Composite GHA action with caching

.github/actions/install-apt-deps/action.yml

@@ -0,0 +1,92 @@
+name: 'Install apt dependencies'
+description: 'Install apt packages with retry logic and caching'
+inputs:
+  packages:
+    description: 'Space-separated list of apt packages to install'
+    required: true
+  retries:
+    description: 'Number of retry attempts'
+    required: false
+    default: '3'
+  retry-delay:
+    description: 'Initial delay between retries (seconds, doubles each attempt)'
+    required: false
+    default: '5'
+  no-install-recommends:
+    description: 'Pass --no-install-recommends to apt-get install'
+    required: false
+    default: 'false'
+  cache:
+    description: 'Cache apt archives (disable for dynamic package names)'
+    required: false
+    default: 'true'
+runs:
+  using: 'composite'
+  steps:
+    - name: Compute cache key
+      if: inputs.cache == 'true'
+      id: cache-key
+      shell: bash
+      run: |
+        SORTED_PKGS=$(echo "${{ inputs.packages }}" | tr ' ' '\n' | sort | tr '\n' ' ')
+        PKG_HASH=$(echo "$SORTED_PKGS" | sha256sum | cut -d' ' -f1 | head -c 16)
+        OS_VERSION=$(lsb_release -rs 2>/dev/null || echo "unknown")
+        echo "key=apt-deps-${{ runner.os }}-${{ runner.arch }}-${OS_VERSION}-${PKG_HASH}" >> $GITHUB_OUTPUT
+        echo "restore-key=apt-deps-${{ runner.os }}-${{ runner.arch }}-${OS_VERSION}-" >> $GITHUB_OUTPUT
+
+    - name: Restore apt cache
+      if: inputs.cache == 'true'
+      id: apt-cache
+      uses: actions/cache/restore@v4
+      with:
+        path: ~/apt-cache
+        key: ${{ steps.cache-key.outputs.key }}
+        restore-keys: ${{ steps.cache-key.outputs.restore-key }}
+
+    - name: Pre-seed apt archives from cache
+      if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit == 'true'
+      shell: bash
+      run: |
+        if [ -d ~/apt-cache ] && ls ~/apt-cache/*.deb >/dev/null 2>&1; then
+          sudo cp ~/apt-cache/*.deb /var/cache/apt/archives/
+          echo "Restored $(ls ~/apt-cache/*.deb | wc -l) cached .deb files"
+        fi
+
+    - name: Install packages
+      shell: bash
+      run: |
+        export DEBIAN_FRONTEND=noninteractive
+        RETRIES=${{ inputs.retries }}
+        DELAY=${{ inputs.retry-delay }}
+        NO_REC=""
+        if [ "${{ inputs.no-install-recommends }}" = "true" ]; then
+          NO_REC="--no-install-recommends"
+        fi
+        for i in $(seq 1 $RETRIES); do
+          if sudo apt-get update -q && \
+             sudo apt-get install -y $NO_REC ${{ inputs.packages }}; then
+            exit 0
+          fi
+          if [ "$i" -eq "$RETRIES" ]; then
+            echo "::error::apt-get failed after $RETRIES attempts"
+            exit 1
+          fi
+          echo "::warning::apt-get failed (attempt $i/$RETRIES), retrying in ${DELAY}s..."
+          sleep $DELAY
+          DELAY=$((DELAY * 2))
+        done
+
+    - name: Collect .deb files for cache
+      if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        mkdir -p ~/apt-cache
+        cp /var/cache/apt/archives/*.deb ~/apt-cache/ 2>/dev/null || true
+        echo "Cached $(ls ~/apt-cache/*.deb 2>/dev/null | wc -l) .deb files"
+
+    - name: Save apt cache
+      if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit != 'true'
+      uses: actions/cache/save@v4
+      with:
+        path: ~/apt-cache
+        key: ${{ steps.cache-key.outputs.key }}

.github/workflows/ada.yml

@@ -56,11 +56,14 @@ jobs:
       if: ${{ failure() && steps.examples.outcome == 'failure' }}
       run: cat ./wrapper/Ada/examples/server.log
 
+    - name: Install valgrind
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: valgrind
+
     - name: Run Ada wrapper tests (valgrind)
       working-directory: ./wrapper/Ada/tests
       run: |
-        sudo apt-get update
-        sudo apt-get install -y valgrind
         valgrind --leak-check=full --error-exitcode=1 \
           --suppressions=valgrind.supp ./bin/tests
 

.github/workflows/bind.yml

@@ -52,6 +52,12 @@ jobs:
     timeout-minutes: 10
     needs: build_wolfssl
     steps:
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
+
       - name: Download lib
         uses: actions/download-artifact@v4
         with:
@@ -61,12 +67,9 @@ jobs:
         run: tar -xf build-dir.tgz
 
       - name: Install dependencies
-        run: |
-          # Don't prompt for anything
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          # hostap dependencies
-          sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev liburcu-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev liburcu-dev
 
       - name: Checkout OSP
         uses: actions/checkout@v4

.github/workflows/cmake-autoconf.yml

@@ -15,11 +15,10 @@ jobs:
 # pull wolfSSL
     - uses: actions/checkout@v4
 
-# install cmake and autotools
-    - name: Install cmake
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y cmake autoconf automake libtool
+    - name: Install cmake and autotools
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: cmake autoconf automake libtool
 
 # build and install wolfssl via autotools for CMake consumer test
     - name: Build wolfssl with autotools

.github/workflows/cmake.yml

@@ -15,11 +15,10 @@ jobs:
 # pull wolfSSL
     - uses: actions/checkout@v4
 
-# install cmake
     - name: Install cmake
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y cmake
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: cmake
 
 # build wolfssl
     - name: Build wolfssl

.github/workflows/curl.yml

@@ -49,10 +49,16 @@ jobs:
       matrix:
         curl_ref: [ 'master', 'curl-8_4_0' ]
     steps:
+    - name: Checkout wolfSSL CI actions
+      uses: actions/checkout@v4
+      with:
+        sparse-checkout: .github/actions
+        depth: 1
+
     - name: Install test dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket apache2 apache2-dev
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: nghttp2 libpsl5 libpsl-dev python3-impacket apache2 apache2-dev
 
     - name: Download lib
       uses: actions/download-artifact@v4

.github/workflows/cyrus-sasl.yml

@@ -53,13 +53,16 @@ jobs:
     timeout-minutes: 4
     needs: build_wolfssl
     steps:
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
+
       - name: Install dependencies
-        run: |
-          # Don't prompt for anything
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
-            libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: krb5-kdc krb5-otp libkrb5-dev libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
 
       - name: Download lib
         uses: actions/download-artifact@v4

.github/workflows/grpc.yml

@@ -62,9 +62,16 @@ jobs:
           ip addr list lo | grep 'inet '
           ip addr list lo | grep 'inet6 '
 
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
+
       - name: Install prereqs
-        run:
-          sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: build-essential autoconf libtool pkg-config cmake clang libc++-dev
 
       - name: Download lib
         uses: actions/download-artifact@v4

.github/workflows/haproxy.yml

@@ -49,10 +49,16 @@ jobs:
       matrix:
         haproxy_ref: [ 'v3.1.0', 'v3.2.0']
     steps:
+    - name: Checkout wolfSSL CI actions
+      uses: actions/checkout@v4
+      with:
+        sparse-checkout: .github/actions
+        depth: 1
+
     - name: Install test dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install libpcre2-dev
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: libpcre2-dev
 
     - name: Download lib
       uses: actions/download-artifact@v4

.github/workflows/hostap-vm.yml

@@ -211,15 +211,12 @@ jobs:
         run: tar -xf build-dir.tgz
 
       - name: Install dependencies
-        run: |
-          # Don't prompt for anything
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          # hostap dependencies
-          sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
-            libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
-            libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
-          sudo pip install pycryptodome
+        uses: ./wolfssl/.github/actions/install-apt-deps
+        with:
+          packages: libpcap0.8 libpcap-dev curl libcurl4-openssl-dev libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
+
+      - name: Install pip dependencies
+        run: sudo pip install pycryptodome
 
       - name: Checking if we have hostap in cache
         uses: actions/cache/restore@v4

.github/workflows/ipmitool.yml

@@ -51,8 +51,15 @@ jobs:
     runs-on: ubuntu-24.04
     needs: build_wolfssl
     steps:
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
       - name: Install dependencies
-        run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: libreadline-dev
       - name: Download lib
         uses: actions/download-artifact@v4
         with:

.github/workflows/jwt-cpp.yml

@@ -54,12 +54,16 @@ jobs:
     runs-on: ${{ matrix.config.runner }}
     needs: build_wolfssl
     steps:
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
+
       - name: Install dependencies
-        run: |
-          # Don't prompt for anything
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          sudo apt-get install libgtest-dev
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: libgtest-dev
 
       - name: Download lib
         uses: actions/download-artifact@v4

.github/workflows/linuxkm.yml

@@ -31,8 +31,11 @@ jobs:
       - name: Prepare target kernel for module builds
         run: |
           echo "updating linux-headers"
-          sudo apt-get update || $(exit 2)
-          sudo apt-get install linux-headers-$(uname -r) -y || $(exit 3)
+          for i in 1 2 3; do
+            sudo apt-get update && sudo apt-get install -y linux-headers-$(uname -r) && break
+            echo "::warning::apt-get failed (attempt $i/3), retrying..."
+            sleep $((5 * i))
+          done || $(exit 2)
           echo "preparing target kernel $(uname -r)"
           pushd "/lib/modules/$(uname -r)/build" || $(exit 4)
           if [ -f /proc/config.gz ]; then gzip -dc /proc/config.gz > /tmp/.config && sudo mv /tmp/.config . || $(exit 5); elif [ -f "/boot/config-$(uname -r)" ]; then sudo cp -p "/boot/config-$(uname -r)" .config || $(exit 6); fi

.github/workflows/memcached.yml

@@ -65,11 +65,16 @@ jobs:
           repository: wolfssl/osp
           path: osp
 
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
+
       - name: Install dependencies
-        run: |
-            export DEBIAN_FRONTEND=noninteractive
-            sudo apt-get update
-            sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
 
       - name: Checkout memcached
         uses: actions/checkout@v4

.github/workflows/mono.yml

@@ -20,6 +20,12 @@ jobs:
     timeout-minutes: 10
     steps:
 
+    - name: Checkout wolfSSL CI actions
+      uses: actions/checkout@v4
+      with:
+        sparse-checkout: .github/actions
+        depth: 1
+
     # Build wolfSSL using the user_settings.h from the C# wrapper directory
     - name: Build wolfSSL
       uses: wolfSSL/actions-build-autotools-project@v1
@@ -30,9 +36,9 @@ jobs:
         check: false
 
     - name: Install mono-complete
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y mono-complete
+      uses: ./.github/actions/install-apt-deps
+      with:
+        packages: mono-complete
 
     - name: Copy wolfSSL.dll to C# wrapper directory
       run: |

.github/workflows/mosquitto.yml

@@ -64,11 +64,16 @@ jobs:
           repository: wolfssl/osp
           path: osp
 
+      - name: Checkout wolfSSL CI actions
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/actions
+          depth: 1
+
       - name: Install dependencies
-        run: |
-            export DEBIAN_FRONTEND=noninteractive
-            sudo apt-get update
-            sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
 
       - name: Checkout mosquitto
         uses: actions/checkout@v4