Fix CI: harden version computation and Dockerfile apt retries

Two fixes for the v0.3.x initial build failures: 1. **Compute Version step**: When no tags match v0.3.*, `grep` returns exit 1 which under `pipefail` killed the step before the empty-tag fallback could run. Added `|| true` to the pipeline so the fallback (`git rev-list --count HEAD`) runs correctly on first 0.3.x build. 2. **Dockerfile apt-get update**: Transient archive.ubuntu.com mirror sync failures (stale Packages.gz with mismatched hash) broke the GitHub CLI install step. Added a shell retry loop (5 attempts with 10s sleep, clearing /var/lib/apt/lists/* between retries) to both the main system packages step and the GitHub CLI step, plus Acquire::Retries=3 on the other apt-get update calls for transient network failures. Also includes the Cargo.lock 0.2.0 → 0.3.0 rev that went with the previous version bump commit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 09:09:30 -07:00
parent 4f23951379
commit d60124f1bd
3 changed files with 23 additions and 6 deletions
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -5,7 +5,17 @@ FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive

 # ── System packages ──────────────────────────────────────────────────────────
-RUN apt-get update && apt-get install -y --no-install-recommends \
+# The shell retry loop handles transient mirror-sync failures where
+# archive.ubuntu.com returns stale Packages.gz files with mismatched hashes
+# during hourly resyncs. Clearing /var/lib/apt/lists/* between attempts
+# forces a fresh fetch.
+RUN for i in 1 2 3 4 5; do \
+        apt-get -o Acquire::Retries=3 update && break; \
+        echo "apt-get update failed (attempt $i), retrying in 10s..."; \
+        rm -rf /var/lib/apt/lists/*; \
+        sleep 10; \
+    done \
+    && apt-get install -y --no-install-recommends \
    git \
    curl \
    wget \
@@ -38,7 +48,13 @@ RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
    && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
    > /etc/apt/sources.list.d/github-cli.list \
-    && apt-get update && apt-get install -y gh \
+    && for i in 1 2 3 4 5; do \
+        apt-get -o Acquire::Retries=3 update && break; \
+        echo "apt-get update failed (attempt $i), retrying in 10s..."; \
+        rm -rf /var/lib/apt/lists/*; \
+        sleep 10; \
+    done \
+    && apt-get install -y gh \
    && rm -rf /var/lib/apt/lists/*

 # ── Node.js LTS (22.x) + pnpm ───────────────────────────────────────────────
@@ -48,7 +64,7 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
    && npm install -g pnpm

 # ── Python 3 + pip + uv + ruff ──────────────────────────────────────────────
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get -o Acquire::Retries=3 update && apt-get install -y --no-install-recommends \
    python3 \
    python3-pip \
    python3-venv \
@@ -61,7 +77,7 @@ RUN install -m 0755 -d /etc/apt/keyrings \
    && chmod a+r /etc/apt/keyrings/docker.gpg \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
    > /etc/apt/sources.list.d/docker.list \
-    && apt-get update && apt-get install -y docker-ce-cli \
+    && apt-get -o Acquire::Retries=3 update && apt-get install -y docker-ce-cli \
    && rm -rf /var/lib/apt/lists/*

 # ── AWS CLI v2 ───────────────────────────────────────────────────────────────