Skip to content

CI: harden ci-deps-image downloads against stalled mirror connections#10729

Merged
dgarske merged 1 commit into
wolfSSL:masterfrom
julek-wolfssl:ci-deps-full-timeout
Jun 18, 2026
Merged

CI: harden ci-deps-image downloads against stalled mirror connections#10729
dgarske merged 1 commit into
wolfSSL:masterfrom
julek-wolfssl:ci-deps-full-timeout

Conversation

@julek-wolfssl

Copy link
Copy Markdown
Member

A single stalled apt mirror connection once hung the ubuntu-24.04-full /
ubuntu-22.04-full download for ~20 min (they normally finish in a few),
tripping the 20-min job timeout and leaving those tags stale. The per-package
retry() only re-runs on a non-zero exit, so a hang never tripped it.

Defends in depth in .github/workflows/ci-deps-image.yml:

  • apt drops a stalled connection after 30s and retries it
    (Acquire::http/https::Timeout, Acquire::Retries).
  • each apt-get is wrapped in timeout so a wedged process is hard-killed and
    retry() re-runs it from scratch.
  • raise the build job timeout 20 → 60 min as a final backstop.

A single stalled apt mirror connection hung the ubuntu-24.04-full /
ubuntu-22.04-full download for ~20 min (they normally finish in a few),
tripping the 20-min job timeout and leaving those tags stale. The per-package
retry() only re-runs on a non-zero exit, so a hang never tripped it.

- apt drops a stalled connection after 30s and retries it
  (Acquire::http/https::Timeout, Acquire::Retries).
- each apt-get is wrapped in `timeout` so a wedged process is hard-killed and
  retry() re-runs it from scratch.
- raise the build job timeout 20 -> 60 min as a final backstop.
Copilot AI review requested due to automatic review settings June 18, 2026 11:12
@julek-wolfssl julek-wolfssl self-assigned this Jun 18, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the ci-deps-image workflow against stalled apt mirror connections that can hang downloads long enough to hit the job timeout and leave ubuntu-22.04-full / ubuntu-24.04-full tags stale.

Changes:

  • Adds apt acquire timeouts and retry options to drop stalled connections quickly.
  • Wraps apt-get update and per-package apt-get install --download-only in timeout so hangs become retryable failures.
  • Increases the job-level timeout from 20 → 60 minutes as a final backstop.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@julek-wolfssl julek-wolfssl marked this pull request as ready for review June 18, 2026 11:24
@github-actions

Copy link
Copy Markdown

retest this please

@dgarske dgarske merged commit e95376c into wolfSSL:master Jun 18, 2026
408 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants