ci(ubuntu22): install CMake from GitHub tarball, not apt.kitware.com

[Fedr]

Summary

Replace the apt.kitware.com CMake-upgrade recipe in docker/ubuntu22Dockerfile with a curl + tar install of the upstream Kitware release tarball published on GitHub.

Why we need a newer CMake than Ubuntu 22.04 ships

This isn't about MeshLib's own cmake_minimum_required — those all sit at 3.18 and Ubuntu 22.04's 3.22 satisfies them. The real requirement comes from the combination of source/MRCuda/CMakeLists.txt using CUDA_STANDARD 20 and the CUDA 12.6 toolkit installed in the image. CMake's NVCC-flag table maps (CMake version × NVCC version) → "how to pass -std=c++20". CMake 3.22 (released Jan 2022) predates CUDA 12.6 and has no entry for that pair, so it fails at CUDA project detection with:

CMake Error in build/Release/CMakeFiles/CMakeTmp/CMakeLists.txt:
  Target "cmTC_*" requires the language dialect "CUDA20" (with compiler
  extensions), but CMake does not know the compile flags to use to enable it.
Call Stack:
  source/MRCuda/CMakeLists.txt:4 (project)

Demonstrated by #5963's failure on run 24821677923 — that PR tried to drop the CMake upgrade entirely, and CUDA configure failed exactly as described. So the upgrade is functionally required; this PR just moves where it comes from.

Why not keep pulling from apt.kitware.com

apt.kitware.com has been unreliable in ways our CI keeps hitting:

• Just now: the ubuntu22-arm64 image build on MRZlib: route compress and decompress streams through zlib-ng (native mode) #5959 (run 24800811051) died at this exact step with

  Could not connect to apt.kitware.com:443 (66.194.253.25). - connect (111: Connection refused)
  ...
  E: Unable to locate package kitware-archive-keyring
  

  The x64 leg in the same run succeeded — a regional/partial outage.
• Dec 2024: full-day outage documented on CMake Discourse, caused by a mis-issued SSL cert (for vtk.org instead of apt.kitware.com).

Kitware's apt repo is a single origin with no published HA strategy. GitHub Releases, by contrast, rides GitHub's CDN — the same infrastructure MeshLib CI already depends on for git clone, actions/checkout, and every submodule fetch on every run. Moving the dependency off apt.kitware.com removes a single point of failure without adding any new one.

The change

One file, docker/ubuntu22Dockerfile:

ENV CMAKE_VERSION=4.3.2
RUN set -eux; \
    apt remove --purge --auto-remove -y cmake; \
    ARCH=$(uname -m); \
    curl -fL -o /tmp/cmake.tar.gz \
        "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}-linux-${ARCH}.tar.gz"; \
    mkdir -p /opt/cmake; \
    tar -xzf /tmp/cmake.tar.gz -C /opt/cmake --strip-components=1; \
    rm /tmp/cmake.tar.gz; \
    ln -s /opt/cmake/bin/cmake /usr/local/bin/cmake; \
    ln -s /opt/cmake/bin/ctest /usr/local/bin/ctest; \
    ln -s /opt/cmake/bin/cpack /usr/local/bin/cpack

• CMAKE_VERSION=4.3.2 — latest stable from Kitware; it's the same binary Kitware publishes to apt.kitware.com. CUDA 12.6 + C++20 is well-supported here.
• uname -m dispatches to x86_64 or aarch64; Kitware's tarballs are named with exactly those suffixes.
• Binaries install to /opt/cmake/ and symlink into /usr/local/bin/, which wins over /usr/bin/cmake in PATH order.

Side benefits

• Reproducibility — pinning CMAKE_VERSION gives byte-identical images run-to-run; previously the Kitware apt index decided which CMake was installed based on whatever was newest at image-build time.
• Shorter image build — one curl + one tar vs. three sequential apt updates and an apt-key adv keyserver lookup. On the arm64 leg this step now completes in ~3.4 s (vs. the old flow that took ~35 s on success and hit connection timeouts on failure).
• Fewer transitive apt deps — drops software-properties-common, lsb-release, and the apt-key dance that existed only to feed apt-add-repository.
• Same code path on x86_64 and aarch64 — no architecture-specific branching in the recipe.

Scope

Only docker/ubuntu22Dockerfile is touched. docker/ubuntu24Dockerfile has never upgraded CMake — Ubuntu 24.04 noble's apt ships CMake 3.28, which does have an NVCC flag-table entry covering CUDA 12.6 + C++20, so no upgrade is needed there and no apt.kitware.com involvement either.

Verified on CI

Full green matrix on run 24803389235:

• prepare-image / linux-image-build-upload (ubuntu22, x64) — 12 m 40 s, new install step ran, image published
• prepare-image / linux-image-build-upload (ubuntu22, arm64) — 13 m 30 s, cmake-4.3.2-linux-aarch64.tar.gz pulled and unpacked in 3.4 s:

  + curl -fL -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v4.3.2/cmake-4.3.2-linux-aarch64.tar.gz
  + mkdir -p /opt/cmake
  + tar -xzf /tmp/cmake.tar.gz -C /opt/cmake --strip-components=1
  + ln -s /opt/cmake/bin/cmake /usr/local/bin/cmake
  

• ubuntu-arm64-build-test (ubuntu22, Release) — 24 m 46 s, full build + unit tests passed (CUDA project detection successful, CUDA20 dialect resolved)
• ubuntu-x64-build-test (ubuntu22, Release, GCC-12) — 43 m 26 s, same
• ubuntu24 legs (x64 GCC-13, x64 GCC-14, arm64) — all green, confirming nothing upstream of this PR depended on apt.kitware.com

🤖 Generated with Claude Code

[Fedr]

Closing as superseded. #5963 merged the smaller fix: delete the ubuntu22 CMake upgrade step entirely and gate CMAKE_CUDA_STANDARD on CMake version in ConfigureCuda.cmake (CUDA17 on < 3.25.2, CUDA20 otherwise). This PR's GitHub-tarball install works — and was verified green on a full matrix — but installs CMake 4.3.2 that MeshLib doesn't functionally need (the only gap Ubuntu 22.04's 3.22 had was NVCC+C++20, covered by the fallback). The merged approach has a smaller diff and fewer moving parts.