fix: `apt-get install` RUN commands should always call `apt-get clean`

[callbacknull]

Running apt-get clean at the end of an apt-get install RUN command will help keep the apt cache from getting into a weird state. Cache being in a weird state can cause subsequent apt-get install RUN commands to fail.

fixes docker-library/buildpack-deps#40

[callbacknull]

@tianon So I think this PR still has great value. It's in docker's best practices docs to have this. Until a real solution for making docker do the apt-get clean properly is came up with I think this will save a lot of headaches for people (Including myself)

Also, if you noticed, ALL the CI tests passed. In my other pull request, which didn't have the apt-get clean, there was at least 1 failed test in each of the CI that ran.

[tianon]

The only mention of apt-get clean I see in that document is the following:

Note: The official Debian and Ubuntu images automatically run apt-get clean, so explicit invocation is not required.

I think the fact that it was failing before and passing now is a fluke (timing, mirror, or network related) -- we see them really often, and the APT maintainers are working on new features for APT to help mitigate some of those types of failures (like Hash Sum Mismatch).

[callbacknull]

Welp that's new then. A month ago when I visited that page and commented about it in #41 it did recommend having an apt-get clean at the end of your RUN installation line. The page has since been updated :/

If it were purely timing, network, or mirror related then shouldn't we see a similar rate of failure regardless of having an apt-get clean line? I don't believe this is the case - like I've said in #41 I used to have 1 in 8 of my builds failing. When I prepended my RUN install line with an apt-get clean I only encounter a failed build now approximately 1 in 25 builds.

To me that seems like the automagic apt cleaning docker attempts to do, that you pointed out to me in the issue, isn't working nearly as well as just having an apt-get clean at the end of your run installation.

I'll work up a comparison repo to demonstrate the problem this weekend. I think we're going to see a statistically significant difference in the failure rates between the ways of cleaning up an apt installation to show that this issue isn't purely a timing/network/mirror issue.

[tianon]

Closing, given that the base images include this functionality automatically (by design) -- if we can find reproducible edge cases where the base image isn't doing so properly, we should fix them there. :+1: :heart: