From 7e37776a85f1ff208c00ccd5f6ec547ab0808f44 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Tue, 8 Jul 2025 12:17:44 +0100
Subject: [PATCH 01/28] add write permission

---
 .github/workflows/upload-release-assets.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 6d788129e..96d22a244 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -81,6 +81,8 @@ jobs:
 
       - name: GitHub Upload
         continue-on-error: true
+        permissions:
+          contents: write
         if: ${{ needs.vars.outputs.github_release == 'true' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 5dfb291c8683b3fcfacd9c7f6e881a44fe2efd1c Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Tue, 8 Jul 2025 15:13:36 +0100
Subject: [PATCH 02/28] add write permission

---
 .github/workflows/upload-release-assets.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 96d22a244..a9c610760 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -25,7 +25,7 @@ defaults:
     shell: bash
 
 permissions:
-  contents: read
+  contents: write
 
 jobs:
   vars:
@@ -81,8 +81,6 @@ jobs:
 
       - name: GitHub Upload
         continue-on-error: true
-        permissions:
-          contents: write
         if: ${{ needs.vars.outputs.github_release == 'true' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From af5e65c6cb9cca334fcc19882576738ef9b07416 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Tue, 8 Jul 2025 15:27:45 +0100
Subject: [PATCH 03/28] write to release branch in Azure

---
 .github/workflows/upload-release-assets.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index a9c610760..2fd0fab54 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -101,7 +101,7 @@ jobs:
         with:
           inlineScript: |
             for i in $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"); do
-              dest="nginx-agent/${GITHUB_REF##*/}/${i##*/}"
+              dest="nginx-agent/release-${{ inputs.pkgVersion }}/${i##*/}"
               echo "Uploading ${i} to ${dest}"
               az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \
               --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n ${dest}

From 042801549f528dace87952e56dcf254b5a8079c6 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Thu, 31 Jul 2025 11:49:42 +0100
Subject: [PATCH 04/28] list releases

---
 .github/workflows/upload-release-assets.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 2fd0fab54..8b0e8d267 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -80,12 +80,12 @@ jobs:
           find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"
 
       - name: GitHub Upload
-        continue-on-error: true
         if: ${{ needs.vars.outputs.github_release == 'true' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         # clobber overwrites existing assets of the same name
         run: |
+          gh release list
           gh release upload --clobber v${{ inputs.pkgVersion }} \
             $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}")
 

From 04a7ea6daac5595cf4aabbdf8b5d27e8538ef5c5 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Thu, 31 Jul 2025 12:00:32 +0100
Subject: [PATCH 05/28] add new oses

---
 scripts/packages/package-check.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 917d8ce91..52da7f65d 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -61,18 +61,20 @@ APK=(
   alpine/v3.19/main/x86_64/nginx-agent-$VERSION.apk
 )
 UBUNTU=(
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~focal_arm64.deb
+  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~plucky_arm64.deb
+  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~plucky_amd64.deb
   ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~jammy_amd64.deb
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~noble_arm64.deb
   ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~jammy_arm64.deb
+  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~noble_arm64.deb
   ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~noble_amd64.deb
+  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~focal_arm64.deb
   ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~focal_amd64.deb
 )
 DEBIAN=(
   debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bullseye_arm64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bookworm_amd64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bookworm_arm64.deb
   debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bullseye_amd64.deb
+  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bookworm_arm64.deb
+  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bookworm_amd64.deb
 )
 AMZN=(
   amzn/2023/aarch64/RPMS/nginx-agent-$VERSION.amzn2023.ngx.aarch64.rpm
@@ -85,6 +87,8 @@ SUSE=(
   sles/15/x86_64/RPMS/nginx-agent-$VERSION.sles15.ngx.x86_64.rpm
 )
 CENTOS=(
+  centos/10/aarch64/RPMS/nginx-agent-$VERSION.el10.ngx.aarch64.rpm
+  centos/10/x86_64/RPMS/nginx-agent-$VERSION.el10.ngx.x86_64.rpm
   centos/9/aarch64/RPMS/nginx-agent-$VERSION.el9.ngx.aarch64.rpm
   centos/9/x86_64/RPMS/nginx-agent-$VERSION.el9.ngx.x86_64.rpm
   centos/8/aarch64/RPMS/nginx-agent-$VERSION.el8.ngx.aarch64.rpm

From 6b92aea635d95ab08279e4a323f049cb7ebed07d Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 24 Oct 2025 15:36:59 +0100
Subject: [PATCH 06/28] [skip ci] add freebsd packages to uris if requested
 version is v2.x

---
 scripts/packages/package-check.sh | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 8914cdf44..c567124db 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -34,7 +34,7 @@ if [[ ! -z ${CERT} ]] && [[ ! -z ${KEY} ]]; then
 fi
 
 if [[ -z ${PKG_REPO} ]]; then
-  echo "defaulting to packages.nginx.com"
+  echo "defaulting to packages.nginx.org"
   PKG_REPO="packages.nginx.org"
 fi
 
@@ -44,7 +44,6 @@ if [[ -z $VERSION ]]; then
   echo "no version provided"
   exit 1
 fi
-
 PKG_DIR="${PKG_REPO}/${PKG_NAME}"
 PKG_REPO_URL="https://${PKG_DIR}"
 
@@ -93,6 +92,11 @@ CENTOS=(
   centos/8/x86_64/RPMS/nginx-agent-$VERSION.el8.ngx.x86_64.rpm
 )
 
+FREEBSD=(
+  freebsd/FreeBSD:12:amd64/latest/nginx-agent-$VERSION.pkg
+  freebsd/FreeBSD:13:amd64/latest/nginx-agent-$VERSION.pkg
+)
+
 uris=(
   ${DEBIAN[@]}
   ${UBUNTU[@]}
@@ -102,6 +106,13 @@ uris=(
   ${SUSE[@]}
 )
 
+majorVersion=$(echo ${VERSION} | cut -d. -f1)
+if [[ ${majorVersion} == 2 ]]; then
+  uris+=(${FREEBSD[@]})
+fi
+
+# Functions
+
 ## Check and download if nginx-agent packages are present in the repository
 check_pkgs () {
   for pkg in ${uris[@]}; do
@@ -156,7 +167,12 @@ check_repo() {
   else
     echo -e "${GREEN}Found!${NC}"
   fi
+
+  # Grep index.xml for all supported operating system versions
+
 }
 
+# Main
+
 check_repo
 check_pkgs

From 6aa1c38a86de7d7de54e7ac02dd7db4560264d2b Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 24 Oct 2025 16:24:22 +0100
Subject: [PATCH 07/28] [skip ci] remove comment

---
 scripts/packages/package-check.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index c567124db..131f8f738 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -167,9 +167,6 @@ check_repo() {
   else
     echo -e "${GREEN}Found!${NC}"
   fi
-
-  # Grep index.xml for all supported operating system versions
-
 }
 
 # Main

From 3cff9ff6092e05e2712bccd8a034957d112f6ea9 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 29 Oct 2025 13:45:49 +0000
Subject: [PATCH 08/28] update handling of FreeBSD pakcages for v2 releases

---
 .github/workflows/upload-release-assets.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 67f6410a7..422f519a6 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -65,10 +65,12 @@ jobs:
           echo "${{secrets.PUBTEST_KEY}}" > pubtest.key
           PKG_REPO=${{inputs.pkgRepo}} CERT=pubtest.crt KEY=pubtest.key DL=1 scripts/packages/package-check.sh ${{inputs.pkgVersion}}
           for i in $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"); do
+            echo "Processing deb packages..."
             if [[ "$i" == *.deb ]]; then
               echo "Renaming ${i} to ${i/_/-}"
               mv "${i}" "${i/_/-}"
-            fi 
+            fi
+            echo "Processing apk packages..."
             if [[ "$i" == *.apk ]]; then
               ver=$(echo "$i" | grep -o -e "v[0-9]*\.[0-9]*")
               arch=$(echo "$i" | grep -o -F -e "x86_64" -e "aarch64")
@@ -76,7 +78,15 @@ jobs:
               echo "Renaming ${i} to ${dest}"
               mv "${i}" "${dest}"
             fi
-          done
+            if [[ "$i" == *.pkg ]]; then
+                bsd=$(echo "$i" | "FreeBSD:[0-9]*:[A-z][0-9]*")
+                ver=$(echo "$bsd" | cut -d':' -f2)
+                arch=$(echo "$i" | grep -o -F -e "amd64" -e "arm64")
+                dest="$(dirname "$i")/nginx-agent-${{inputs.pkgVersion}}-FreeBSD.$ver.$arch.pkg"
+                echo "Renaming ${i} to ${dest}"
+                mv "${i}" "${dest}"
+            fi
+            done
           find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"
 
       - name: GitHub Upload

From 543b72a83bfa803907a5f8bf927e23539c8b078c Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 29 Oct 2025 13:50:54 +0000
Subject: [PATCH 09/28] update regex

---
 .github/workflows/upload-release-assets.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 422f519a6..2944feb2c 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -65,12 +65,10 @@ jobs:
           echo "${{secrets.PUBTEST_KEY}}" > pubtest.key
           PKG_REPO=${{inputs.pkgRepo}} CERT=pubtest.crt KEY=pubtest.key DL=1 scripts/packages/package-check.sh ${{inputs.pkgVersion}}
           for i in $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"); do
-            echo "Processing deb packages..."
             if [[ "$i" == *.deb ]]; then
               echo "Renaming ${i} to ${i/_/-}"
               mv "${i}" "${i/_/-}"
             fi
-            echo "Processing apk packages..."
             if [[ "$i" == *.apk ]]; then
               ver=$(echo "$i" | grep -o -e "v[0-9]*\.[0-9]*")
               arch=$(echo "$i" | grep -o -F -e "x86_64" -e "aarch64")
@@ -79,7 +77,7 @@ jobs:
               mv "${i}" "${dest}"
             fi
             if [[ "$i" == *.pkg ]]; then
-                bsd=$(echo "$i" | "FreeBSD:[0-9]*:[A-z][0-9]*")
+                bsd=$(echo "$i" | grep -e "FreeBSD:[0-9]*")
                 ver=$(echo "$bsd" | cut -d':' -f2)
                 arch=$(echo "$i" | grep -o -F -e "amd64" -e "arm64")
                 dest="$(dirname "$i")/nginx-agent-${{inputs.pkgVersion}}-FreeBSD.$ver.$arch.pkg"

From e9c3afa7e2b43357926ed4fcca930aabe12c75d4 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Thu, 30 Oct 2025 14:55:15 +0000
Subject: [PATCH 10/28] recreate tarball for upload to Azure

---
 .github/workflows/upload-release-assets.yml | 21 -----
 scripts/packages/package-check.sh           | 86 ++++++++++++++++++++-
 2 files changed, 83 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 2944feb2c..778de9f5c 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -64,27 +64,6 @@ jobs:
           echo "${{secrets.PUBTEST_CERT}}" > pubtest.crt
           echo "${{secrets.PUBTEST_KEY}}" > pubtest.key
           PKG_REPO=${{inputs.pkgRepo}} CERT=pubtest.crt KEY=pubtest.key DL=1 scripts/packages/package-check.sh ${{inputs.pkgVersion}}
-          for i in $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"); do
-            if [[ "$i" == *.deb ]]; then
-              echo "Renaming ${i} to ${i/_/-}"
-              mv "${i}" "${i/_/-}"
-            fi
-            if [[ "$i" == *.apk ]]; then
-              ver=$(echo "$i" | grep -o -e "v[0-9]*\.[0-9]*")
-              arch=$(echo "$i" | grep -o -F -e "x86_64" -e "aarch64")
-              dest="$(dirname "$i")/nginx-agent-${{inputs.pkgVersion}}-$ver-$arch.apk"
-              echo "Renaming ${i} to ${dest}"
-              mv "${i}" "${dest}"
-            fi
-            if [[ "$i" == *.pkg ]]; then
-                bsd=$(echo "$i" | grep -e "FreeBSD:[0-9]*")
-                ver=$(echo "$bsd" | cut -d':' -f2)
-                arch=$(echo "$i" | grep -o -F -e "amd64" -e "arm64")
-                dest="$(dirname "$i")/nginx-agent-${{inputs.pkgVersion}}-FreeBSD.$ver.$arch.pkg"
-                echo "Renaming ${i} to ${dest}"
-                mv "${i}" "${dest}"
-            fi
-            done
           find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"
 
       - name: GitHub Upload
diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 131f8f738..8fa05cf90 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -114,7 +114,7 @@ fi
 # Functions
 
 ## Check and download if nginx-agent packages are present in the repository
-check_pkgs () {
+check_pkgs() {
   for pkg in ${uris[@]}; do
     echo -n "CHECK: ${PKG_REPO_URL}/${pkg} -> "
     local ret=$(curl -I -s ${CURL_OPTS} "https://${PKG_DIR}/${pkg}" | head -n1 | awk '{ print $2 }')
@@ -127,12 +127,11 @@ check_pkgs () {
     if [[ ${DL} == 1 ]]; then
       dl_pkg "${PKG_REPO_URL}/${pkg}"
     fi
-
   done
 }
 
 ## Download a package
-dl_pkg () {
+dl_pkg() {
     local url=${1}
     echo -n "GET: ${url}... "
     mkdir -p "${PKG_DIR}/$(dirname ${pkg})"
@@ -169,7 +168,88 @@ check_repo() {
   fi
 }
 
+prep_deb() {
+  echo "Preparing deb packages for upload..."
+  mkdir -p "${PKG_DIR}/azure/deb"
+  for i in $(find "${PKG_DIR}" | grep -e "nginx-agent[_-]${VERSION}.*\.deb"); do
+    az_dest="${PKG_DIR}/azure/deb/$(basename "$i")"
+    echo "Copying ${i} to ${az_dest}"
+    cp "${i}" "${az_dest}"
+    echo "Renaming ${i} to ${i/_/-}"
+    mv "${i}" "${i/_/-}"
+  done
+}
+
+prep_apk() {
+  echo "Preparing apk packages..."
+  mkdir -p "${PKG_DIR}/azure/apk"
+  for i in $(find "${PKG_DIR}/alpine" | grep -e "nginx-agent[_-]${VERSION}.apk"); do
+    ver=$(echo "$i" | grep -o -e "v[0-9]*\.[0-9]*")
+    arch=$(echo "$i" | grep -o -F -e "x86_64" -e "aarch64")
+    dest="$(dirname "$i")/nginx-agent-${VERSION}-$ver-$arch.apk"
+    az_dest="${PKG_DIR}/azure/apk/$ver/$arch/nginx-agent-${VERSION}.apk"
+    echo "Copying ${i} to ${az_dest}"
+    mkdir -p "$(dirname "$az_dest")"
+    cp "${i}" "${az_dest}"
+    echo "Renaming ${i} to ${dest}"
+    cp "${i}" "${dest}"
+  done
+}
+
+prep_rpm() {
+  echo "Preparing rpm packages..."
+  mkdir -p "${PKG_DIR}/azure/rpm"
+  for i in $(find "${PKG_DIR}" | grep -e "nginx-agent-${VERSION}.*.rpm"); do
+    az_dest="${PKG_DIR}/azure/rpm/$(basename "$i")"
+    echo "Copying ${i} to ${az_dest}"
+    mkdir -p "$(dirname "$az_dest")"
+    cp "${i}" "${az_dest}"
+  done
+}
+
+prep_txz() {
+  echo "Preparing txz packages..."
+  mkdir -p "${PKG_DIR}/azure/txz"
+  for i in $(find "${PKG_DIR}" | grep -e "nginx-agent[_-]${VERSION}.pkg"); do
+    bsd=$(echo "$i" | grep -e "FreeBSD:[0-9]*")
+    ver=$(echo "$bsd" | cut -d':' -f2)
+    arch=$(echo "$i" | grep -o -F -e "amd64" -e "arm64")
+    dest="$(dirname "$i")/nginx-agent-${VERSION}-FreeBSD.$ver.$arch.pkg"
+    az_dest="${PKG_DIR}/azure/txz/FreeBSD:$ver:$arch/nginx-agent-${VERSION}.pkg"
+    echo "Copying ${i} to ${az_dest/latest\//}"
+    mkdir -p "$(dirname "$az_dest")"
+    cp "${i}" "${az_dest}"
+  done
+}
+
+prepare_packages() {
+  echo "Preparing packages for upload..."
+
+  prep_deb
+  prep_apk
+  prep_rpm
+  if [[ ${majorVersion} == 2 ]]; then
+    prep_txz
+  fi
+
+  echo "Prepared packages:"
+  find "${PKG_DIR}/azure" -type f
+}
+
+create_tarball() {
+  echo -n "Creating tarball of downloaded packages... "
+  tar -czvf "${PKG_DIR}/nginx-agent.tar.gz" ${PKG_DIR}/azure/*
+  if [[ $? != 0 ]]; then
+    echo -e "${RED}Failed to create tarball!${NC}"
+    return
+  fi
+  echo -e "${GREEN}Done${NC}"
+  echo "SAVED: ${PKG_DIR}/nginx-agent/nginx-agent.tar.gz"
+}
+
 # Main
 
 check_repo
 check_pkgs
+prepare_packages
+create_tarball

From 998c74ac5a37addac6abe351abf220563aea8833 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Thu, 30 Oct 2025 14:59:26 +0000
Subject: [PATCH 11/28] upload tarball with other packages to Azure

---
 .github/workflows/upload-release-assets.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 778de9f5c..1cc186ec9 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -87,7 +87,11 @@ jobs:
         uses: azure/CLI@9f7ce6f37c31b777ec6c6b6d1dfe7db79f497956 # v2.2.0
         with:
           inlineScript: |
-            for i in $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"); do
+            echo "Uploading tarball to Azure Storage Account"
+            az storage blob upload --auth-mode=login -f "${{ inputs.pkgRepo }}/nginx-agent/nginx-agent.tar.gz" \
+              -c ${{ secrets.AZURE_CONTAINER_NAME }} \
+              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n ${dest}
+            for i in $(find ${{ inputs.pkgRepo }}/nginx-agent | grep -e "nginx-agent[_-]${{ inputs.pkgVersion }}"); do
               dest="nginx-agent/release-${{ inputs.pkgVersion }}/${i##*/}"
               echo "Uploading ${i} to ${dest}"
               az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \

From 7b406221aabad4bcb4b4141b72c683b7499f79b0 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Thu, 30 Oct 2025 15:09:31 +0000
Subject: [PATCH 12/28] fix upload of tarball

---
 .github/workflows/upload-release-assets.yml | 10 ++++++----
 scripts/packages/package-check.sh           |  5 ++---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 1cc186ec9..90c54faf0 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -63,8 +63,10 @@ jobs:
           echo "Checking Packages in ${{inputs.pkgRepo}}/nginx-agent"
           echo "${{secrets.PUBTEST_CERT}}" > pubtest.crt
           echo "${{secrets.PUBTEST_KEY}}" > pubtest.key
-          PKG_REPO=${{inputs.pkgRepo}} CERT=pubtest.crt KEY=pubtest.key DL=1 scripts/packages/package-check.sh ${{inputs.pkgVersion}}
-          find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"
+          
+          DL=1 PKG_REPO=${{inputs.pkgRepo}} \
+          CERT=pubtest.crt KEY=pubtest.key \
+            scripts/packages/package-check.sh ${{inputs.pkgVersion}}
 
       - name: GitHub Upload
         if: ${{ needs.vars.outputs.github_release == 'true' }}
@@ -87,10 +89,10 @@ jobs:
         uses: azure/CLI@9f7ce6f37c31b777ec6c6b6d1dfe7db79f497956 # v2.2.0
         with:
           inlineScript: |
-            echo "Uploading tarball to Azure Storage Account"
+            echo "Uploading tarball to Azure..."
             az storage blob upload --auth-mode=login -f "${{ inputs.pkgRepo }}/nginx-agent/nginx-agent.tar.gz" \
               -c ${{ secrets.AZURE_CONTAINER_NAME }} \
-              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n ${dest}
+              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz
             for i in $(find ${{ inputs.pkgRepo }}/nginx-agent | grep -e "nginx-agent[_-]${{ inputs.pkgVersion }}"); do
               dest="nginx-agent/release-${{ inputs.pkgVersion }}/${i##*/}"
               echo "Uploading ${i} to ${dest}"
diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 8fa05cf90..b8d108e30 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -237,14 +237,13 @@ prepare_packages() {
 }
 
 create_tarball() {
-  echo -n "Creating tarball of downloaded packages... "
+  echo "Creating tarball of downloaded packages... "
   tar -czvf "${PKG_DIR}/nginx-agent.tar.gz" ${PKG_DIR}/azure/*
   if [[ $? != 0 ]]; then
     echo -e "${RED}Failed to create tarball!${NC}"
     return
   fi
-  echo -e "${GREEN}Done${NC}"
-  echo "SAVED: ${PKG_DIR}/nginx-agent/nginx-agent.tar.gz"
+  echo "SAVED: ${PKG_DIR}/nginx-agent.tar.gz"
 }
 
 # Main

From 47cc967698c101cdc4fc853635170a7f304d59a7 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Mon, 3 Nov 2025 10:09:19 +0000
Subject: [PATCH 13/28] [skip ci] Add azure path when uloading tarball

---
 .github/workflows/upload-release-assets.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 90c54faf0..cdb642999 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -89,7 +89,7 @@ jobs:
         uses: azure/CLI@9f7ce6f37c31b777ec6c6b6d1dfe7db79f497956 # v2.2.0
         with:
           inlineScript: |
-            echo "Uploading tarball to Azure..."
+            echo "Uploading tarball to Azure... nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz"
             az storage blob upload --auth-mode=login -f "${{ inputs.pkgRepo }}/nginx-agent/nginx-agent.tar.gz" \
               -c ${{ secrets.AZURE_CONTAINER_NAME }} \
               --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz

From b559348cee317c5227d2a02f56f4439a68192910 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 5 Nov 2025 13:41:56 +0000
Subject: [PATCH 14/28] [skip ci] fix tarball structure

---
 scripts/packages/package-check.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index b8d108e30..17dd493fe 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -238,7 +238,7 @@ prepare_packages() {
 
 create_tarball() {
   echo "Creating tarball of downloaded packages... "
-  tar -czvf "${PKG_DIR}/nginx-agent.tar.gz" ${PKG_DIR}/azure/*
+  tar -czvf "${PKG_DIR}/nginx-agent.tar.gz" -C ${PKG_DIR}/azure .
   if [[ $? != 0 ]]; then
     echo -e "${RED}Failed to create tarball!${NC}"
     return

From 02dd18431dce982bfbc35706d010d63fc5312dc4 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Tue, 18 Nov 2025 16:19:31 +0000
Subject: [PATCH 15/28] [skip ci] Tidy up paths in log, try simplify the
 configuration

---
 .github/workflows/assertion.yml             |   6 +-
 .github/workflows/upload-release-assets.yml |   6 +-
 scripts/packages/package-check.sh           | 157 ++++++++++++--------
 3 files changed, 101 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/assertion.yml b/.github/workflows/assertion.yml
index 18ab48234..b9f12b60d 100644
--- a/.github/workflows/assertion.yml
+++ b/.github/workflows/assertion.yml
@@ -19,7 +19,7 @@ jobs:
       id-token: write
       contents: read
     env:
-      GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-local-approved-dependency"
+      GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_URL_PROD }}"
     outputs:
       agent_binary: ${{ steps.check_binary.outputs.agent_binary }}
       goversionm: ${{ steps.godeps.outputs.goversionm }}
@@ -65,7 +65,7 @@ jobs:
 
       - name: Generate Assertion Document
         id: assertiondoc
-        uses: nginxinc/compliance-rules/.github/actions/assertion@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0
+        uses: nginxinc/compliance-rules/.github/actions/assertion@0aab935582c35a00e2c671d8fe25b7fdd72a927b # v0.3.1
         with:
           artifact-name: nginx-agent_${{ env.branch_name }}_${{ matrix.osarch }}
           artifact-digest: ${{ env.agent-digest }}
@@ -84,6 +84,6 @@ jobs:
 
       - name: Sign and Store Assertion Document
         id: sign
-        uses: nginxinc/compliance-rules/.github/actions/sign@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0
+        uses: nginxinc/compliance-rules/.github/actions/sign@0aab935582c35a00e2c671d8fe25b7fdd72a927b # v0.3.1
         with:
           assertion-doc: ${{ steps.assertiondoc.outputs.assertion-document-path }}
diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index cdb642999..8024d5462 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -76,7 +76,7 @@ jobs:
         run: |
           gh release list
           gh release upload --clobber v${{ inputs.pkgVersion }} \
-            $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}")
+            $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}" | grep -v "azure")
 
       - name: Azure Login
         if: ${{ inputs.uploadAzure == true }}
@@ -89,10 +89,12 @@ jobs:
         uses: azure/CLI@9f7ce6f37c31b777ec6c6b6d1dfe7db79f497956 # v2.2.0
         with:
           inlineScript: |
-            echo "Uploading tarball to Azure... nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz"
+            echo "Uploading tarball... nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz"
             az storage blob upload --auth-mode=login -f "${{ inputs.pkgRepo }}/nginx-agent/nginx-agent.tar.gz" \
               -c ${{ secrets.AZURE_CONTAINER_NAME }} \
               --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz
+            
+            echo "Uploading packages..."
             for i in $(find ${{ inputs.pkgRepo }}/nginx-agent | grep -e "nginx-agent[_-]${{ inputs.pkgVersion }}"); do
               dest="nginx-agent/release-${{ inputs.pkgVersion }}/${i##*/}"
               echo "Uploading ${i} to ${dest}"
diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 17dd493fe..810916467 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -1,24 +1,33 @@
 #!/bin/bash
+#
+#   package_check.sh
+#
+#   Check for the presence of nginx-agent packages in a given package repository,
+#   and download them if required. Defaults to packages.nginx.org if no repository is specified.
+#
+#   If DL=1 and files are downloaded, it also prepares the packages for upload to Azure and GitHub Releases by
+#   modifying paths to match the expected format for each platform.
+#
 #   Usage:
 #
 #        Check package v3.0.0 availability for all platforms, no auth required:
 #            > ./package_check.sh 3.0.0
 #
 #        Check pkgs and download if present, with authentication:
-#            > CERT=<cert-path> KEY=<key-path> DL=1 ./package_check.sh 3.0.0
+#            > DL=1 CERT=<cert-path> KEY=<key-path> ./package_check.sh 3.5.0
 #
 #        Required parameters:
 #
-#            version: the version of agent you wish to search for i.e 3.0.0
+#            version: the version of agent you wish to search for i.e 3.5.0
 #
-#        Optional parameters:
+#        Optional env variables:
 #
 #            PKG_REPO: The root url for the repository you wish to check, defaults to packages.nginx.org
 #            CERT: Path to your cert file
 #            KEY: Path to your key file
 #            DL: Switch to download the package if it is present, set to 1 if download required, defaults to 0
 #
-#   Packages are downloaded to the local directory with the path of its corresponding repo url + uri i.e
+#   Packages are downloaded to the local directory with the path of its corresponding repo url + uri, i.e
 #
 #            packages.nginx.org/nginx-agent/debian/pool/agent/n/nginx-agent/nginx-agent_3.0.0~bullseye_arm64.deb
 #
@@ -46,57 +55,58 @@ if [[ -z $VERSION ]]; then
 fi
 PKG_DIR="${PKG_REPO}/${PKG_NAME}"
 PKG_REPO_URL="https://${PKG_DIR}"
+DL=${DL:-0}
 
-APK=(
-  alpine/v3.22/main/aarch64/nginx-agent-$VERSION.apk
-  alpine/v3.22/main/x86_64/nginx-agent-$VERSION.apk
-  alpine/v3.21/main/aarch64/nginx-agent-$VERSION.apk
-  alpine/v3.21/main/x86_64/nginx-agent-$VERSION.apk
-  alpine/v3.20/main/aarch64/nginx-agent-$VERSION.apk
-  alpine/v3.20/main/x86_64/nginx-agent-$VERSION.apk
-  alpine/v3.19/main/aarch64/nginx-agent-$VERSION.apk
-  alpine/v3.19/main/x86_64/nginx-agent-$VERSION.apk
-)
-UBUNTU=(
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~jammy_amd64.deb
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~noble_arm64.deb
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~plucky_arm64.deb
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~jammy_arm64.deb
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~noble_amd64.deb
-  ubuntu/pool/agent/n/nginx-agent/nginx-agent_$VERSION~plucky_amd64.deb
-)
-DEBIAN=(
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bullseye_arm64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bookworm_amd64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~trixie_arm64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bookworm_arm64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~bullseye_amd64.deb
-  debian/pool/agent/n/nginx-agent/nginx-agent_$VERSION~trixie_amd64.deb
-)
-AMZN=(
-  amzn/2023/aarch64/RPMS/nginx-agent-$VERSION.amzn2023.ngx.aarch64.rpm
-  amzn/2023/x86_64/RPMS/nginx-agent-$VERSION.amzn2023.ngx.x86_64.rpm
+majorVersion=$(echo ${VERSION} | cut -d. -f1)
+
+# Define package URIs to check for each platform
+
+APK=()
+ALPINE_VERSIONS=("3.22" "3.21" "3.20" "3.19")
+ALPINE_ARCH=("x86_64" "aarch64")
+for alpine_version in "${ALPINE_VERSIONS[@]}"; do
+    for arch in ${ALPINE_ARCH[@]}; do
+      APK+=("alpine/v${alpine_version}/main/${arch}/nginx-agent-${VERSION}.apk")
+    done
+done
+
+UBUNTU=()
+UBUNTU_VERSIONS=("jammy" "noble" "plucky")
+DEB_ARCH=("amd64" "arm64")
+for ubuntu_version in "${UBUNTU_VERSIONS[@]}"; do
+    for arch in ${DEB_ARCH[@]}; do
+      UBUNTU+=("ubuntu/pool/agent/n/nginx-agent/nginx-agent_${VERSION}~${ubuntu_version}_${arch}.deb")
+    done
+done
+
+DEBIAN=()
+DEBIAN_VERSIONS=("bullseye" "bookworm" "trixie")
+for deb_version in "${DEBIAN_VERSIONS[@]}"; do
+    for arch in ${DEB_ARCH[@]}; do
+      DEBIAN+=("debian/pool/agent/n/nginx-agent/nginx-agent_${VERSION}~${deb_version}_${arch}.deb")
+    done
+done
+
+CENTOS=()
+CENTOS_VERSIONS=("10" "9" "8")
+RPM_ARCH=("aarch64" "x86_64")
+for centos_version in "${CENTOS_VERSIONS[@]}"; do
+    for arch in ${RPM_ARCH[@]}; do
+      CENTOS+=("centos/${centos_version}/${arch}/RPMS/nginx-agent-${VERSION}.el${centos_version}.ngx.${arch}.rpm")
+    done
+done
+
+AMZN=()
+for arch in ${RPM_ARCH[@]}; do
+    AMZN+=("amzn/2023/${arch}/RPMS/nginx-agent-$VERSION.amzn2023.ngx.${arch}.rpm")
+    AMZN+=("amzn2/2/${arch}/RPMS/nginx-agent-$VERSION.amzn2.ngx.${arch}.rpm")
+done
 
-  amzn2/2/aarch64/RPMS/nginx-agent-$VERSION.amzn2.ngx.aarch64.rpm
-  amzn2/2/x86_64/RPMS/nginx-agent-$VERSION.amzn2.ngx.x86_64.rpm
-)
 SUSE=(
   sles/15/x86_64/RPMS/nginx-agent-$VERSION.sles15.ngx.x86_64.rpm
 )
-CENTOS=(
-  centos/10/aarch64/RPMS/nginx-agent-$VERSION.el10.ngx.aarch64.rpm
-  centos/10/x86_64/RPMS/nginx-agent-$VERSION.el10.ngx.x86_64.rpm
-  centos/9/aarch64/RPMS/nginx-agent-$VERSION.el9.ngx.aarch64.rpm
-  centos/9/x86_64/RPMS/nginx-agent-$VERSION.el9.ngx.x86_64.rpm
-  centos/8/aarch64/RPMS/nginx-agent-$VERSION.el8.ngx.aarch64.rpm
-  centos/8/x86_64/RPMS/nginx-agent-$VERSION.el8.ngx.x86_64.rpm
-)
-
-FREEBSD=(
-  freebsd/FreeBSD:12:amd64/latest/nginx-agent-$VERSION.pkg
-  freebsd/FreeBSD:13:amd64/latest/nginx-agent-$VERSION.pkg
-)
 
+# Aggregate all URIs to fetch
 uris=(
   ${DEBIAN[@]}
   ${UBUNTU[@]}
@@ -106,8 +116,12 @@ uris=(
   ${SUSE[@]}
 )
 
-majorVersion=$(echo ${VERSION} | cut -d. -f1)
 if [[ ${majorVersion} == 2 ]]; then
+  # v2.x supports FreeBSD packages
+  FREEBSD=(
+    freebsd/FreeBSD:12:amd64/latest/nginx-agent-$VERSION.pkg
+    freebsd/FreeBSD:13:amd64/latest/nginx-agent-$VERSION.pkg
+  )
   uris+=(${FREEBSD[@]})
 fi
 
@@ -168,14 +182,17 @@ check_repo() {
   fi
 }
 
+# Prepare packages for upload to Azure
 prep_deb() {
-  echo "Preparing deb packages for upload..."
+  echo "Preparing deb packages..."
   mkdir -p "${PKG_DIR}/azure/deb"
   for i in $(find "${PKG_DIR}" | grep -e "nginx-agent[_-]${VERSION}.*\.deb"); do
     az_dest="${PKG_DIR}/azure/deb/$(basename "$i")"
+    # Azure path
     echo "Copying ${i} to ${az_dest}"
     cp "${i}" "${az_dest}"
-    echo "Renaming ${i} to ${i/_/-}"
+    # GitHub release asset path
+    echo "Moving ${i} to ${i/_/-}"
     mv "${i}" "${i/_/-}"
   done
 }
@@ -188,11 +205,15 @@ prep_apk() {
     arch=$(echo "$i" | grep -o -F -e "x86_64" -e "aarch64")
     dest="$(dirname "$i")/nginx-agent-${VERSION}-$ver-$arch.apk"
     az_dest="${PKG_DIR}/azure/apk/$ver/$arch/nginx-agent-${VERSION}.apk"
-    echo "Copying ${i} to ${az_dest}"
+
+    # Azure path
     mkdir -p "$(dirname "$az_dest")"
+    echo "Copying ${i} to ${az_dest}"
     cp "${i}" "${az_dest}"
-    echo "Renaming ${i} to ${dest}"
-    cp "${i}" "${dest}"
+
+    # GitHub release asset path
+    echo "Moving ${i} to ${dest}"
+    mv "${i}" "${dest}"
   done
 }
 
@@ -201,9 +222,11 @@ prep_rpm() {
   mkdir -p "${PKG_DIR}/azure/rpm"
   for i in $(find "${PKG_DIR}" | grep -e "nginx-agent-${VERSION}.*.rpm"); do
     az_dest="${PKG_DIR}/azure/rpm/$(basename "$i")"
+    # Azure path
     echo "Copying ${i} to ${az_dest}"
     mkdir -p "$(dirname "$az_dest")"
     cp "${i}" "${az_dest}"
+    # No path changes needed for GitHub release
   done
 }
 
@@ -224,7 +247,6 @@ prep_txz() {
 
 prepare_packages() {
   echo "Preparing packages for upload..."
-
   prep_deb
   prep_apk
   prep_rpm
@@ -232,12 +254,17 @@ prepare_packages() {
     prep_txz
   fi
 
-  echo "Prepared packages:"
-  find "${PKG_DIR}/azure" -type f
+  echo
+  echo "Prepared packages for Azure:"
+  find "${PKG_DIR}/azure" -type f | grep "${VERSION}" | sed "s|${PKG_DIR}/azure/||"
+
+  echo
+  echo "Prepared packages for GitHub Release v${VERSION}:"
+  find "${PKG_DIR}" -type f | grep "${VERSION}" | grep -v "/azure/" | awk -F/ '{print $NF}'
 }
 
 create_tarball() {
-  echo "Creating tarball of downloaded packages... "
+  echo "Creating tarball... "
   tar -czvf "${PKG_DIR}/nginx-agent.tar.gz" -C ${PKG_DIR}/azure .
   if [[ $? != 0 ]]; then
     echo -e "${RED}Failed to create tarball!${NC}"
@@ -248,7 +275,11 @@ create_tarball() {
 
 # Main
 
-check_repo
-check_pkgs
-prepare_packages
-create_tarball
+#check_repo
+#check_pkgs
+
+# Prepare packages for upload
+if [[ $DL == 1 ]]; then
+  prepare_packages
+  create_tarball
+fi

From ea3b0e5a709f7dddf3b0537cca6ed139f437c1a5 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Tue, 18 Nov 2025 16:24:05 +0000
Subject: [PATCH 16/28] [skip ci] add missing commands

---
 scripts/packages/package-check.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 810916467..6772deaf3 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -275,8 +275,8 @@ create_tarball() {
 
 # Main
 
-#check_repo
-#check_pkgs
+check_repo
+check_pkgs
 
 # Prepare packages for upload
 if [[ $DL == 1 ]]; then

From 116521a90eb5befd620badda75e0f6bf742de420 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 19 Nov 2025 14:00:09 +0000
Subject: [PATCH 17/28] [skip ci] remove azure upload and cleanup action inputs
 format

---
 .github/workflows/release-branch.yml | 34 ++++++++++++----------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 519827532..b56a6c123 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -3,10 +3,6 @@ name: Release Agent
 on:
   workflow_dispatch:
     inputs:
-      githubRelease:
-        description: 'Setup release in github'
-        type: boolean
-        default: false
       packageVersion:
         description: 'Package version number'
         default: "3.0.0"
@@ -15,26 +11,26 @@ on:
         description: 'Package Build number'
         default: "1"
         type: string
-      uploadAzure:
-        description: 'Publish packages Azure storage'
-        default: true
-        type: boolean
-      publishPackages:
-        description: 'Publish packages to nginx repo'
-        default: true
-        type: boolean
+      releaseBranch:
+        description: 'Release branch to build & publish from'
+        required: true
+        type: string
       tagRelease:
         description: 'Add tag to release branch'
         default: false
         type: boolean
+      githubRelease:
+        description: 'Setup release in github'
+        type: boolean
+        default: false
       createPullRequest:
         description: 'Create pull request back into main'
         default: false
         type: boolean
-      releaseBranch:
-        description: 'Release branch to build & publish from'
-        required: true
-        type: string
+      publishPackages:
+        description: 'Publish packages to nginx repo'
+        default: true
+        type: boolean
       uploadUrl:
         description: 'Location to publish packages to'
         required: false
@@ -60,10 +56,9 @@ jobs:
     name: Set workflow variables
     runs-on: ubuntu-22.04
     outputs:
+      tag_release: ${{steps.vars.outputs.tag_release }}
       github_release: ${{steps.vars.outputs.github_release }}
-      upload_azure: ${{steps.vars.outputs.upload_azure }}
       publish_packages: ${{steps.vars.outputs.publish_packages }}
-      tag_release: ${{steps.vars.outputs.tag_release }}
       create_pull_request: ${{steps.vars.outputs.create_pull_request }}
     steps:
       - name: Checkout Repository
@@ -74,10 +69,9 @@ jobs:
       - name: Set variables
         id: vars
         run: |
+          echo "tag_release=${{ inputs.tagRelease }}" >> $GITHUB_OUTPUT
           echo "github_release=${{ inputs.githubRelease }}" >> $GITHUB_OUTPUT
-          echo "upload_azure=${{ inputs.uploadAzure }}" >> $GITHUB_OUTPUT
           echo "publish_packages=${{ inputs.publishPackages }}" >> $GITHUB_OUTPUT
-          echo "tag_release=${{ inputs.tagRelease }}" >> $GITHUB_OUTPUT
           echo "create_pull_request=${{ inputs.createPullRequest }}" >> $GITHUB_OUTPUT
           cat $GITHUB_OUTPUT
 

From 08f9ef03eda1c9110ef2f1b4756a65b7ebf5cba8 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 19 Nov 2025 14:02:12 +0000
Subject: [PATCH 18/28] [skip ci] fix typo, use secret for artifactory url

---
 .github/workflows/upload-release-assets.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml
index 9d8a06b4c..c421ccdc2 100644
--- a/.github/workflows/upload-release-assets.yml
+++ b/.github/workflows/upload-release-assets.yml
@@ -12,7 +12,7 @@ on:
         type: string
         default: ""
       uploadAzure:
-        description: 'Publish packages Azure storage'
+        description: 'Publish packages to Azure blob storage'
         type: boolean
         default: false
       uploadGithub:

From 36922b316c420a3d5be67976cf4d4bfac387bd9a Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 19 Nov 2025 14:07:04 +0000
Subject: [PATCH 19/28] [skip ci] set upload default to false

---
 .github/workflows/release-branch.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index b56a6c123..8cc315c83 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -29,7 +29,7 @@ on:
         type: boolean
       publishPackages:
         description: 'Publish packages to nginx repo'
-        default: true
+        default: false
         type: boolean
       uploadUrl:
         description: 'Location to publish packages to'
@@ -38,7 +38,7 @@ on:
 
 env:
   NFPM_VERSION: 'v2.35.3'
-  GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-local-approved-dependency"
+  GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_URL_PROD }}"
 
 defaults:
   run:

From f2f059e4d39bc6df39c36e93bfdfad52b4bc8580 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 19 Nov 2025 14:13:28 +0000
Subject: [PATCH 20/28] [skip ci] tidy defaults and descriptions

---
 .github/workflows/release-branch.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 8cc315c83..810bc9fd4 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -5,26 +5,26 @@ on:
     inputs:
       packageVersion:
         description: 'Package version number'
-        default: "3.0.0"
+        default: "3.x.x"
         type: string
       packageBuildNo:
-        description: 'Package Build number'
+        description: 'Package build number'
         default: "1"
         type: string
       releaseBranch:
-        description: 'Release branch to build & publish from'
+        description: 'Release branch to build from'
         required: true
         type: string
       tagRelease:
-        description: 'Add tag to release branch'
+        description: 'Add tag for release'
         default: false
         type: boolean
       githubRelease:
-        description: 'Setup release in github'
+        description: 'Draft release'
         type: boolean
         default: false
       createPullRequest:
-        description: 'Create pull request back into main'
+        description: 'Create pull request into main'
         default: false
         type: boolean
       publishPackages:

From 2108c7c0088604968f3f7c0a349a686647eca9de Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 19 Nov 2025 14:28:35 +0000
Subject: [PATCH 21/28] [skip ci] update descriptions with examples

---
 .github/workflows/release-branch.yml | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 810bc9fd4..d7e471bd6 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -4,27 +4,29 @@ on:
   workflow_dispatch:
     inputs:
       packageVersion:
-        description: 'Package version number'
-        default: "3.x.x"
+        required: true
+        description: 'Package version number (3.x.x)'
+        default: ""
         type: string
       packageBuildNo:
+        required: true
         description: 'Package build number'
         default: "1"
         type: string
       releaseBranch:
-        description: 'Release branch to build from'
+        description: 'Release branch to build from (release-3.x.x)'
         required: true
         type: string
       tagRelease:
-        description: 'Add tag for release'
+        description: 'Add tag for release (v3.x.x)'
         default: false
         type: boolean
       githubRelease:
-        description: 'Draft release'
+        description: 'Draft release (v3.x.x) on GitHub'
         type: boolean
         default: false
       createPullRequest:
-        description: 'Create pull request into main'
+        description: 'Create pull request into main (required if release branch has diverged from main)'
         default: false
         type: boolean
       publishPackages:
@@ -45,7 +47,7 @@ defaults:
     shell: bash
 
 concurrency:
-  group: ${{ github.ref_name }}-v3-release
+  group: ${{ github.ref_name }}-release
   cancel-in-progress: true
 
 permissions:
@@ -204,7 +206,7 @@ jobs:
     needs: [vars,release-draft,tag-release]
     permissions:
       id-token: write
-      contents: write # Needed to update a github release
+      contents: write # Needed to update a release
     steps:
       - name: Checkout Repository
         uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1

From 072384e6d4b84326b89cc775ec391d2949bfe4cb Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Wed, 19 Nov 2025 14:48:06 +0000
Subject: [PATCH 22/28] [skip ci] add warning to not squash commits when
 merging releases

---
 .github/workflows/release-branch.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index d7e471bd6..f7b3547a8 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -306,6 +306,7 @@ jobs:
               head: '${{ inputs.releaseBranch }}',
               base: 'main',
               body: [
-                'This PR is auto-generated by the release workflow.'
+                'This PR was auto-generated by the release workflow.',
+                'NOTE: DO NOT squash commits when merging!!',
               ].join('\n')
             });

From 0b8e7cae917076cab20f91955d84989c6f517335 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 21 Nov 2025 10:09:26 +0000
Subject: [PATCH 23/28] [skip-ci] suppress gpg key output in make target

---
 Makefile.packaging | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Makefile.packaging b/Makefile.packaging
index fb33ff86a..a66b6268e 100644
--- a/Makefile.packaging
+++ b/Makefile.packaging
@@ -35,7 +35,7 @@ $(PACKAGES_DIR):
 	@mkdir -p $(PACKAGES_DIR)/deb && mkdir -p $(PACKAGES_DIR)/rpm && mkdir -p $(PACKAGES_DIR)/apk
 
 .PHONY: package
-package: $(PACKAGES_DIR) #### Create final packages for all supported distros
+package: gpg-key $(PACKAGES_DIR) #### Create final packages for all supported distros
 
 # Build binaries for all supported architectures
 	@for arch in $(DEB_ARCHS); do \
@@ -145,7 +145,12 @@ package: $(PACKAGES_DIR) #### Create final packages for all supported distros
 
 .PHONY: gpg-key
 gpg-key: ## Generate GPG public key
-	$$(gpg --import $(NFPM_SIGNING_KEY_FILE)); \
+	@if [ -z "$(NFPM_SIGNING_KEY_FILE)" ]; then \
+		echo "NFPM_SIGNING_KEY_FILE is not set. Exiting..."; \
+		exit 1; \
+	fi
+	@echo "Generating GPG public key for package signing...";
+	@$$(gpg --import $(NFPM_SIGNING_KEY_FILE)); \
 	keyid=$$(gpg --list-keys NGINX | egrep -A1 "^pub" | egrep -v "^pub" | tr -d '[:space:]'); \
 	if [ -z "$$keyid" ]; then echo "Error: GPG key not found."; exit 1; fi; \
 	# Check if the key is expired \

From 3b1cf5c5c83818e73ac242fcf8019bbb2fe8af09 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 21 Nov 2025 11:09:46 +0000
Subject: [PATCH 24/28] Remove job, deps already installed in previous step

---
 .github/workflows/release-branch.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
index 388529619..7ce6144d9 100644
--- a/.github/workflows/release-branch.yml
+++ b/.github/workflows/release-branch.yml
@@ -189,6 +189,7 @@ jobs:
           ref: ${{ inputs.releaseBranch }}
 
       - name: Tag release
+        if: ${{ needs.vars.outputs.tag_release == 'true' }}
         run: |
           git config --global user.name 'github-actions'
           git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
@@ -242,12 +243,6 @@ jobs:
           echo "$GPG_KEY" | base64 --decode > ${NFPM_SIGNING_KEY_FILE}
           make package
 
-      - name: Install GPG tools
-        if: ${{ inputs.publishPackages == true }}
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y gpgv1 monkeysphere
-
       - name: Get Id Token
         if: ${{ inputs.publishPackages == true }}
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0

From c92118d6cfd54bd44a9f363501188830da264ecb Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 21 Nov 2025 12:33:15 +0000
Subject: [PATCH 25/28] fix deb package formact for github assets

---
 scripts/packages/package-check.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 6772deaf3..945a561a7 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -186,14 +186,17 @@ check_repo() {
 prep_deb() {
   echo "Preparing deb packages..."
   mkdir -p "${PKG_DIR}/azure/deb"
-  for i in $(find "${PKG_DIR}" | grep -e "nginx-agent[_-]${VERSION}.*\.deb"); do
+  for i in $(find "${PKG_DIR}" | grep -e "nginx-agent[_-]${VERSION}.*\.deb" | grep -v "azure"); do
     az_dest="${PKG_DIR}/azure/deb/$(basename "$i")"
     # Azure path
+    # Should be 'nginx-agent_3.5.0~bullseye_arm64.deb'
     echo "Copying ${i} to ${az_dest}"
     cp "${i}" "${az_dest}"
     # GitHub release asset path
-    echo "Moving ${i} to ${i/_/-}"
-    mv "${i}" "${i/_/-}"
+    # Should be 'nginx-agent-3.5.0.bullseye_arm64.deb'
+    gh_dest=$(echo ${i} | sed -E "s/_/-/" | sed -E "s/~/./")
+    echo "Moving ${i} to ${gh_dest}"
+    mv "${i}" "${gh_dest}"
   done
 }
 
@@ -279,7 +282,7 @@ check_repo
 check_pkgs
 
 # Prepare packages for upload
-if [[ $DL == 1 ]]; then
+if [[ ${DL} == 1 ]]; then
   prepare_packages
   create_tarball
 fi

From 5a36dc22e8fe067042168bf5f9549bebfdd4f085 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 21 Nov 2025 12:41:51 +0000
Subject: [PATCH 26/28] [skip ci] sort list when displaying packages

---
 scripts/packages/package-check.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 945a561a7..13b82a45e 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -259,11 +259,11 @@ prepare_packages() {
 
   echo
   echo "Prepared packages for Azure:"
-  find "${PKG_DIR}/azure" -type f | grep "${VERSION}" | sed "s|${PKG_DIR}/azure/||"
+  find "${PKG_DIR}/azure" -type f | grep "${VERSION}" | sed "s|${PKG_DIR}/azure/||" | sort
 
   echo
   echo "Prepared packages for GitHub Release v${VERSION}:"
-  find "${PKG_DIR}" -type f | grep "${VERSION}" | grep -v "/azure/" | awk -F/ '{print $NF}'
+  find "${PKG_DIR}" -type f | grep "${VERSION}" | grep -v "/azure/" | awk -F/ '{print $NF}' | sort
 }
 
 create_tarball() {

From 268c56034352a0a3de4b44cd396b8ff5c10fd1a4 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 21 Nov 2025 13:37:04 +0000
Subject: [PATCH 27/28] fix paths for FreeBSD pkgs when version 2.x

---
 scripts/packages/package-check.sh | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 13b82a45e..95c923adf 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -116,7 +116,7 @@ uris=(
   ${SUSE[@]}
 )
 
-if [[ ${majorVersion} == 2 ]]; then
+if [[ ${majorVersion} == "2" ]]; then
   # v2.x supports FreeBSD packages
   FREEBSD=(
     freebsd/FreeBSD:12:amd64/latest/nginx-agent-$VERSION.pkg
@@ -240,20 +240,28 @@ prep_txz() {
     bsd=$(echo "$i" | grep -e "FreeBSD:[0-9]*")
     ver=$(echo "$bsd" | cut -d':' -f2)
     arch=$(echo "$i" | grep -o -F -e "amd64" -e "arm64")
-    dest="$(dirname "$i")/nginx-agent-${VERSION}-FreeBSD.$ver.$arch.pkg"
+
+    # Azure path
+    # Should be 'FreeBSD:12:amd64/nginx-agent-2.44.0.pkg'
     az_dest="${PKG_DIR}/azure/txz/FreeBSD:$ver:$arch/nginx-agent-${VERSION}.pkg"
-    echo "Copying ${i} to ${az_dest/latest\//}"
+    echo "Copying ${i} to ${az_dest}"
     mkdir -p "$(dirname "$az_dest")"
     cp "${i}" "${az_dest}"
+
+    # GitHub release asset path
+    # Should be 'nginx-agent-2.44.0-FreeBSD.12.amd64.pkg'
+    dest="$(dirname "$i")/nginx-agent-${VERSION}-FreeBSD.$ver.$arch.pkg"
+    echo "Moving ${i} to ${dest}"
+    cp "${i}" "${dest}"
   done
 }
 
 prepare_packages() {
   echo "Preparing packages for upload..."
-  prep_deb
-  prep_apk
-  prep_rpm
-  if [[ ${majorVersion} == 2 ]]; then
+#  prep_deb
+#  prep_apk
+#  prep_rpm
+  if [[ ${majorVersion} == "2" ]]; then
     prep_txz
   fi
 
@@ -278,8 +286,8 @@ create_tarball() {
 
 # Main
 
-check_repo
-check_pkgs
+#check_repo
+#check_pkgs
 
 # Prepare packages for upload
 if [[ ${DL} == 1 ]]; then

From 4c6b840836c083457c33327cf0875a8d151f9a07 Mon Sep 17 00:00:00 2001
From: Sean Breen <s.breen@f5.com>
Date: Fri, 21 Nov 2025 13:37:39 +0000
Subject: [PATCH 28/28] re-enable workflow

---
 scripts/packages/package-check.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/packages/package-check.sh b/scripts/packages/package-check.sh
index 95c923adf..5cb4ba2d4 100755
--- a/scripts/packages/package-check.sh
+++ b/scripts/packages/package-check.sh
@@ -258,9 +258,9 @@ prep_txz() {
 
 prepare_packages() {
   echo "Preparing packages for upload..."
-#  prep_deb
-#  prep_apk
-#  prep_rpm
+  prep_deb
+  prep_apk
+  prep_rpm
   if [[ ${majorVersion} == "2" ]]; then
     prep_txz
   fi
@@ -286,8 +286,8 @@ create_tarball() {
 
 # Main
 
-#check_repo
-#check_pkgs
+check_repo
+check_pkgs
 
 # Prepare packages for upload
 if [[ ${DL} == 1 ]]; then