feat(_release-rust): product-generic .deb path (binary_name + optional -p)#109
Merged
Conversation
…tional -p)
Generalize the Debian `.deb` build step in the reusable `_release-rust.yml`
so it is no longer hardcoded to kache, in a fully backward-compatible way.
- Deb filename now derives from the existing `inputs.binary_name`:
`${BINARY_NAME}_${VERSION}_${ARCH}.deb` instead of the hardcoded
`kache_…`. kache's binary_name is `kache`, so its asset name is
unchanged.
- New optional input `deb_package` (string, default ""). When non-empty,
`-p "$DEB_PACKAGE"` is passed to `cargo deb` (via `${DEB_PACKAGE:+…}`);
when empty, the command runs exactly as before (no `-p`, root package).
This unblocks Cargo-workspace consumers whose CLI lives in a member crate
(e.g. kunobi-ninja/kobe → binary `kobe` built from `-p kobe-ctl`,
producing `kobe_<version>_<arch>.deb`), while leaving the existing
single-root-package consumer (kunobi-ninja/kache) behavior identical.
Signing/notarize/exe/build steps are untouched.
binary_name becomes optional (default: kache) and the deb step falls back to kache when unset/empty, so omitting all the new inputs reproduces the original hardcoded kache behavior exactly. Lets the next tag (v11) be cut with zero risk to existing consumers.
jleni
pushed a commit
to kunobi-ninja/kobe
that referenced
this pull request
Jul 2, 2026
….io/nix) (#206) Split the `kobe` CLI into a thin `kobectl` workspace member (installed binary stays `kobe`) and add a signed multi-target release plus OS package distribution, mirroring sibling kache and reusing the shared Kunobi signing infra. Workspace - Move src/cli -> crates/kobectl (fully self-contained; no operator coupling). Root stays the kobe-operator package + [workspace]; version moves off 0.0.0 to [workspace.package].version, in lockstep with Chart.yaml appVersion. - kobectl: slim CLI-only deps (no aws-lc-sys/kunobi-ha/kunobi-reload), its own build.rs for BUILD_VERSION stamping, cargo-binstall + cargo-deb metadata (deb Package name = kobe). Trim TUI-only ratatui/crossterm from the operator. Release (ci.yml release-cli, _workflows@v11) - 6 targets incl. windows-msvc; build_deb, upload_windows_exe, enable_signing, notarize_macos; build_args "-p kobectl --bin kobe"; deb_package kobectl; crt-static; signing secrets + id-token. New version-consistency gate; the image publish is gated on it for releases; widened CI path filters; CI runs cargo test/clippy --workspace. Distribution - package-publish.yml: apt (R2, PGP-KMS) + brew (update-kobe-formula dispatch) + winget (gated on vars.ENABLE_WINGET). Gate waits on the release-cli upload. - publish-crates.yaml: publish kobectl on release (OIDC trusted publishing). - apt scripts + setup-pgp-kms-signing action + apt_config; flake.nix (nix run github:kunobi-ninja/kobe); install docs for every channel. - just bump/release + check-version-consistency.sh (gates workspace == Chart appVersion; the chart's own version is intentionally decoupled). - Bump quinn-proto -> 0.11.15 (RUSTSEC-2026-0185). Add Apache-2.0 LICENSE. Cross-repo prerequisites (separate PRs): Zondax/_workflows#109 (merged; v11), kunobi-ninja/kunobi-auth#61, kunobi-ninja/homebrew-kunobi#44, Zondax/gcp-code-signer#9, plus copying the shared signing secrets into the repo. Reviewed cross-family (Claude + codex).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Makes the Debian
.debbuild step in the reusable workflow.github/workflows/_release-rust.ymlproduct-generic, instead of hardcoding kache.Two changes to the
Build Debian packagestep:inputs.binary_name—${BINARY_NAME}_${VERSION}_${ARCH}.debinstead of the literalkache_….BINARY_NAME: ${{ inputs.binary_name }}is added to the stepenv:.deb_package(string, default""). When set,-p "$DEB_PACKAGE"is passed tocargo debvia${DEB_PACKAGE:+-p "$DEB_PACKAGE"}; when empty, the command runs exactly as today (no-p).The signing / notarize / bare-exe / build steps are untouched.
Backward compatibility (kache)
100% backward-compatible for the existing consumer
kunobi-ninja/kache:binary_nameiskache, so${BINARY_NAME}_…→kache_<version>_<arch>.deb— identical asset name.deb_package, so it defaults to""→${DEB_PACKAGE:+…}expands to nothing →cargo debruns exactly as before (no-p, root package).No behavior change for any current caller.
What it unblocks
Cargo-workspace consumers whose CLI lives in a member crate. e.g.
kunobi-ninja/kobe: binarykobe, built from-p kobe-ctl, producingkobe_<version>_<arch>.deb. It only needsbinary_name: kobe+deb_package: kobe-ctl.Notes
actionlintpasses on the changed step (the few shellcheck infos it reports are pre-existing on unrelated steps, not introduced here).v12) should be cut after kache's release path is re-verified green against this branch, so workspace consumers can pin to it.