ci: upload .deb from releases to APT repository (#10587)

This PR creates the necessary CI infrastructure to copy `.deb` packages from releases to our APT repository. Re-generation of the index is separated out into a dedicated workflow to avoid concurrency issues and so we can re-generate it without making a release. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-27 10:18:54 +00:00 · 2025-10-17 06:39:35 +11:00
parent a27676a903
commit 7e5ec7c2d7
3 changed files with 140 additions and 0 deletions
--- a/.github/workflows/_apt.yml
+++ b/.github/workflows/_apt.yml
@@ -0,0 +1,20 @@
+name: Sync APT repository metadata
+run-name: Triggered by ${{ github.actor }}
+on:
+  workflow_dispatch:
+  workflow_call:
+
+concurrency:
+  group: "create-apt-repository" # Unique group name to force only a single job at a time.
+  cancel-in-progress: false
+
+jobs:
+  create-apt-repository-metadata:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+      - run: scripts/sync-apt.sh
+        env:
+          AZURERM_ARTIFACTS_CONNECTION_STRING: ${{ secrets.AZURERM_ARTIFACTS_CONNECTION_STRING }}
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -180,3 +180,42 @@ jobs:
          component: ${{ matrix.component }}
          projects: ${{ matrix.projects }}
          sentry_token: ${{ secrets.SENTRY_AUTH_TOKEN }}
+
+  upload-deb-packages:
+    runs-on: ubuntu-24.04
+    if: >-
+      ${{
+        startsWith(inputs.release_name || github.event.release.name, 'gateway') ||
+        startsWith(inputs.release_name || github.event.release.name, 'gui-client')
+      }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Download .deb packages from release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          set -xe
+
+          # Download all .deb assets directly to pool
+          gh release download "${{ inputs.release_name || github.event.release.name }}" --pattern "*.deb"
+
+          # List downloaded files for verification
+          ls -lh ./*.deb
+
+      - name: Upload to Azure Blob Storage
+        run: az storage blob upload-batch \
+          --destination apt \
+          --source . \
+          --pattern "*.deb" \
+          --destination-path pool \
+          --overwrite \
+          --no-progress \
+          --connection-string "${{ secrets.AZURERM_ARTIFACTS_CONNECTION_STRING }}"
+
+  regenerate-apt-index:
+    needs: upload-deb-packages
+    uses: ./.github/workflows/_apt.yml
+    secrets: inherit