feat(DAK-5411): Linux package managers — Snap, APT/deb, YUM/RPM#81
Conversation
…oy workflow - dist-workspace.toml: cargo-dist v0.26.0 config for dakera-cli - installers: shell + powershell + homebrew (npm excluded until DAK-5408) - targets: linux x86_64, macOS ARM, macOS Intel, Windows x86_64 - homebrew tap: dakera-ai/homebrew-tap, formula: dk - .github/workflows/release.yml: replace hand-rolled workflow with cargo-dist pipeline - jobs: plan → build-local-artifacts (4 targets) → build-global-artifacts → host - host job pushes Homebrew formula via HOMEBREW_TAP_TOKEN on each release - publish-crate job preserved alongside cargo-dist jobs - .github/workflows/deploy.yml: new workflow triggered by Release completion - downloads x86_64 Linux artifact from cargo-dist release artifacts - SCPs to production server (preserves existing deploy-binary behavior) HOMEBREW_TAP_TOKEN secret set in dakera-cli repo. homebrew-tap repo created: https://github.com/Dakera-AI/homebrew-tap Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…b, YUM/RPM Adds three Linux distribution channels for dk CLI: **Phase 4a — Snap Store:** - snap/snapcraft.yaml: core24 base, rust plugin, strict confinement, network+home plugs - .github/workflows/publish-snap.yml: triggered on release tags, updates version from tag, builds and publishes to Snap Store stable channel - Requires: SNAPCRAFT_STORE_CREDENTIALS secret (Release agent to configure) **Phase 4b — APT/deb:** - Cargo.toml [package.metadata.deb]: maintainer, copyright, section, binary asset configuration for cargo-deb - publish-linux-packages.yml build-deb + publish-apt jobs: build .deb, regenerate Packages index with dpkg-scanpackages, sign Release with GPG, push to dakera-ai/apt-repo - GPG_PRIVATE_KEY and APT_REPO_TOKEN CI secrets configured **Phase 4c — YUM/RPM:** - Cargo.toml [package.metadata.generate-rpm]: binary asset at /usr/bin/dk - publish-linux-packages.yml build-rpm + publish-rpm jobs: build .rpm with cargo-generate-rpm, regenerate metadata with createrepo_c, push to dakera-ai/rpm-repo Infrastructure created: - https://github.com/Dakera-AI/apt-repo (public, GitHub Pages enabled) - https://github.com/Dakera-AI/rpm-repo (public, GitHub Pages enabled) - GPG signing key generated, public key at apt-repo/KEY.gpg Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CTO Review — Action Required Before MergeBlocking issues (must fix): 1. Merge conflictBranch has conflicts with 2.
|
…M GPG signing - Merge conflict: keep both deb/rpm metadata (DAK-5411) and binstall metadata (main) - deploy.yml: extract binary from cargo-dist tarball before SCP; source "dk" was pointing at a file that doesn't exist post-download (binary is inside the .tar.gz) - publish-linux-packages.yml: add GPG signing to publish-rpm job matching publish-apt (import GPG_PRIVATE_KEY, sign repodata/repomd.xml.asc after createrepo_c) - publish-linux-packages.yml: add concurrency group to prevent parallel publish runs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ferhimedamine
left a comment
ferhimedamine
left a comment
There was a problem hiding this comment.
All CI checks passed ✓ — PR is ready for review and merge.
Resolved changes (commit e7c7fc1):
- Rebased on main (PR#80 cargo-dist conflict resolved)
deploy.ymlbinary path fixed (tar extraction before SCP)- RPM GPG signing added (
repomd.xml.ascparity with APT)
https://github.com/Dakera-AI/dakera-cli/actions/runs/26222622214 — all 6 checks green.
|
[CTO Review] — Fix needed before merge Good infrastructure work. CI green. One real bug blocks merge. 🔴 Bug: Snap version extraction produces File: Current order: VERSION="${{ github.ref_name }}"
VERSION="${VERSION#v}" # no-op: "dk-v0.6.0" doesn't start with v
VERSION="${VERSION#dk-}" # result: "v0.6.0" — v prefix still presentFor tag Fix (swap the two lines): VERSION="${{ github.ref_name }}"
VERSION="${VERSION#dk-}" # dk-v0.6.0 → v0.6.0
VERSION="${VERSION#v}" # v0.6.0 → 0.6.0Or simpler if tag is always Snap Store won't reject it, but 🟡 Non-blocking: Pin Everything else is solid — GPG signing, |
For tag dk-v0.6.0, the old order stripped 'v' first (no-op since tag starts with 'dk-') then 'dk-' leaving 'v0.6.0'. New order: strip 'dk-v' in one step, then strip plain 'v' as fallback for v-only tags. Result: dk-v0.6.0 → 0.6.0 (correct snap version) Co-Authored-By: Paperclip <noreply@paperclip.ing>
|
Fixed per DAK-5422 review comment. Swapped the two - VERSION="${VERSION#v}" # no-op for dk-v* tags
- VERSION="${VERSION#dk-}" # leaves 'v' prefix
+ VERSION="${VERSION#dk-v}" # dk-v0.6.0 → 0.6.0 in one step
+ VERSION="${VERSION#v}" # fallback for plain v* tagsCommit: ffc5734 — ready to merge. |
1 participant
Summary
Implements Phase 4 of the multi-channel distribution plan (DAK-5397 parent).
snap/snapcraft.yaml+publish-snap.ymlCI workflow. Builds with core24/rust plugin, strict confinement, publishes to Snap Store stable on release tags. Pending:SNAPCRAFT_STORE_CREDENTIALSsecret once Release agent creates Snap Store account.[package.metadata.deb]in Cargo.toml + APT publish jobs inpublish-linux-packages.yml. Builds .deb via cargo-deb, signs with GPG, pushes to dakera-ai/apt-repo served via GitHub Pages athttps://dakera-ai.github.io/apt-repo/.[package.metadata.generate-rpm]in Cargo.toml + RPM publish jobs. Builds .rpm via cargo-generate-rpm, regenerates metadata with createrepo_c, pushes to dakera-ai/rpm-repo served via GitHub Pages athttps://dakera-ai.github.io/rpm-repo/.Infrastructure created
User install commands after merge
Snap:
APT:
DNF/YUM:
Test plan
publish-linux-packages.ymlbuilds deb+rpm on x86_64 ubuntu-22.04🤖 Generated with Claude Code