From cfbfecb1bcc9780ba012cbf01e9e33f690a46e7d Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 16 Jun 2026 16:33:12 +0000 Subject: [PATCH] CI: fail the linuxkm bundle build on any download error Addresses PR review feedback. The kernel-tracking linuxkm bundle treated a failed --download-only as a warning and still published, so a transient mirror error could ship a partial bundle. Because the daily job skips rebuilds while the kernel label matches, such a partial bundle would persist until the kernel next changes (~monthly), forcing consumers to fall back to apt the whole time. The linuxkm set is small and entirely required, so resolve it as one closure and let a failure fail the job; we push only on success, so the last good bundle stays in place. The static -full/-minimal bundles keep their per-package skip-and-warn - they serve many independent consumer subsets and rebuild weekly, so maximizing coverage is the right trade-off there. --- .github/workflows/ci-deps-image.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-deps-image.yml b/.github/workflows/ci-deps-image.yml index 60a7a7842a..8908d9b36c 100644 --- a/.github/workflows/ci-deps-image.yml +++ b/.github/workflows/ci-deps-image.yml @@ -184,14 +184,15 @@ jobs: sudo apt-get clean retry() { local i; for i in 1 2 3 4 5; do "$@" && return 0; sleep $((2**i)); done; "$@"; } retry sudo apt-get update -q - skipped=0 - for pkg in "${PKGS[@]}"; do - retry sudo apt-get install -y --download-only "$pkg" \ - || { echo "::warning::could not download $pkg"; skipped=$((skipped+1)); } - done + # The whole set is required and this bundle is small, so resolve it as + # one closure and let any download failure fail the job. We push only + # on success, so a transient mirror error keeps the last good bundle + # rather than publishing a partial one - which the kernel-label skip + # would then pin in place until the kernel next changes (~monthly). + retry sudo apt-get install -y --download-only "${PKGS[@]}" sudo cp /var/cache/apt/archives/*.deb debs/ 2>/dev/null || true - echo "Bundled $(ls debs/*.deb 2>/dev/null | wc -l) .deb files; ${skipped} skipped" - test -n "$(ls debs/*.deb 2>/dev/null)" + echo "Bundled $(ls debs/*.deb 2>/dev/null | wc -l) .deb files" + test -n "$(ls debs/*.deb 2>/dev/null)" # headers are never preinstalled - name: Build and push bundle (labelled with the kernel) if: steps.check.outputs.rebuild == 'true'