Skip to content

Add deb packaging pipeline with CI testing#41

Merged
lex57ukr merged 2 commits intomainfrom
38-ship-local-tools-as-distributable-packages
Feb 15, 2026
Merged

Add deb packaging pipeline with CI testing#41
lex57ukr merged 2 commits intomainfrom
38-ship-local-tools-as-distributable-packages

Conversation

@lex57ukr
Copy link
Contributor

@lex57ukr lex57ukr commented Feb 15, 2026

Summary

Introduces the packaging infrastructure needed to ship local tools (starting with validate-action-pins) as distributable .deb and .tar.gz packages. Extracts deb building into a reusable composite action, adds CI gates that exercise the full packaging pipeline on every PR, and provides local testing via make test-package.

Related Issues

Refs #38

Changes

  • Add .github/actions/build-deb composite action wrapping Go/nfpm toolchain setup and package-deb.sh
  • Add packaging scripts: package-release.sh (tarballs), package-deb.sh (debs), generate-checksums.sh, and validate-version.sh
  • Add nfpm.yaml configuration and docs/man/man1/validate-action-pins.1 man page
  • Add scripts/verify-deb-install.sh and tests/deb/ test harness for Docker-based package verification
  • Extend CI workflow with build-deb (per-arch matrix) and test-deb (distro x arch matrix) jobs
  • Refactor publish workflow to use the composite action instead of inline Go/nfpm steps
  • Expand Makefile linting globs, add test-package target, and break up long lines
  • Update documentation for packaging workflow and CI gates

Further Comments

Only the amd64 architecture is testable on standard GitHub-hosted runners. Arm64 testing uses ubuntu-24.04-arm runners, which require org-level runner access. The tests/deb/test-all.sh script provides equivalent local testing across both architectures, skipping cross-arch packages that can't run natively.

@lex57ukr @claude
Add deb packaging composite action and CI testing
b79f70f 
Extract Go/nfpm toolchain setup into a reusable composite action
(.github/actions/build-deb) shared by both CI and publish workflows.
Add build-deb and test-deb CI jobs that exercise the packaging
pipeline on every PR across debian:bookworm and ubuntu:24.04 on
both amd64 and arm64 runners.

Add scripts/verify-deb-install.sh for container-based deb verification,
tests/deb/test-package.sh and tests/deb/test-all.sh for local Docker
testing, and scripts/validate-version.sh for semver input validation.
Update Makefile with test-package target and expanded lint globs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@lex57ukr lex57ukr added enhancement New feature or request security Security-related change labels Feb 15, 2026
@lex57ukr @claude
Document why build-deb uses x86_64 runners for both architectures
e1ef29c 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@lex57ukr lex57ukr merged commit 7fdf718 into main Feb 15, 2026
7 checks passed
@lex57ukr lex57ukr deleted the 38-ship-local-tools-as-distributable-packages branch February 15, 2026 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement New feature or request security Security-related change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lex57ukr