Description
When multiple package repositories trigger package-updated dispatches in quick succession, packages from repositories not included in the current dispatch's target are removed from the APT repository.
Root Cause
The workflow uses concurrency.cancel-in-progress: false, which correctly serializes workflow runs. However, when a dispatch targets a specific repository (e.g., halos-core-containers), the workflow:
- Downloads packages only from the target repository
- Rebuilds the entire APT repository index
- Removes all packages not in the current download set
This means if halos-marine-containers triggers a dispatch followed by halos-core-containers, the second run will remove all marine-* packages because they weren't downloaded in that run.
Evidence
From workflow run 20584198233 (triggered by halos-marine-containers):
Target Repository: hatlabs/halos-core-containers
The dispatch payload indicated halos-core-containers as the target, but the log shows it processed the wrong repository. The marine packages were removed:
rm 'pool/trixie-unstable/main/marine-opencpn-container_5.12.4-5_all.deb'
rm 'pool/trixie-unstable/main/marine-opencpn-container_5.12.4-6_all.deb'
But no new marine packages were added because only halos-core packages were downloaded.
Impact
- Users running
apt update don't see new packages
- Packages from other repositories are temporarily unavailable
- Requires manual re-triggering of builds to restore packages
Suggested Fix
Options to consider:
-
Always download from all repositories: Instead of filtering by target repository, always download from all package repositories and merge. This ensures no packages are lost.
-
Incremental updates: Instead of rebuilding the entire repository, only add/update packages from the target repository without removing others.
-
Lock file approach: Maintain a manifest of all packages that should be in the repository and only remove packages that are genuinely obsolete (not just missing from the current download).
-
Review dispatch logic: Ensure the target repository in the payload matches the repository that actually triggered the dispatch.
Reproduction
- Merge a PR to
halos-marine-containers
- Quickly merge a PR to
halos-core-containers (or container-packaging-tools)
- The second dispatch may remove marine packages
Workaround
Manually re-trigger the build for the affected repository:
gh workflow run "Main Branch CI/CD" --repo hatlabs/halos-marine-containers --ref main
Description
When multiple package repositories trigger
package-updateddispatches in quick succession, packages from repositories not included in the current dispatch's target are removed from the APT repository.Root Cause
The workflow uses
concurrency.cancel-in-progress: false, which correctly serializes workflow runs. However, when a dispatch targets a specific repository (e.g.,halos-core-containers), the workflow:This means if
halos-marine-containerstriggers a dispatch followed byhalos-core-containers, the second run will remove all marine-* packages because they weren't downloaded in that run.Evidence
From workflow run 20584198233 (triggered by halos-marine-containers):
The dispatch payload indicated
halos-core-containersas the target, but the log shows it processed the wrong repository. The marine packages were removed:But no new marine packages were added because only halos-core packages were downloaded.
Impact
apt updatedon't see new packagesSuggested Fix
Options to consider:
Always download from all repositories: Instead of filtering by target repository, always download from all package repositories and merge. This ensures no packages are lost.
Incremental updates: Instead of rebuilding the entire repository, only add/update packages from the target repository without removing others.
Lock file approach: Maintain a manifest of all packages that should be in the repository and only remove packages that are genuinely obsolete (not just missing from the current download).
Review dispatch logic: Ensure the target repository in the payload matches the repository that actually triggered the dispatch.
Reproduction
halos-marine-containershalos-core-containers(orcontainer-packaging-tools)Workaround
Manually re-trigger the build for the affected repository:
gh workflow run "Main Branch CI/CD" --repo hatlabs/halos-marine-containers --ref main