superset)
# install offline (see .github/actions/install-apt-deps, input
# ghcr-debs-tag). Each bundle is the .deb closure of a package list in
# .github/ci-deps/, published to ghcr.io/<owner>/wolfssl-ci-debs:<tag>.
# ghcr-debs-tag). Each bundle holds the .debs for a package list in
# .github/ci-deps/ - every package plus the dependencies not already on the
# matching runner image, so it is tied to that runner rather than being a
# portable, self-contained closure - published to
# ghcr.io/<owner>/wolfssl-ci-debs:<tag>.
#
# Why: the apt mirror times out often enough to break PR CI. Resolving the
# closure ONCE here (on master, where a slow mirror only delays this job and
@@ -21,8 +24,10 @@ on:
schedule:
# Weekend only - refresh the bundles weekly so they track base-image
# security updates. A mid-week package-list change waits for Saturday
# (or run this manually via workflow_dispatch); until then install-apt-deps
# falls back to apt for any package not yet in the bundle.
# (or run this manually via workflow_dispatch); until then the offline
# install (a single --no-download install of the whole set) fails if any
# requested package is missing from the bundle, and install-apt-deps
# falls back to the full apt path.
- cron: '0 2 * * 6'
workflow_dispatch: