feat: add GitHub Actions network tuning to fix CI connectivity issues

- Add smorimoto/tune-github-hosted-runner-network action to E2E and LXD test workflows
- Fix intermittent network connectivity problems in GitHub Actions runners
- Address Docker GPG key download failures and apt repository timeouts
- Update documentation with comprehensive CI network troubleshooting guide
- Reference specific GitHub issues #1187 and #2890 for transparency
- All linters pass and documentation follows project standards

This should resolve the persistent 'Network is unreachable' errors in CI runs.

Author: josecelano

.github/workflows/test-e2e.yml

@@ -3,6 +3,10 @@ name: E2E Tests
 # NOTE: This workflow uses CI-specific approaches like 'sudo chmod 666' on the LXD socket
 # and 'sudo' with LXD commands. These approaches are NOT recommended for local development.
 # For local use, follow the proper group membership approach documented in templates/tofu/lxd/README.md
+#
+# NETWORK TUNING: We use smorimoto/tune-github-hosted-runner-network to fix flaky networking
+# issues that cause Docker GPG key downloads to fail intermittently in GitHub Actions.
+# See: https://github.com/actions/runner-images/issues/1187 and https://github.com/actions/runner-images/issues/2890
 
 on:
   push:
@@ -20,6 +24,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Tune GitHub-hosted runner network
+        uses: smorimoto/tune-github-hosted-runner-network@v1
+
       - name: Setup Rust toolchain
         uses: dtolnay/rust-toolchain@stable
         with:

.github/workflows/test-lxd-provision.yml

@@ -3,6 +3,10 @@ name: Test LXD Container Provisioning
 # NOTE: This workflow uses CI-specific approaches like 'sudo chmod 666' on the LXD socket
 # and 'sudo' with LXD commands. These approaches are NOT recommended for local development.
 # For local use, follow the proper group membership approach documented in templates/tofu/lxd/README.md
+#
+# NETWORK TUNING: We use smorimoto/tune-github-hosted-runner-network to fix flaky networking
+# issues that may affect container provisioning in GitHub Actions.
+# See: https://github.com/actions/runner-images/issues/1187
 
 on:
   push:
@@ -20,6 +24,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Tune GitHub-hosted runner network
+        uses: smorimoto/tune-github-hosted-runner-network@v1
+
       - name: Install and configure LXD
         run: ./scripts/setup/install-lxd-ci.sh
 

docs/e2e-testing.md

@@ -127,6 +127,31 @@ tofu destroy -auto-approve
 - **SSH connectivity failures**: Usually means cloud-init is still running or SSH configuration failed
 - **Ansible connection errors**: Check if the container IP is accessible and SSH key permissions are correct
 - **OpenTofu errors**: Ensure LXD is properly configured and you have sufficient privileges
+- **Network connectivity issues in CI**: See [CI Network Issues](#ci-network-issues) section below
+
+### CI Network Issues
+
+GitHub Actions runners sometimes experience intermittent network connectivity problems that can cause:
+
+- Docker GPG key downloads to fail (`Network is unreachable` errors)
+- Package repository access timeouts
+- Generally flaky network behavior
+
+**Root Cause**: This is a known issue with GitHub-hosted runners running in Azure:
+
+- [GitHub Issue #1187](https://github.com/actions/runner-images/issues/1187) - Original networking issue
+- [GitHub Issue #2890](https://github.com/actions/runner-images/issues/2890) - Specific apt repository timeout issues
+
+**Solution**: We use the [`smorimoto/tune-github-hosted-runner-network`](https://github.com/marketplace/actions/tune-github-hosted-runner-network) action to disable TCP/UDP offload and fix these networking issues.
+
+**Implementation**: The action is automatically added to CI workflows and runs before any network-dependent operations.
+
+**Playbook Adaptations**: Our Ansible playbooks also include:
+
+- CI environment detection
+- Adaptive retry strategies with longer timeouts in CI
+- Graceful handling of network failures
+- Fallback installation methods when needed
 
 ### Debug Mode
 

project-words.txt

@@ -33,6 +33,7 @@ rustflags
 rustup
 serde
 shellcheck
+smorimoto
 subshell
 sysfs
 Taplo