ci(apt): extract AWS apt mirror swap into shared script

The mirror swap was duplicated across two workflows. Move it into
Tools/ci/use_aws_apt_mirror.sh and call the script from each workflow
after checkout but before any heavy apt work like Tools/setup/ubuntu.sh.

The script no-ops outside runs-on (RUNS_ON_AWS_REGION unset), so it is
safe to call from forks, self-hosted runners, or local container runs
without changing behavior there. The region is read from the runs-on
environment instead of being hardcoded, so future region changes only
need updating where the runner is provisioned.

The bootstrap 'apt install git' step keeps the default mirror because
git is one package and is unlikely to hit the dep11 desync issue that
broke ubuntu.sh.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>

.github/workflows/build_deb_package.yml

@@ -90,17 +90,6 @@ jobs:
 
       - name: Fix git in container
         run: |
-          # Switch to AWS regional mirrors. runs-on instances are in us-west-2,
-          # and the EC2 archive mirrors are Canonical-operated, region-local,
-          # and sync aggressively. The default archive.ubuntu.com round-robin
-          # sometimes serves out-of-sync index files mid-sync, breaking
-          # apt-get update.
-          if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
-            sed -i 's|http://archive.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g; s|http://security.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g' /etc/apt/sources.list.d/ubuntu.sources
-          fi
-          if [ -f /etc/apt/sources.list ]; then
-            sed -i 's|http://archive.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g; s|http://security.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g' /etc/apt/sources.list
-          fi
           apt-get update && apt-get install -y git
           git config --global --add safe.directory $(realpath .)
 
@@ -109,6 +98,9 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
+      - name: Use AWS regional apt mirror
+        run: ./Tools/ci/use_aws_apt_mirror.sh
+
       - name: Cache apt packages
         uses: actions/cache@v4
         with:

.github/workflows/compile_ubuntu.yml

@@ -38,17 +38,6 @@ jobs:
 
       - name: Fix git in container
         run: |
-          # Switch to AWS regional mirrors. runs-on instances are in us-west-2,
-          # and the EC2 archive mirrors are Canonical-operated, region-local,
-          # and sync aggressively. The default archive.ubuntu.com round-robin
-          # sometimes serves out-of-sync index files mid-sync, breaking
-          # apt-get update.
-          if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
-            sed -i 's|http://archive.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g; s|http://security.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g' /etc/apt/sources.list.d/ubuntu.sources
-          fi
-          if [ -f /etc/apt/sources.list ]; then
-            sed -i 's|http://archive.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g; s|http://security.ubuntu.com/ubuntu|http://us-west-2.ec2.archive.ubuntu.com/ubuntu|g' /etc/apt/sources.list
-          fi
           # we only need this because we are running the job in a container
           # when checkout pulls git it does it in a shared volume
           # and file ownership changes between steps
@@ -60,6 +49,9 @@ jobs:
 
       - uses: actions/checkout@v4
 
+      - name: Use AWS regional apt mirror
+        run: ./Tools/ci/use_aws_apt_mirror.sh
+
       - name: Install Deps, Build, and Make Quick Check
         run: |
           # we need to install dependencies and build on the same step