apt-get update: Refresh Package Indexes in CI
apt-get update refreshes the local package index from every source in sources.list before you install anything.
Debian and Ubuntu images ship without a package index, so install fails until you run update first. In CI this one line prevents most stale-cache and 404 errors.
What it does
apt-get update downloads the Packages and Release files from each repository in /etc/apt/sources.list and /etc/apt/sources.list.d/. It does not install or upgrade anything; it only refreshes the index apt uses to resolve package names and versions.
Common usage
apt-get update
# combine with install in one RUN layer (Docker)
apt-get update && apt-get install -y --no-install-recommends curl ca-certificatesOptions
| Flag | What it does |
|---|---|
| -y | Assume yes to prompts (rarely needed for update itself) |
| -o <opt>=<val> | Set an apt config option, e.g. -o Acquire::Retries=3 |
| --allow-releaseinfo-change | Accept a repository whose Release metadata changed |
| -q / -qq | Quiet output (log-friendly) |
In CI
Always run apt-get update in the same layer as install so a cached Docker layer never pairs a stale index with a new install. Add -o Acquire::Retries=3 to survive flaky mirrors.
Common errors in CI
"404 Not Found" on a Packages or a .deb URL means the index is stale or a repo moved; re-run apt-get update. "The following signatures couldn't be verified because the public key is not available: NO_PUBKEY <id>" means a repo key is missing (import it with gpg into /etc/apt/keyrings). "Release file ... is not valid yet" means the runner clock is wrong; fix the container time.