Skip to content

feat(_release-rust): product-generic .deb path (binary_name + optional -p)#109

Merged
emmanuelm41 merged 2 commits into
mainfrom
feat/release-rust-generic-deb
Jun 28, 2026
Merged

feat(_release-rust): product-generic .deb path (binary_name + optional -p)#109
emmanuelm41 merged 2 commits into
mainfrom
feat/release-rust-generic-deb

Conversation

@emmanuelm41

Copy link
Copy Markdown
Member

What

Makes the Debian .deb build step in the reusable workflow .github/workflows/_release-rust.yml product-generic, instead of hardcoding kache.

Two changes to the Build Debian package step:

  1. Deb filename derives from inputs.binary_name${BINARY_NAME}_${VERSION}_${ARCH}.deb instead of the literal kache_…. BINARY_NAME: ${{ inputs.binary_name }} is added to the step env:.
  2. New optional input deb_package (string, default ""). When set, -p "$DEB_PACKAGE" is passed to cargo deb via ${DEB_PACKAGE:+-p "$DEB_PACKAGE"}; when empty, the command runs exactly as today (no -p).
-          DEB="kache_${VERSION}_${ARCH}.deb"
-          cargo deb --no-build --target "$TARGET" --output "$DEB"
+          DEB="${BINARY_NAME}_${VERSION}_${ARCH}.deb"
+          cargo deb --no-build ${DEB_PACKAGE:+-p "$DEB_PACKAGE"} --target "$TARGET" --output "$DEB"

The signing / notarize / bare-exe / build steps are untouched.

Backward compatibility (kache)

100% backward-compatible for the existing consumer kunobi-ninja/kache:

  • kache's binary_name is kache, so ${BINARY_NAME}_…kache_<version>_<arch>.debidentical asset name.
  • kache does not set deb_package, so it defaults to ""${DEB_PACKAGE:+…} expands to nothing → cargo deb runs exactly as before (no -p, root package).

No behavior change for any current caller.

What it unblocks

Cargo-workspace consumers whose CLI lives in a member crate. e.g. kunobi-ninja/kobe: binary kobe, built from -p kobe-ctl, producing kobe_<version>_<arch>.deb. It only needs binary_name: kobe + deb_package: kobe-ctl.

Notes

  • actionlint passes on the changed step (the few shellcheck infos it reports are pre-existing on unrelated steps, not introduced here).
  • Versioning: a new tag (e.g. v12) should be cut after kache's release path is re-verified green against this branch, so workspace consumers can pin to it.

…tional -p)

Generalize the Debian `.deb` build step in the reusable `_release-rust.yml`
so it is no longer hardcoded to kache, in a fully backward-compatible way.

- Deb filename now derives from the existing `inputs.binary_name`:
  `${BINARY_NAME}_${VERSION}_${ARCH}.deb` instead of the hardcoded
  `kache_…`. kache's binary_name is `kache`, so its asset name is
  unchanged.
- New optional input `deb_package` (string, default ""). When non-empty,
  `-p "$DEB_PACKAGE"` is passed to `cargo deb` (via `${DEB_PACKAGE:+…}`);
  when empty, the command runs exactly as before (no `-p`, root package).

This unblocks Cargo-workspace consumers whose CLI lives in a member crate
(e.g. kunobi-ninja/kobe → binary `kobe` built from `-p kobe-ctl`,
producing `kobe_<version>_<arch>.deb`), while leaving the existing
single-root-package consumer (kunobi-ninja/kache) behavior identical.

Signing/notarize/exe/build steps are untouched.
binary_name becomes optional (default: kache) and the deb step falls back to
kache when unset/empty, so omitting all the new inputs reproduces the original
hardcoded kache behavior exactly. Lets the next tag (v11) be cut with zero risk
to existing consumers.
@emmanuelm41 emmanuelm41 marked this pull request as ready for review June 28, 2026 15:50
@emmanuelm41 emmanuelm41 merged commit 928fc5b into main Jun 28, 2026
1 check passed
@emmanuelm41 emmanuelm41 deleted the feat/release-rust-generic-deb branch June 28, 2026 15:50
jleni pushed a commit to kunobi-ninja/kobe that referenced this pull request Jul 2, 2026
….io/nix) (#206)

Split the `kobe` CLI into a thin `kobectl` workspace member (installed binary
stays `kobe`) and add a signed multi-target release plus OS package
distribution, mirroring sibling kache and reusing the shared Kunobi signing
infra.

Workspace
- Move src/cli -> crates/kobectl (fully self-contained; no operator coupling).
  Root stays the kobe-operator package + [workspace]; version moves off 0.0.0
  to [workspace.package].version, in lockstep with Chart.yaml appVersion.
- kobectl: slim CLI-only deps (no aws-lc-sys/kunobi-ha/kunobi-reload), its own
  build.rs for BUILD_VERSION stamping, cargo-binstall + cargo-deb metadata
  (deb Package name = kobe). Trim TUI-only ratatui/crossterm from the operator.

Release (ci.yml release-cli, _workflows@v11)
- 6 targets incl. windows-msvc; build_deb, upload_windows_exe, enable_signing,
  notarize_macos; build_args "-p kobectl --bin kobe"; deb_package kobectl;
  crt-static; signing secrets + id-token. New version-consistency gate; the
  image publish is gated on it for releases; widened CI path filters; CI runs
  cargo test/clippy --workspace.

Distribution
- package-publish.yml: apt (R2, PGP-KMS) + brew (update-kobe-formula dispatch)
  + winget (gated on vars.ENABLE_WINGET). Gate waits on the release-cli upload.
- publish-crates.yaml: publish kobectl on release (OIDC trusted publishing).
- apt scripts + setup-pgp-kms-signing action + apt_config; flake.nix
  (nix run github:kunobi-ninja/kobe); install docs for every channel.
- just bump/release + check-version-consistency.sh (gates workspace ==
  Chart appVersion; the chart's own version is intentionally decoupled).
- Bump quinn-proto -> 0.11.15 (RUSTSEC-2026-0185). Add Apache-2.0 LICENSE.

Cross-repo prerequisites (separate PRs): Zondax/_workflows#109 (merged; v11),
kunobi-ninja/kunobi-auth#61, kunobi-ninja/homebrew-kunobi#44,
Zondax/gcp-code-signer#9, plus copying the shared signing secrets into the repo.
Reviewed cross-family (Claude + codex).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant