The existing add-repository parameter only supports apt-add-repository
(PPAs and simple repo formats). Many third-party repos (NVIDIA, Docker,
GitHub CLI, etc.) require downloading a GPG signing key and adding a
sources list entry with signed-by= referencing that keyring.
The new apt-sources input accepts multi-line entries in the format:
key_url | source_spec
Features:
- Downloads GPG keys, auto-detects armored vs binary format
- Supports both URL-based source files and inline deb lines
- Auto-detects deb822 (.sources) vs traditional (.list) format
- Injects signed-by= into source entries when not already present
- Removes conflicting pre-existing source files that reference the
same repo URL with a different keyring path
- Includes apt-sources content in cache key hash
- Validates HTTPS-only key URLs and proper line format
- Forces apt update when apt-sources is specified (bypasses staleness check)
Co-developed-by: Claude Code v2.1.58 (claude-opus-4-6)
Add comprehensive integration test workflow that exercises the action's
install, cache, and restore paths with real packages on GitHub Actions
runners. Tests cover:
- Basic install and cache round-trip (xdot, libxml2-dev)
- Cache hit and version pinning verification
- Custom apt repository support (ppa:savoury1/ffmpeg6)
- Multiple package installs with dependencies
- Support for apt-mark'd packages and version-pinned packages
- ARM64 architecture support
- Package with conflicts (default-jdk replacing default-jre-headless)
- Invalid inputs (bad version, empty packages, bad repo)
- dpkg registration verification after cache restore
Co-developed-by: Claude Code v2.1.58 (claude-opus-4-6)
- Use tee instead of redirect so install output is visible in the
workflow log while still being captured to the install log file
- Check PIPESTATUS[0] for the actual apt-fast exit code (since tee
always succeeds) and exit with a clear error message on failure
- Remove the redundant installed package list logging — the full
install output is now visible via tee, and the individual cache
lines already show each package being processed
Co-developed-by: Claude Code v2.1.58 (claude-opus-4-6)
Hash the list of pre-installed package names (dpkg-query -W) into the
cache key. This prevents cache collisions when different runners (e.g.,
GPU runners with CUDA pre-installed vs plain Ubuntu) request the same
packages — a cache built where packages were already present won't be
restored on a runner where they're missing.
Also adds a ::notice annotation so users can see the fingerprint in
the workflow summary and understand why different runners produce
different cache keys.
Co-developed-by: Claude Code v2.1.58 (claude-opus-4-6)
After cache restore, dpkg had no record of the installed packages because:
1. Only preinst/postinst scripts were cached from /var/lib/dpkg/info/,
missing .list, .md5sums, .conffiles, and other metadata files
2. The dpkg status database (/var/lib/dpkg/status) was never updated
This meant dpkg -s, apt list --installed, and anything checking package
state would not see the restored packages.
Fix:
- Cache all /var/lib/dpkg/info/<package>.* files (not just install scripts)
- Save each package's dpkg status entry to a .dpkg-status file
- On restore, append status entries to /var/lib/dpkg/status (skipping
packages that are already registered)
Additionally:
- Include directories in tar archives so that tar preserves their ownership
and permissions on restore (prevents 0077 umask issues on GPU runners)
- Include architecture qualifier (e.g., :i386) from apt's Unpacking log
in get_installed_packages, so multi-arch variants get separate cache
entries instead of being deduplicated
- When registering restored packages with dpkg, compare cached vs installed
versions and handle upgrades by replacing the old status entry
Co-developed-by: Claude Code v2.1.58 (claude-opus-4-6)
* Initial plan
* Fix ls error when no tar files exist in cache restore
Co-authored-by: awalsh128 <2087466+awalsh128@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: awalsh128 <2087466+awalsh128@users.noreply.github.com>
* Pull dev upstream to staging. (#112)
* Use awk to enclose filename in single quotes tar #99
* Add null field separator so filenames don't get broken up.
* Move upload logs up in the action sequence so it captures data before it gets deleted.
* Fix awk (#109)
---------
Co-authored-by: sn-o-w <cristian.silaghi@mozilla.ro>
* Fix awk delimiter.
Pull in fix by @sn-o-w in d0ee83b497 mentioned in issue #99
* Swap out Bash based APT query logic for Golang version. (#117)
* First version of a Golang version of command handling in general. (#118)
---------
Co-authored-by: sn-o-w <cristian.silaghi@mozilla.ro>
* Pull dev upstream to staging. (#112)
* Use awk to enclose filename in single quotes tar #99
* Add null field separator so filenames don't get broken up.
* Move upload logs up in the action sequence so it captures data before it gets deleted.
* Fix awk (#109)
---------
Co-authored-by: sn-o-w <cristian.silaghi@mozilla.ro>
* Fix awk delimiter.
Pull in fix by @sn-o-w in d0ee83b497 mentioned in issue #99
---------
Co-authored-by: sn-o-w <cristian.silaghi@mozilla.ro>
* fix: apt cache performance
Use a single call to apt-cache to reduce the time needed to lookup
package versions.
Also:
* Added millisecond details to log timing so slow operations can be more
easily identified.
* Perform apt update before determining package versions.
Fixes#103
* chore: descriptive variable names and use log_err
Added the review feedback, updating variable names to be more
descriptive and using log_err where appropriate.
* Address block style package issue #84#88
* Use cache key for upload artifact name #89.
* Sync master back to dev. (#92)
* Fix if condition for upload-logs step (#87)
Previously the if condition was always evaluating to a truthy string
(e.g. 'false == "true"' or 'true == "true"') as the string comparison
(`== 'true'`) was not inside the expression syntax (`${{ }}`) and thus
being treated as a string rather than being evaluated.
* Introduce a force update value for reloading cache #82
---------
Co-authored-by: Leroy Hopson <github@leroy.geek.nz>
---------
Co-authored-by: Leroy Hopson <github@leroy.geek.nz>
