gha: refresh AppArmor settings for mysql in gha

[tarilabs]

Description

we introduced AppArmor setting as part of:

• Bump mysql container image to one with an aarch64 image #267 (comment)

To move to a later version of MySQL 8.0.x supporting also ARM.

We are currently using MySQL 8.3.0.

Also, application of AppArmor seems to fail for ubuntu-24.04, example:

Run set -x
  set -x
  sudo apt-get install apparmor-profiles
  sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
  shell: /usr/bin/bash -e {0}
  env:
    FORCE_COLOR: 1
    IMG_REGISTRY: ghcr.io
    IMG_ORG: kubeflow
    IMG_REPO: model-registry
    pythonLocation: /opt/hostedtoolcache/Python/3.9.[2](https://github.com/kubeflow/model-registry/actions/runs/15023419628/job/42218090795?pr=1111#step:13:2)2/x64
    PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/[3](https://github.com/kubeflow/model-registry/actions/runs/15023419628/job/42218090795?pr=1111#step:13:3).9.22/x64/lib/pkgconfig
    Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.22/x6[4](https://github.com/kubeflow/model-registry/actions/runs/15023419628/job/42218090795?pr=1111#step:13:4)
    Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.22/x64
    Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.22/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.9.22/x64/lib
    VIRTUALENV_PIP: 23.3.2
+ sudo apt-get install apparmor-profiles
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  apparmor-profiles
0 upgraded, 1 newly installed, 0 to remove and 21 not upgraded.
Need to get 39.6 kB of archives.
After this operation, 373 kB of additional disk space will be used.
Get:1 file:/etc/apt/apt-mirrors.txt Mirrorlist [144 B]
Ign:2 http://azure.archive.ubuntu.com/ubuntu noble-updates/main amd64 apparmor-profiles all 4.0.1really4.0.1-0ubuntu0.24.04.3
Ign:2 https://archive.ubuntu.com/ubuntu noble-updates/main amd64 apparmor-profiles all 4.0.1really4.0.1-0ubuntu0.24.04.3
Err:2 https://security.ubuntu.com/ubuntu noble-updates/main amd64 apparmor-profiles all 4.0.1really4.0.1-0ubuntu0.24.04.3
  404  Not Found [IP: [5](https://github.com/kubeflow/model-registry/actions/runs/15023419628/job/42218090795?pr=1111#step:13:5)2.147.219.192 80]
E: Failed to fetch https://security.ubuntu.com/ubuntu/pool/main/a/apparmor/apparmor-profiles_4.0.1really4.0.1-0ubuntu0.24.04.3_all.deb  404  Not Found [IP: 52.14[7](https://github.com/kubeflow/model-registry/actions/runs/15023419628/job/42218090795?pr=1111#step:13:7).219.192 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

in Remove AppArmor profile for mysql in KinD on GHA step.

Seems the AppArmor setting is:

• not available in https://security.ubuntu.com/ubuntu
• available in http://azure.archive.ubuntu.com/ubuntu

based on historic GHA runs on main.

The proposed changes just skip apt-install of the AppArmor profile, as in later GitHub runner image, they seems to be installed already out-of-the-box, thus avoiding the difference in the mirroring issue above.

How Has This Been Tested?

since the original failure of MySQL happened in GHA, this can only be tested on GHA.

Merge criteria:

• All the commits have been signed-off (To pass the DCO check)

• The commits have meaningful messages; the author will squash them after approval or in case of manual merges will ask to merge with squash.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work.
• Code changes follow the kubeflow contribution guidelines.
• For first time contributors: Please reach out to the Reviewers to ensure all tests are being run, ensuring the label ok-to-test has been added to the PR.

If you have UI changes

• The developer has added tests or explained why testing cannot be added.
• Included any necessary screenshots or gifs if it was a UI change.
• Verify that UI/UX changes conform the UX guidelines for Kubeflow.

[tarilabs]

now that's weird, the job failures ( example https://github.com/kubeflow/model-registry/actions/runs/15025633738/job/42225571023?pr=1112 ) reports on Mysql 8.0.x 🤔

[tarilabs]

Looks like:

• fix: mysql version fix 8.0.3 -> 8.3.0 #703 (comment)

was merged few minutes after the agreed merge of:

• Bump mysql container image to one with an aarch64 image #267 (review)

leading to this inconsistency. on it.

[tarilabs]

Unfortunately removing AppArmor exibhit the old issue in

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

for which we applied AppArmor config in

• Bump mysql container image to one with an aarch64 image #267 (comment)
  similar to
• MySQL Pod fails to become ready on KinD cluster manifests#2507

[tarilabs]

I've "branched out" the

• gha: refresh AppArmor settings for mysql in gha #1112 (comment)
• 6c1a4c8
  into
• manifests: align mysql image version between #267 and #703 #1113

[pboyd]

/lgtm

[pboyd]

/lgtm

[tarilabs]

• gha: refresh AppArmor settings for mysql in gha #1112 (review)

/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tarilabs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [tarilabs]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment