Skip to content

feat(_release-rust): opt-in Debian .deb build#101

Merged
emmanuelm41 merged 1 commit into
mainfrom
feat/release-deb
Jun 19, 2026
Merged

feat(_release-rust): opt-in Debian .deb build#101
emmanuelm41 merged 1 commit into
mainfrom
feat/release-deb

Conversation

@emmanuelm41

@emmanuelm41 emmanuelm41 commented Jun 19, 2026

Copy link
Copy Markdown
Member

What

Adds an opt-in Debian .deb build to the reusable _release-rust.yml workflow, mirroring the existing enable_signing opt-in pattern.

How

  • New workflow_call input build_deb (boolean, required: false, default false). Default off → 100% backward-compatible, so v10 can keep floating to main.
  • All new steps are gated on inputs.build_deb && contains(matrix.target, 'linux').
  • Installs cargo-deb via taiki-e/install-action@v2 (tool: cargo-deb).
  • Builds with cargo deb --no-build --target ${{ matrix.target }} --output <deb>no recompile; it packages the binary already built/stripped/signed earlier in the job.
  • Per-arch: x86_64-unknown-linux-musl → amd64, aarch64-unknown-linux-musl → arm64.
  • Asset named kache_<version>_<arch>.deb, where <version> = github.ref_name with a leading v stripped (the same ref the release job uploads under).
  • Signed with the same zondax/actions/sign-linux-binary@v1 action and identical secrets as the other Linux assets → produces <deb>.asc.
  • Checksummed (<deb>.sha256) like every other asset.
  • The .deb, .deb.asc, .deb.sha256 are uploaded through the same upload-artifactgh release upload mechanism as the rest.

Consumer requirement

The consuming repo's Cargo.toml must define:

[package.metadata.deb]
depends = ""   # static musl binary → no shared-lib deps; avoids dpkg-shlibdeps failure

No Cargo metadata is added here — that belongs to the consumer repo.

Merge order

Merge this and move v10 BEFORE the kache repo passes build_deb: true.

@emmanuelm41
feat(_release-rust): opt-in Debian .deb build
d46e3d1 
Add an opt-in `build_deb` input (default false) that builds, signs and
checksums a Debian .deb package for Linux musl targets, mirroring the
existing `enable_signing` opt-in pattern.

- gated on `inputs.build_deb && contains(matrix.target, 'linux')`
- installs cargo-deb via taiki-e/install-action@v2
- `cargo deb --no-build` packages the already-built/stripped/signed binary
  (no recompile); arch mapped amd64/arm64 from the musl triple
- asset named kache_<version>_<arch>.deb (version = github.ref_name minus v)
- signed with zondax/actions/sign-linux-binary@v1 (detached .asc) and
  checksummed (.sha256) like the other assets, uploaded via the same path
- consumer Cargo.toml must set [package.metadata.deb] depends = ""

Default off → fully backward-compatible (v10 keeps floating).
@emmanuelm41 emmanuelm41 marked this pull request as ready for review June 19, 2026 11:47
@emmanuelm41 emmanuelm41 merged commit be3717a into main Jun 19, 2026
1 check passed
@emmanuelm41 emmanuelm41 deleted the feat/release-deb branch June 19, 2026 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@emmanuelm41