What
Force fresh download in kcenon/vcpkg-registry's vcpkg-consume-test.yml workflow so that SHA mismatches are surfaced instead of silently sidestepped by vcpkg's archive cache.
Part of #674 (kcenon/common_system).
Why
The weekly vcpkg-consume-test.yml PASSED throughout the period when all 8 kcenon ports had SHA mismatches in their portfiles (see #87 for the audit). The reason: vcpkg's archive cache hits sidestep SHA verification on subsequent installs. New cold-cache consumers (new CI runners, new users) hit 100% install failure on every kcenon port — but the consume-test never noticed because the runner kept warming the cache.
This is the primary detection gap: the test infrastructure that should have caught the systemic flaw was masked by the very caching layer it was meant to validate against.
Where
| Item |
Value |
| Repository |
kcenon/vcpkg-registry |
| Workflow file |
.github/workflows/vcpkg-consume-test.yml |
| Affected steps |
Any step that runs vcpkg install kcenon-* |
How
Implementation options (pick one based on workflow shape)
- Per-job binary cache disable — pass
--no-binary-caching to vcpkg install (or set X_VCPKG_NO_BINARY_CACHE=1) so the registry download is forced to re-verify against the portfile SHA every run.
- Per-job runner cleanup — clean
${VCPKG_DEFAULT_BINARY_CACHE} and the archive cache at the start of each job so subsequent installs cannot rely on a previous run's verified archive.
- Matrix expansion — add a "cold-cache" matrix dimension that runs at least one job per cycle on a fresh runner with empty caches.
Prefer option 1 if vcpkg supports the flag in the version pinned in the workflow; fall back to option 2 otherwise.
Acceptance criteria
References
What
Force fresh download in
kcenon/vcpkg-registry'svcpkg-consume-test.ymlworkflow so that SHA mismatches are surfaced instead of silently sidestepped by vcpkg's archive cache.Part of #674 (kcenon/common_system).
Why
The weekly
vcpkg-consume-test.ymlPASSED throughout the period when all 8 kcenon ports had SHA mismatches in their portfiles (see #87 for the audit). The reason: vcpkg's archive cache hits sidestep SHA verification on subsequent installs. New cold-cache consumers (new CI runners, new users) hit 100% install failure on every kcenon port — but the consume-test never noticed because the runner kept warming the cache.This is the primary detection gap: the test infrastructure that should have caught the systemic flaw was masked by the very caching layer it was meant to validate against.
Where
kcenon/vcpkg-registry.github/workflows/vcpkg-consume-test.ymlvcpkg install kcenon-*How
Implementation options (pick one based on workflow shape)
--no-binary-cachingtovcpkg install(or setX_VCPKG_NO_BINARY_CACHE=1) so the registry download is forced to re-verify against the portfile SHA every run.${VCPKG_DEFAULT_BINARY_CACHE}and the archive cache at the start of each job so subsequent installs cannot rely on a previous run's verified archive.Prefer option 1 if vcpkg supports the flag in the version pinned in the workflow; fall back to option 2 otherwise.
Acceptance criteria
vcpkg-consume-test.ymlruns at least one matrix combination per cycle without binary caching (or with explicitly cleared caches)References