Open dcecile opened 4 years ago
It has nothing to do with the problem itself, but you should think a little more about caching. Downloading and decompressing are also costly. Considering those, is 35 seconds really long? In my opinion, it's not.
And the current setup doesn't guarantee that the contents of /var/lib/apt/lists
will not be changed.
Hmm I suppose 35 seconds isn't that long, but I'm not sure what the total Apt time will be if we start installing more packages.
Semaphore (another CI/CD platform) recommends 10 minutes as the maximum time for continuous integration. Any longer, and developers start changing their behaviour to work around the build system.
So depending on what your current times are, I think that saving 30 seconds or 1 minute can help.
In my opinion, there is basically no need to run an update. It's probably faster if you don't do it. Also, the package manager is not a build system; it probably won't be slower than you think. (Unless you specify that explicitly.)
I fixed a similar issue by setting the restore target's permissions with chmod -R a+rwx
before the caching step. The restore seems to action correctly with this, but it for sure would be better not to have to do this.
This took a 16min build down to 1min, because a full compile step for a utility binary could be skipped; no need to install the language's runtime, clone the remote repo, then build and install the binary.
Saving time matters for GH Actions. Anything that can be done to reduce the time for them to complete, even if it's only a few seconds, can have a big impact.
I was able to at least successfully save a cache of the downloaded .deb
packages with this step:
- name: Cache APT packages
uses: actions/cache@v2
with:
path: |
/var/cache/apt/archives/**.deb
!/var/cache/apt/archives/partial
!/var/cache/apt/archives/lock
key: ${{ runner.os }}-apt
However, when attempting to restore this cache, the attempt to extract these cached files still results in Cannot open: Permission denied
errors for each file:
Received 0 of 85361645 (0.0%), 0.0 MBs/sec
Received 71303168 of 85361645 (83.5%), 34.0 MBs/sec
Received 85361645 of 85361645 (100.0%), 35.8 MBs/sec
Cache Size: ~81 MB (85361645 B)
/bin/tar --use-compress-program zstd -d -xf /home/runner/work/_temp/6cb673f4-802b-4627-a69c-fc30b46f495f/cache.tzst -P -C /home/runner/work/haxe/haxe
/bin/tar: ../../../../../var/cache/apt/archives/autopoint_0.19.8.1-6ubuntu0.3_all.deb: Cannot open: Permission denied
/bin/tar: ../../../../../var/cache/apt/archives/bubblewrap_0.2.1-1ubuntu0.1_amd64.deb: Cannot open: Permission denied
⋮
⋮ (50 more lines omitted)
⋮
/bin/tar: ../../../../../var/cache/apt/archives/x11proto-randr-dev_2018.4-4_all.deb: Cannot open: Permission denied
/bin/tar: ../../../../../var/cache/apt/archives/x11proto-xinerama-dev_2018.4-4_all.deb: Cannot open: Permission denied
/bin/tar: Exiting with failure status due to previous errors
Warning: Tar failed with error: The process '/bin/tar' failed with exit code 2
If we could just have an option for running the /bin/tar
command as sudo, that would make this tool significantly easier to use for caching system packages (like those installed by apt).
I have a workflow that opens a Nix shell. It has a lot of small dependencies, and it takes about 4 minutes to download them from various Nix binary caches. Seems like it would be faster to restore from github's cache. Is there some reason the restore can't just run as root?
Caching system dependencies installed using apt
is a a no brainer when it comes to use cases. If you have to run sudo apt-get install ...
stands to reason you need to run sudo tar ...
to restore the cache.
This feature would be very useful to a lot of people! :+1:
I have a workflow that opens a Nix shell. It has a lot of small dependencies, and it takes about 4 minutes to download them from various Nix binary caches. Seems like it would be faster to restore from github's cache. Is there some reason the restore can't just run as root?
Hitting the same problem with the nix store, I found this workaround, which has unblocked us for the moment: https://github.com/WP2Static/wp2static-integration-tests/blob/900fb6e0f8d2c2b8656dfa3d9ac475b66d119806/.github/workflows/test.yml#L40-L49
This issue is stale because it has been open for 200 days with no activity. Leave a comment to avoid closing this issue in 5 days.
Caching system dependencies installed using
apt
is a a no brainer when it comes to use cases. If you have to runsudo apt-get install ...
stands to reason you need to runsudo tar ...
to restore the cache.This feature would be very useful to a lot of people! 👍
I wonder if anyone tried messing the file permissions on the host before caching occurs, so the current user can rewrite the system cache. It is bit of security nightmare but it might work and it would happen only on CI.
Caching system dependencies installed using
apt
is a a no brainer when it comes to use cases. If you have to runsudo apt-get install ...
stands to reason you need to runsudo tar ...
to restore the cache.This feature would be very useful to a lot of people! 👍
I feel joshmgross's comment here does reason why we can't use sudo for tar
Because of permissions I feel this is not possible. Workaround can be to download binaries in a directory and cache that. While restoring install binaries from that directory. Or you can do what @ssbarnea suggested.
FWIW, I saw that this action seems to offer caching for apt installs: https://github.com/awalsh128/cache-apt-pkgs-action. I'm not affiliated and don't know how the action implements caching, but I think it might be of interest here
FWIW, I saw that this action seems to offer caching for apt installs: https://github.com/awalsh128/cache-apt-pkgs-action.
A quick look at that seems to indicate that it tries to cache the package files after installation, which seems extremely risky. I'd like to simply cache the results of apt-get update
(~12s on the ubuntu-22.04 runner) and the actual .deb files downloaded (~9 seconds for libgdal-dev and its dependencies), to speed that up a bit.
This issue is stale because it has been open for 200 days with no activity. Leave a comment to avoid closing this issue in 5 days.
/bin/tar: ./archives/partial: Cannot open: Permission denied
Everything runs inside a docker. Therefore, there is no reason not to permit it, so we can do what needs to be done.
This is also affecting us. Also agree that some sort of sudo|runAsUser
flag should be supported for this action.
Also getting hit by this. Don't know why this directly is being hit. It would be awesome to be able to pass args to tar or otherwise ignore files that can't be cached.
The default behavior should be to just skip the files or warn about them. Seems like an easy change.
With the separate save/restore actions, you can now do something like
- name: Calculate apt sources hash
id: apt-list
run: |
echo -n hash= >> $GITHUB_OUTPUT
tar -cf - --sort=name /var/lib/apt/lists | sha256sum | cut -f 1 -d ' ' >> $GITHUB_OUTPUT
- name: Restore apt archives
uses: actions/cache/restore@v3
with:
path: apt-archives
key: ${{ env.ImageOS }}-apt-${{ steps.apt-list.outputs.hash }}
restore-keys: |
${{ env.ImageOS }}-apt-
- name: Install OS dependencies
run: |
mkdir -p apt-archives
sudo cp -a apt-archives /var/cache/apt/archives
sudo apt-get install -y my-package
cp -a /var/cache/apt/archives/*.deb apt-archives
- name: Save apt archives
uses: actions/cache/save@v3
with:
path: apt-archives
key: ${{ env.ImageOS }}-apt-${{ steps.apt-cache.outputs.hash }}
I've tried to cache /etc/ansible/facts.d
folder, but got the permission denied instead:
/usr/bin/tar -xf /home/runner/work/_temp/5b361ac7-c53e-487a-a535-0b733a9facbb/cache.tzst -P -C /home/runner/work/EA31337-classes/EA31337-classes --use-compress-program unzstd
/usr/bin/tar: ../../../../../etc/ansible: Cannot mkdir: Permission denied
/usr/bin/tar: ../../../../../etc/ansible/facts.d: Cannot mkdir: No such file or directory
/usr/bin/tar: ../../../../../etc/ansible: Cannot mkdir: Permission denied
Workflow code:
actions/cache@v4
with:
path: /etc/ansible/facts.d
How to fix it?
Based on @joshmgross's latest comment in https://github.com/actions/cache/issues/133#issuecomment-629381394, here's my use case, same as @evandrocoan https://github.com/actions/cache/issues/133#issuecomment-602695437...
caching Apt list and package files in Ubuntu
Example workflow
The Apt step here takes about 35 seconds without caching. I'm hoping the cache will improve that. I'm also not 100% sure about the paths because I haven't been able to test it yet.
Error during post job